TECHZONE™
Kanalga Telegram’da o‘tish
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Ko'proq ko'rsatish595
Obunachilar
Ma'lumot yo'q24 soatlar
-17 kunlar
-1030 kunlar
Postlar arxiv
595
Credential Theft Becomes Cybercriminals' Favorite Target
https://www.darkreading.com/threat-intelligence/credential-theft-cybercriminals-favorite-target
595
Ferret Malware Added to 'Contagious Interview' Campaign
https://www.darkreading.com/threat-intelligence/ferret-malware-added-contagious-interview-threat-campaign
595
Cybercriminals Court Traitorous Insiders via Ransom Notes
https://www.darkreading.com/threat-intelligence/cybercriminals-traitorous-insiders-ransom-notes
595
Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud
https://www.darkreading.com/cloud-security/chinese-infrastructure-laundering-abuses-aws-microsoft-cloud
595
Managing Software Risk in a World of Exploding Vulnerabilities
https://www.darkreading.com/vulnerabilities-threats/managing-software-risk-world-exploding-vulnerabilities
595
Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
https://thehackernews.com/2025/02/malicious-go-package-exploits-module.html
Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems.
The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module (github.com/boltdb/bolt), per Socket. The malicious version (1.3.1) was published to
595
Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections
https://thehackernews.com/2025/02/russian-cybercrime-groups-exploiting-7.html
A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware.
The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version 24.09.
"The vulnerability was
595
North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS
https://thehackernews.com/2025/02/north-korean-hackers-deploy-ferret.html
The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process.
"Targets are typically asked to communicate with an interviewer through a link that throws an error message and a request to install or update some required piece of software such as VCam or
595
Watch Out For These 8 Cloud Security Shifts in 2025
https://thehackernews.com/2025/02/watch-out-for-these-8-cloud-security.html
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud.
But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let’s take a
595
Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks
https://thehackernews.com/2025/02/taiwan-bans-deepseek-ai-over-national.html
Taiwan has become the latest country to ban government agencies from using Chinese startup DeepSeek's Artificial Intelligence (AI) platform, citing security risks.
"Government agencies and critical infrastructure should not use DeepSeek, because it endangers national information security," according to a statement released by Taiwan's Ministry of Digital Affairs, per Radio Free Asia.
"DeepSeek
595
AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access
https://thehackernews.com/2025/02/amd-sev-snp-vulnerability-allows.html
A security vulnerability has been disclosed in AMD's Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions.
The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity.
"Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local
595
Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
https://thehackernews.com/2025/02/microsoft-patches-critical-azure-ai.html
Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions.
The flaws are listed below -
CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability
CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service
595
Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104
https://thehackernews.com/2025/02/google-patches-47-android-security.html
Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild.
The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver.
Successful exploitation of the flaw could lead
595
Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform
https://thehackernews.com/2025/02/microsoft-sharepoint-connector-flaw.html
Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks.
This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf
595
DNSFilter's Annual Security Report Reveals Worrisome Spike in Malicious DNS Requests
https://www.darkreading.com/cyberattacks-data-breaches/dnsfilter-s-annual-security-report-reveals-worrisome-spike-in-malicious-dns-requests
595
EMEA CISOs Plan 2025 Cloud Security Investment
https://www.darkreading.com/cloud-security/emea-cisos-plan-2025-cloud-security-investment
595
Interactive Online Training for Cybersecurity Professionals; Earn CPE Credits
https://www.darkreading.com/cybersecurity-operations/interactive-online-training-for-cybersecurity-professionals-earn-cpe-credits
595
'Constitutional Classifiers' Technique Mitigates GenAI Jailbreaks
https://www.darkreading.com/application-security/constitutional-classifiers-mitigate-genai-jailbreaks
595
Name That Edge Toon: In the Cloud
https://www.darkreading.com/cloud-security/name-that-edge-toon-in-the-cloud
595
AI Malware Dressed Up as DeepSeek Packages Lurk in PyPi
https://www.darkreading.com/application-security/ai-malware-deepseek-packages-pypi
Endi mavjud! Telegram Tadqiqoti 2025 — yilning asosiy insaytlari 
