TECHZONE™
Ir al canal en Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Mostrar más595
Suscriptores
Sin datos24 horas
-27 días
-1130 días
Archivo de publicaciones
595
Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds
https://thehackernews.com/2025/04/majority-of-browser-extensions-can.html
Everybody knows browser extensions are embedded into nearly every user’s daily workflow, from spell checkers to GenAI tools. What most IT and security people don’t know is that browser extensions’ excessive permissions are a growing risk to organizations.
LayerX today announced the release of the Enterprise Browser Extension Security Report 2025, This report is the first and only report to merge
595
Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders
https://thehackernews.com/2025/04/malicious-pypi-package-targets-mexc.html
Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that's designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens.
The package, ccxt-mexc-futures, purports to be an extension built on top of a popular Python library named ccxt (short for CryptoCurrency eXchange Trading),
595
Crypto Developers Targeted by Python Malware Disguised as Coding Challenges
https://thehackernews.com/2025/04/crypto-developers-targeted-by-python.html
The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment.
The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as Slow Pisces, which is also known as Jade Sleet, PUKCHONG,
595
Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability
https://thehackernews.com/2025/04/gladinets-triofox-and-centrestack-under.html
A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date.
Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks
595
Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval
https://thehackernews.com/2025/04/meta-resumes-eu-ai-training-using.html
Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union, nearly a year after it paused its efforts due to data protection concerns from Irish regulators.
"This training will better support millions of people and businesses in Europe, by teaching our generative AI models to better
595
ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading
https://thehackernews.com/2025/04/resolverrat-campaign-targets-healthcare.html
Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors.
"The threat actor leverages fear-based lures delivered via phishing emails, designed to pressure recipients into clicking a malicious link," Morphisec Labs researcher Nadav Lorber said in a report shared with The
595
Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft
https://thehackernews.com/2025/04/phishing-campaigns-use-real-time-checks.html
Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online accounts.
The technique has been codenamed precision-validating phishing by Cofense, which it said employs real-time email validation so that only a select set of high-value targets are served the fake login screens.
"This tactic not
595
⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More
https://thehackernews.com/2025/04/weekly-recap-windows-0-day-vpn-exploits.html
Attackers aren’t waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden.
This week’s events show a hard truth: it’s not enough to react after an attack. You have to assume that any system you trust today could fail tomorrow. In a world
595
Cybersecurity in the AI Era: Evolve Faster Than the Threats or Get Left Behind
https://thehackernews.com/2025/04/cybersecurity-in-ai-era-evolve-faster.html
AI is changing cybersecurity faster than many defenders realize. Attackers are already using AI to automate reconnaissance, generate sophisticated phishing lures, and exploit vulnerabilities before security teams can react. Meanwhile, defenders are overwhelmed by massive amounts of data and alerts, struggling to process information quickly enough to identify real threats. AI offers a way to
595
Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT
https://thehackernews.com/2025/04/pakistan-linked-hackers-expand-targets.html
A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family called CurlBack RAT.
The activity, detected by SEQRITE in December 2024, targeted Indian entities under railway, oil and gas, and external affairs ministries, marking an expansion of the hacking crew's
595
Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit
https://thehackernews.com/2025/04/fortinet-warns-attackers-retain.html
Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched.
The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762.
"A threat actor used a known
595
Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors
https://thehackernews.com/2025/04/paper-werewolf-deploys-powermodul.html
The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul.
The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities, and energy sectors, Kaspersky said in a new report published Thursday.
Paper Werewolf, also known
595
Initial Access Brokers Shift Tactics, Selling More for Less
https://thehackernews.com/2025/04/initial-access-brokers-shift-tactics.html
What are IABs?
Initial Access Brokers (IABs) specialize in gaining unauthorized entry into computer systems and networks, then selling that access to other cybercriminals. This division of labor allows IABs to concentrate on their core expertise: exploiting vulnerabilities through methods like social engineering and brute-force attacks.
By selling access, they significantly mitigate the
595
Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways
https://thehackernews.com/2025/04/palo-alto-networks-warns-of-brute-force.html
Palo Alto Networks has revealed that it's observing brute-force login attempts against PAN-OS GlobalProtect gateways, days after threat actors warned of a surge in suspicious login scanning activity targeting its appliances.
"Our teams are observing evidence of activity consistent with password-related attacks, such as brute-force login attempts, which does not indicate exploitation of a
595
SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps
https://thehackernews.com/2025/04/spynote-badbazaar-moonshine-malware.html
Cybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware called SpyNote.
These bogus websites masquerade as Google Play Store install pages for apps like the Chrome web browser, indicating an attempt to deceive unsuspecting users into installing the malware instead.
"The threat actor utilized a
595
OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation
https://thehackernews.com/2025/04/ottokit-wordpress-plugin-admin-creation.html
A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure.
The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites.
"The
595
Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses
https://thehackernews.com/2025/04/malicious-npm-package-targets-atomic.html
Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries and execute malicious code in what's seen as a sneakier attempt to stage a software supply chain attack.
The newly discovered package, named pdf-to-office, masquerades as a utility for converting PDF files to Microsoft Word documents. But, in
595
The Identities Behind AI Agents: A Deep Dive Into AI & NHI
https://thehackernews.com/2025/04/the-identities-behind-ai-agents-deep.html
AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis highlights how these autonomous software entities can make decisions, chain complex actions together, and operate continuously without human intervention. They're no longer just tools,
595
PlayPraetor Reloaded: CTM360 Uncovers a Play Masquerading Party
https://thehackernews.com/2025/04/playpraetor-reloaded-ctm360-uncovers.html
Overview of the PlayPraetor Masquerading Party Variants
CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown to 16,000+ with multiple variants. This research is ongoing, and much more is expected to be discovered in the coming days.
As before, all the newly discovered play
595
Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html
Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk.
The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for
¡Ya disponible! Investigación de Telegram 2025 — los principales insights del año 
