Security News
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
A vulnerability in XZ Utils, the XZ format compression utilities included in most Linux distributions, may "Enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely," Red Hat warns. The cause of the vulnerability is actually malicious code present in versions 5.6.0 and 5.6.1 of the xz libraries, which was accidentally found by Andres Freund, a PostgreSQL developer and software engineer at Microsoft.
Today, Red Hat warned users to immediately stop using systems running Fedora development versions because of a backdoor found in the latest XZ Utils data compression tools and libraries. "No versions of Red Hat Enterprise Linux are affected. We have reports and evidence of the injections successfully building in xz 5.6.x versions built for Debian unstable."
A previously undocumented threat actor dubbed SPIKEDWINE has been observed targeting officials in European countries with Indian diplomatic missions using a new backdoor called WINELOADER. The...
At least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim's machine, giving attackers a persistent backdoor. JFrog's security team found that roughly a hundred models hosted on the platform feature malicious functionality, posing a significant risk of data breaches and espionage attacks.
Seemingly most critically, the [Russian] government told the ECHR that any intrusion on private lives resulting from decrypting messages was "Necessary" to combat terrorism in a democratic society. To back up this claim, the government pointed to a 2017 terrorist attack that was "Coordinated from abroad through secret chats via Telegram." The government claimed that a second terrorist attack that year was prevented after the government discovered it was being coordinated through Telegram chats.
The Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new backdoor called BASICSTAR by creating a fake webinar...
Several companies operating in the cryptocurrency sector are the target of a newly discovered Apple macOS backdoor codenamed RustDoor. RustDoor was first documented by Bitdefender last week,...
The Russia-linked threat actor known as Turla has been observed using a new backdoor called TinyTurla-NG as part of a three-month-long campaign targeting Polish non-governmental organizations in...
Security researchers have identified and analyzed new malware they call TinyTurla-NG and TurlaPower-NG used by the Russian hacker group Turla to maintain access to a target's network and to steal sensitive data. According to the researchers, TinyTurla-NG is actively targeting multiple NGOs in Poland.