TECHZONE™
الذهاب إلى القناة على Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
إظهار المزيد595
المشتركون
لا توجد بيانات24 ساعات
-37 أيام
-1230 أيام
أرشيف المشاركات
595
5 Major Concerns With Employees Using The Browser
https://thehackernews.com/2025/04/5-major-concerns-with-employees-using.html
As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints, browsers remain mostly unmonitored, despite being responsible for more than 70% of modern malware attacks.
Keep Aware’s recent State of Browser Security report highlights major concerns security leaders face with employees using the web browser for most of their work.
595
Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals
https://thehackernews.com/2025/04/docker-malware-exploits-teneo-web3-node.html
Cybersecurity researchers have detailed a malware campaign that's targeting Docker environments with a previously undocumented technique to mine cryptocurrency.
The activity cluster, per Darktrace and Cado Security, represents a shift from other cryptojacking campaigns that directly deploy miners like XMRig to illicitly profit off the compute resources.
This involves deploying a malware strain
595
Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach
https://thehackernews.com/2025/04/microsoft-secures-msa-signing-with.html
Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it's also in the process of migrating the Entra ID signing service as well.
The disclosure comes about seven months after the tech giant said it completed updates to Microsoft Entra ID and MS for both public and United States government clouds to
595
Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware
https://thehackernews.com/2025/04/lotus-panda-hacks-se-asian-governments.html
The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025.
"Targets included a government ministry, an air traffic control organization, a telecoms operator, and a construction company," the Symantec Threat Hunter Team said in a new report
595
SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks
https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html
A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts.
The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to
595
Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan
https://thehackernews.com/2025/04/kimsuky-exploits-bluekeep-rdp.html
Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access.
The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC).
"In some systems, initial access was gained through
595
5 Reasons Device Management Isn't Device Trust
https://thehackernews.com/2025/04/5-reasons-device-management-isnt-device.html
The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.
The solution is more complex. For this article, we’ll focus on the device threat vector. The risk they pose is significant, which is why device
595
⚡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More
https://thehackernews.com/2025/04/thn-weekly-recap-ios-zero-days-4chan.html
Can a harmless click really lead to a full-blown cyberattack?
Surprisingly, yes — and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps — like a misconfigured pipeline, a trusted browser feature,
595
Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
https://thehackernews.com/2025/04/hackers-abuse-russian-bulletproof-host.html
Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66.
The activity, detected since January 8, 2025, targeted organizations worldwide, according to a two-part analysis published by Trustwave SpiderLabs last week.
"Net
595
APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures
https://thehackernews.com/2025/04/apt29-deploys-grapeloader-malware.html
The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER.
"While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initial-stage tool
595
Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
https://thehackernews.com/2025/04/rogue-npm-packages-mimic-telegram-bot.html
Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities.
The packages in question are listed below -
node-telegram-utils (132 downloads)
node-telegram-bots-api (82 downloads)
node-telegram-util (73 downloads)
According to supply chain
595
ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
https://thehackernews.com/2025/04/asus-confirms-critical-flaw-in-aicloud.html
ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices.
The vulnerability, tracked as CVE-2025-2492, has a CVSS score of 9.2 out of a maximum of 10.0.
"An improper authentication control vulnerability exists in certain ASUS router firmware series,"
595
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
https://thehackernews.com/2025/04/chinese-smishing-kit-behind-widespread.html
Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024.
"The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by 'Wang Duo Yu,'" Cisco Talos researchers Azim Khodjibaev, Chetan
595
CapCut copycats are on the prowl
https://www.welivesecurity.com/en/scams/capcut-copycats-prowl/
Cybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead
595
Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader
https://thehackernews.com/2025/04/multi-stage-malware-attack-uses-jse-and.html
A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader.
"Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution," Palo Alto Networks Unit 42 researcher Saqib Khanzada said in a technical write-up of the campaign.
The
595
[Webinar] AI Is Already Inside Your SaaS Stack — Learn How to Prevent the Next Silent Breach
https://thehackernews.com/2025/04/webinar-ai-is-already-inside-your-saas.html
Your employees didn’t mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AI-enhanced tool. Integrated a chatbot into Salesforce. No big deal—until it is.
If this sounds familiar, you're not alone. Most security teams are already behind in detecting how AI tools are quietly reshaping their SaaS environments. And
595
Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT
https://thehackernews.com/2025/04/experts-uncover-new-xorddos-controller.html
Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States.
"From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence," Cisco Talos researcher Joey Chen said in a Thursday analysis.
595
CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download
https://thehackernews.com/2025/04/cve-2025-24054-under-active.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.
The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure
595
They’re coming for your data: What are infostealers and how do I stay safe?
https://www.welivesecurity.com/en/malware/theyre-coming-data-infostealers-how-stay-safe/
Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data
595
Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
https://thehackernews.com/2025/04/mustang-panda-targets-myanmar-with.html
The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware.
This includes updated versions of a known backdoor called TONESHELL, as well as a new lateral movement
متاح الآن! بحث تيليغرام 2025 — أهم رؤى العام 
