Threat actors are leveraging a Unicode character to make phishing links appear like legitimate Booking.com links in a new campaign distributing malware. The attack makes use of the Japanese hiragana character, ん, which can, on some systems, appear as a forward slash and make a phishing URL appear realistic to a person at first. […]
When Theft Replaces Encryption: Blue Report 2025 on Ransomware & Infostealers
Ransomware and infostealers are winning on stealth, not encryption. Picus Blue Report 2025 reveals just 3% of data exfiltration attempts are stopped. Find and fix your biggest exposure gaps before they’re exploited. […]
Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution
Path traversal and XXE injection flaws allowing unauthenticated remote code execution have been patched in Xerox FreeFlow Core.
The post Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution appeared first on SecurityWeek.
Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon’s Reach to Linux and macOS
Japan’s CERT coordination center (JPCERT/CC) on Thursday revealed it observed incidents that involved the use of a command-and-control (C2) framework called CrossC2, which is designed to extend the functionality of Cobalt Strike to other platforms like Linux and Apple macOS for cross-platform system control.
The agency said the activity was detected between September and December 2024, targeting
The agency said the activity was detected between September and December 2024, targeting
Canada’s House of Commons investigating data breach after cyberattack
The House of Commons of Canada is currently investigating a data breach after a threat actor reportedly stole employee information in a cyberattack on Friday. […]
CISA Warns of Attacks Exploiting N-able Vulnerabilities
CISA reported becoming aware of attacks exploiting CVE-2025-8875 and CVE-2025-8876 in N-able N-central on the day they were patched.
The post CISA Warns of Attacks Exploiting N-able Vulnerabilities appeared first on SecurityWeek.
Have You Turned Off Your Virtual Oven?
You check that the windows are shut before leaving home. Return to the kitchen to verify that the oven and stove were definitely turned off. Maybe even circle back again to confirm the front door was properly closed. These automatic safety checks give you peace of mind because you know the unlikely but potentially dangerous consequences of forgetting – a break-in, fire, or worse.
Your
Your
‘MadeYouReset’ HTTP2 Vulnerability Enables Massive DDoS Attacks
The new DDoS attack vector, which involves HTTP/2 implementation flaws, has been compared to Rapid Reset.
The post ‘MadeYouReset’ HTTP2 Vulnerability Enables Massive DDoS Attacks appeared first on SecurityWeek.
New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits
Cybersecurity researchers have disclosed a new Android trojan called PhantomCard that abuses near-field communication (NFC) to conduct relay attacks for facilitating fraudulent transactions in attacks targeting banking customers in Brazil.
“PhantomCard relays NFC data from a victim’s banking card to the fraudster’s device,” ThreatFabric said in a report. “PhantomCard is based on
“PhantomCard relays NFC data from a victim’s banking card to the fraudster’s device,” ThreatFabric said in a report. “PhantomCard is based on
Leak: OpenAI’s browser will use ChatGPT Agent to control the browser
OpenAI is building an agentic future with its upcoming Chromium-based browser and a new leak confirms GPT Agent integration. […]