TECHZONE™

Operation RoundPress https://www.welivesecurity.com/en/eset-research/operation-roundpress/ ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities

Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks https://thehackernews.com/2025/05/fileless-remcos-rat-delivered-via-lnk.html Cybersecurity researchers have shed light on a new malware campaign that makes use of a PowerShell-based shellcode loader to deploy a remote access trojan called Remcos RAT. "Threat actors delivered malicious LNK files embedded within ZIP archives, often disguised as Office documents," Qualys security researcher Akshay Thorve said in a technical report. "The attack chain leverages mshta.exe for

[Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications https://thehackernews.com/2025/05/from-code-to-cloud-to-soc-learn-smarter.html Modern apps move fast—faster than most security teams can keep up. As businesses rush to build in the cloud, security often lags behind. Teams scan code in isolation, react late to cloud threats, and monitor SOC alerts only after damage is done. Attackers don’t wait. They exploit vulnerabilities within hours. Yet most organizations take days to respond to critical cloud alerts. That delay isn’t

Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit https://thehackernews.com/2025/05/meta-to-train-ai-on-eu-user-data-from.html Austrian privacy non-profit noyb (none of your business) has sent Meta's Irish headquarters a cease-and-desist letter, threatening the company with a class action lawsuit if it proceeds with its plans to train users' data for training its artificial intelligence (AI) models without an explicit opt-in. The move comes weeks after the social media behemoth announced its plans to train its AI models

Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails https://thehackernews.com/2025/05/coinbase-agents-bribed-data-of-1-users.html Cryptocurrency exchange Coinbase has disclosed that unknown cyber actors broke into its systems and stole account data for a small subset of its customers. "Criminals targeted our customer support agents overseas," the company said in a statement. "They used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1% of Coinbase monthly

Pen Testing for Compliance Only? It's Time to Change Your Approach https://thehackernews.com/2025/05/pen-testing-for-compliance-only-its.html Imagine this: Your organization completed its annual penetration test in January, earning high marks for security compliance. In February, your development team deployed a routine software update. By April, attackers had already exploited a vulnerability introduced in that February update, gaining access to customer data weeks before being finally detected. This situation isn't theoretical: it

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy https://thehackernews.com/2025/05/new-chrome-vulnerability-enables-cross.html Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 (CVSS score: 4.3), has been characterized as a case of insufficient policy enforcement in a component called Loader. "Insufficient policy enforcement in Loader in Google

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit https://thehackernews.com/2025/05/samsung-patches-cve-2025-4632-used-to.html Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8), has been described as a path traversal flaw. "Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to

BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan https://thehackernews.com/2025/05/bianlian-and-ransomexx-exploit-sap.html At least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver, indicating that multiple threat actors are taking advantage of the bug. Cybersecurity firm ReliaQuest, in a new update published today, said it uncovered evidence suggesting involvement from the BianLian data extortion crew and the RansomExx ransomware

Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering https://thehackernews.com/2025/05/xinbi-telegram-market-tied-to-84b-in.html A Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it the second major black market to be exposed after HuiOne Guarantee. According to a report published by blockchain analytics firm Elliptic, merchants on the marketplace have been found to peddle technology, personal data, and money laundering

CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users https://thehackernews.com/2025/05/ctm360-identifies-surge-in-phishing.html A new global phishing threat called "Meta Mirage" has been uncovered, targeting businesses using Meta's Business Suite. This campaign specifically aims at hijacking high-value accounts, including those managing advertising and official brand pages. Cybersecurity researchers at CTM360 revealed that attackers behind Meta Mirage impersonate official Meta communications, tricking users into handing

Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns https://thehackernews.com/2025/05/earth-ammit-breached-drone-supply.html A cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors. Cybersecurity firm Trend Micro said the first wave, codenamed VENOM, mainly targeted software service providers, while

Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team https://thehackernews.com/2025/05/learning-how-to-hack-why-offensive.html Organizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and cloud-based enterprises. Verizon’s recently released 2025 Data Breach Investigations Report found an 18% YoY increase in confirmed breaches, with the exploitation of vulnerabilities as an initial access step growing by 34%.  As attacks rise

Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails https://thehackernews.com/2025/05/horabot-malware-targets-6-latin.html Cybersecurity researchers have discovered a new phishing campaign that's being used to distribute malware called Horabot targeting Windows users in Latin American countries like Mexico, Guatemala, Colombia, Peru, Chile, and Argentina. The campaign is "using crafted emails that impersonate invoices or financial documents to trick victims into opening malicious attachments and can steal email

Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server https://thehackernews.com/2025/05/microsoft-fixes-78-flaws-5-zero-days.html Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild. Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rated Low in severity. Twenty-eight of these vulnerabilities lead to remote code execution, 21 of them

Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems https://thehackernews.com/2025/05/fortinet-patches-cve-2025-32756-zero.html Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0. "A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to

Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks https://thehackernews.com/2025/05/ivanti-patches-epmm-vulnerabilities.html Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote code execution. The vulnerabilities in question are listed below - CVE-2025-4427 (CVSS score: 5.3) - An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials

How can we counter online disinformation? | Unlocked 403 cybersecurity podcast (S2E2) https://www.welivesecurity.com/en/videos/online-disinformation-unlocked-403-cybersecurity-podcast-s2e2/ Ever wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world.

China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide https://thehackernews.com/2025/05/china-linked-apts-exploit-sap-cve-2025.html A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. "Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE)," EclecticIQ researcher Arda Büyükkaya said in an analysis published today. Targets of the campaign

Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads https://thehackernews.com/2025/05/malicious-pypi-package-posing-as-solana.html Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times. It was first