Security News

A team of academic researchers show that a new set of attacks called 'VoltSchemer' can inject voice commands to manipulate a smartphone's voice assistant through the magnetic field emitted by an off-the-shelf wireless charger. To demonstrate the attack, the researchers carried out tests on nine top-selling wireless chargers available worldwide, highlighting gaps in the security of these products.

PSI Software SE, a German software developer for complex production and logistics processes, has confirmed that the cyber incident it disclosed last week is a ransomware attack that impacted its internal infrastructure. The company operates at a global level with a staff of more than 2,000 and specializes in software solutions for major energy suppliers.

A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600...

Hackers backed by Iran and Hezbollah staged cyber attacks designed to undercut public support for the Israel-Hamas war after October 2023. This includes destructive attacks against key Israeli...

Analysis of 7 billion emails shows clean links are duping users, malicious EML attachments increased 10-fold in Q4, and social engineering attacks are at all-time highs, according to VIPRE Security. Often protected by nothing more than human nature and an antivirus, cybercriminals continue to use email to launch their most basic and persistent attacks.

In an advisory today Germany's federal intelligence agency and South Korea's National Intelligence Service warn of an ongoing cyber-espionage operation targeting the global defense sector on behalf of the North Korean government. Today's joint cybersecurity advisory highlights two cases attributed to North Korean actors, one of them the Lazarus group, to provide the tactics, techniques, and procedures used by the attackers.

A serious vulnerability named KeyTrap in the Domain Name System Security Extensions feature could be exploited to deny internet access to applications for an extended period. It allows a remote attacker to cause a long lasting denial-of-service condition in vulnerable resolvers by sending a single DNS packet.

Google is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks. More simply, Google plans to prevent bad websites on the internet from attacking a visitor's devices in your home or on your computer.

A malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon Web Services (AWS) Simple Notification Service (SNS)....

In this Help Net Security video, Andrey Slastenov, Head of Security Department at Gcore, discusses the findings of their latest report that provide insights into the current state of the DDoS protection market and cybersecurity trends. The maximum attack power rose from 800 Gbps to 1.6 Tbps. UDP floods constitute 62% of DDoS attacks.