TECHZONE™

Manufacturing under fire: Strengthening cyber-defenses amid surging threats https://www.welivesecurity.com/en/business-security/manufacturing-fire-strengthening-cyber-defenses-surging-threats/ Manufacturers operate in one of the most unforgiving threat environments and face a unique set of pressures that make attacks particularly damaging

New spyware campaigns target privacy-conscious Android users in the UAE https://www.welivesecurity.com/en/eset-research/new-spyware-campaigns-target-privacy-conscious-android-users-uae/ ESET researchers have discovered campaigns distributing spyware disguised as Android Signal and ToTok apps, targeting users in the United Arab Emirates

Cybersecurity Awareness Month 2025: Knowledge is power https://www.welivesecurity.com/en/videos/cybersecurity-awareness-month-2025-knowledge-power/ We're kicking off the month with a focus on the human element: the first line of defense, but also the path of least resistance for many cybercriminals

This month in security with Tony Anscombe – September 2025 edition https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-september-2025-edition/ The past 30 days have seen no shortage of new threats and incidents that brought into sharp relief the need for well-thought-out cyber-resilience plans

Roblox executors: It’s all fun and games until someone gets hacked https://www.welivesecurity.com/en/kids-online/roblox-executors-fun-games-someone-gets-hacked/ You could be getting more than you bargained for when you download that cheat tool promising quick wins

DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception https://www.welivesecurity.com/en/eset-research/deceptivedevelopment-from-primitive-crypto-theft-to-sophisticated-ai-based-deception/ Malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers

Watch out for SVG files booby-trapped with malware https://www.welivesecurity.com/en/malware/svg-files-spreading-malware/ What you see is not always what you get as cybercriminals increasingly weaponize SVG files as delivery vectors for stealthy malware

Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks https://thehackernews.com/2025/11/cybercriminals-exploit-remote.html Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management (RMM) software for financial gain and ultimately steal cargo freight. The threat cluster, believed to be active since at least June 2025 according to Proofpoint, is said to be collaborating with organized crime groups to break into entities in the

⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More https://thehackernews.com/2025/11/weekly-recap-lazarus-hits-web3-intelamd.html Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems—some just hours after being found. No system was fully safe. From spying and fake job scams to strong ransomware and tricky phishing, the attacks came from all sides. Even encrypted backups and secure areas were put to the test.

The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations https://thehackernews.com/2025/11/the-evolution-of-soc-operations-how.html Security Operations Centers (SOC) today are overwhelmed. Analysts handle thousands of alerts every day, spending much time chasing false positives and adjusting detection rules reactively. SOCs often lack the environmental context and relevant threat intelligence needed to quickly verify which alerts are truly malicious. As a result, analysts spend excessive time manually triaging alerts, the

Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data https://thehackernews.com/2025/11/researchers-uncover-bankbot-ynrk-and.html Cybersecurity researchers have shed light on two different Android trojans called BankBot-YNRK and DeliveryRAT that are capable of harvesting sensitive data from compromised devices. According to CYFIRMA, which analyzed three different samples of BankBot-YNRK, the malware incorporates features to sidestep analysis efforts by first checking its running within a virtualized or emulated environment

New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea https://thehackernews.com/2025/11/new-httptroy-backdoor-poses-as-vpn.html The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea. Gen Digital, which disclosed details of the activity, did not reveal any details on when the incident occurred, but noted that the phishing email contained a ZIP file ("250908_A_HK이노션

ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability https://thehackernews.com/2025/11/asd-warns-of-ongoing-badcandy-attacks.html The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY. The activity, per the intelligence agency, involves the exploitation of CVE-2023-20198 (CVSS score: 10.0), a critical vulnerability that allows a remote, unauthenticated attacker to create an

CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers https://thehackernews.com/2025/10/cisa-and-nsa-issue-urgent-guidance-to.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation. "By restricting administrative access, implementing multi-factor authentication, enforcing strict transport security

Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery https://thehackernews.com/2025/10/eclipse-foundation-revokes-leaked-open.html Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS Code) extensions published in the marketplace. The action comes following a report from cloud security company Wiz earlier this month, which found several extensions from both Microsoft's VS Code Marketplace and Open VSX

CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks https://thehackernews.com/2025/10/cisa-flags-vmware-zero-day-exploited-by.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Broadcom VMware Tools and VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to attain

A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do https://thehackernews.com/2025/10/a-new-security-layer-for-macos-takes.html A design firm is editing a new campaign video on a MacBook Pro. The creative director opens a collaboration app that quietly requests microphone and camera permissions. MacOS is supposed to flag that, but in this case, the checks are loose. The app gets access anyway. On another Mac in the same office, file sharing is enabled through an old protocol called SMB version one. It’s fast and

Google's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month https://thehackernews.com/2025/10/googles-built-in-ai-defenses-on-android.html Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every month. The tech giant also said it has blocked over 100 million suspicious numbers from using Rich Communication Services (RCS), an evolution of the SMS protocol, thereby preventing scams before they could even be sent. In

Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks https://thehackernews.com/2025/10/russian-ransomware-gangs-weaponize-open.html The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs. AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration testing. While the server component is written in Golang, the GUI Client is written in C++ QT for

New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL https://thehackernews.com/2025/10/new-brash-exploit-crashes-chromium.html A severe vulnerability disclosed in Chromium's Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds. Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash. "It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations are managed," Pino said in a