uz
Feedback
TECHZONE™

TECHZONE™

Kanalga Telegram’da o‘tish

TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news

Ko'proq ko'rsatish
595
Obunachilar
Ma'lumot yo'q24 soatlar
-17 kunlar
-1030 kunlar
Postlar arxiv
Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker https://thehackernews.com/2025/03/researchers-uncover-200-unique-c2.html A new investigation has unearthed nearly 200 unique command-and-control (C2) domains associated with a malware called Raspberry Robin. "Raspberry Robin (also known as Roshtyak or Storm-0856) is a complex and evolving threat actor that provides initial access broker (IAB) services to numerous criminal groups, many of which have connections to Russia," Silent Push said in a report shared with The

Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years https://thehackernews.com/2025/03/chinese-hackers-breach-asian-telecom.html A major telecommunications company located in Asia was allegedly breached by Chinese state-sponsored hackers who spent over four years inside its systems, according to a new report from incident response firm Sygnia. The cybersecurity company is tracking the activity under the name Weaver Ant, describing the threat actor as stealthy and highly persistent. The name of the telecom provider was not

AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface https://thehackernews.com/2025/03/ai-powered-saas-security-keeping-pace.html Organizations now use an average of 112 SaaS applications—a number that keeps growing. In a 2024 study, 49% of 644 respondents who frequently used Microsoft 365 believed that they had less than 10 apps connected to the platform, despite the fact that aggregated data indicated over 1,000+ Microsoft 365 SaaS-to-SaaS connections on average per deployment. And that’s just one major SaaS provider.

Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps https://thehackernews.com/2025/03/hackers-use-net-maui-to-target-indian.html Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft's .NET Multi-platform App UI (.NET MAUI) framework to create bogus banking and social media apps targeting Indian and Chinese-speaking users. "These threats disguise themselves as legitimate apps, targeting users to steal sensitive information," McAfee Labs researcher Dexter Shin said. .NET

INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust https://thehackernews.com/2025/03/interpol-arrests-306-suspects-seizes.html Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation codenamed Red Card that took place between November 2024 and February 2025. The coordinated effort "aims to disrupt and dismantle cross-border criminal networks which cause significant harm to individuals and businesses," INTERPOL said, adding it

Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974 ), assigned a CVSS score of

Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks https://thehackernews.com/2025/03/microsoft-adds-inline-data-protection.html Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser. The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence (GenAI) apps like OpenAI ChatGPT, Google Gemini, and DeepSeek. The list will be expanded over time to

VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics https://thehackernews.com/2025/03/vanhelsing-raas-launch-3-victims-5k.html A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025. "The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit. Affiliates keep 80% of the ransom payments, while the core operators earn 20%," Check Point said in a report published over the weekend

⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More https://thehackernews.com/2025/03/thn-weekly-recap-github-supply-chain.html A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad

VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware https://thehackernews.com/2025/03/vscode-marketplace-removes-two.html Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs, incorporate code that's designed to invoke a

How to Balance Password Security Against User Experience https://thehackernews.com/2025/03/how-to-balance-password-security.html If given the choice, most users are likely to favor a seamless experience over complex security measures, as they don’t prioritize strong password security. However, balancing security and usability doesn’t have to be a zero-sum game. By implementing the right best practices and tools, you can strike a balance between robust password security and a frictionless user experience (UX). This article

Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks https://thehackernews.com/2025/03/critical-nextjs-vulnerability-allows.html A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0. "Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops," Next.js said in an

GitHub Supply Chain Breach: Coinbase Attack Exposes 218 Repositories, Leaks CI/CD Secrets https://thehackernews.com/2025/03/github-supply-chain-breach-coinbase.html The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects, before evolving into something more widespread in scope. "The payload was focused on exploiting the public CI/CD flow of one of their open source projects – agentkit, probably with the purpose of leveraging it for further compromises,"

U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe https://thehackernews.com/2025/03/us-treasury-lifts-tornado-cash.html The U.S. Treasury Department has announced that it's removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds. "Based on the Administration's review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring

UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools https://thehackernews.com/2025/03/uat-5918-targets-taiwans-critical.html Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. "UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim

Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates https://thehackernews.com/2025/03/medusa-ransomware-uses-malicious-driver.html The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed to disable anti-malware tools. Elastic Security Labs said it observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a packer-as-a-service (PaaS

China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families https://thehackernews.com/2025/03/china-linked-apt-aquatic-panda-10-month.html The China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to a "global espionage campaign" that took place in 2022 targeting seven organizations. These entities include governments, catholic charities, non-governmental organizations (NGOs), and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States. The activity, which took place

10 Critical Network Pentest Findings IT Teams Overlook https://thehackernews.com/2025/03/10-critical-network-pentest-findings-it.html After conducting over 10,000 automated internal network penetration tests last year, vPenTest has uncovered a troubling reality that many businesses still have critical security gaps that attackers can easily exploit. Organizations often assume that firewalls, endpoint protection, and SIEMs are enough to keep them secure. But how effective are these defenses when put to the test? That’s where

Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers https://thehackernews.com/2025/03/kaspersky-links-head-mare-to-twelve.html Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to target Russian entities, new findings from Kaspersky reveal. "Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control (C2) servers exclusively linked to Twelve prior to these incidents," the company said. "This suggests

Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility https://thehackernews.com/2025/03/ongoing-cyber-attacks-exploit-critical.html Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center. The two critical-rated vulnerabilities in question are listed below -  CVE-2024-20439 (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to an