A member of the notorious Ryuk ransomware operation who specialized in gaining initial access to corporate networks has been extradited to the United States. […]
Meta Adds Passkey Login Support to Facebook for Android and iOS Users
Meta Platforms on Wednesday announced that it’s adding support for passkeys, the next-generation password standard, on Facebook.
“Passkeys are a new way to verify your identity and login to your account that’s easier and more secure than traditional passwords,” the tech giant said in a post.
Support for passkeys is expected to be available “soon” on Android and iOS mobile devices. The feature is
“Passkeys are a new way to verify your identity and login to your account that’s easier and more secure than traditional passwords,” the tech giant said in a post.
Support for passkeys is expected to be available “soon” on Android and iOS mobile devices. The feature is
New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions
Cybersecurity researchers have uncovered two local privilege escalation (LPE) flaws that could be exploited to gain root privileges on machines running major Linux distributions.
The vulnerabilities, discovered by Qualys, are listed below –
The vulnerabilities, discovered by Qualys, are listed below –
CVE-2025-6018 – LPE from unprivileged to allow_active in SUSE 15’s Pluggable Authentication Modules (PAM)
CVE-2025-6019 – LPE from allow_active to root in
Pro-Israel hackers hit Iran’s Nobitex exchange, burn $90M in crypto
The pro-Israel “Predatory Sparrow” hacking group claims to have stolen over $90 million in cryptocurrency from Nobitex, Iran’s largest crypto exchange, and burned the funds in a politically motivated cyberattack. […]
North Korean hackers deepfake execs in Zoom call to spread Mac malware
North Korean advanced persistent threat (APT) ‘BlueNoroff’ (aka ‘Sapphire Sleet’ or ‘TA444’) are using deepfake company executives during fake Zoom calls to trick employees into installing custom malware on their computers. […]
Russian Hackers Bypass Gmail MFA with App Specific Password Ruse
Russian hackers posed as US State Department staff and convinced targets to generate and give up Google app-specific passwords.
The post Russian Hackers Bypass Gmail MFA with App Specific Password Ruse appeared first on SecurityWeek.
Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection
Misconfigured permissions in Google’s Gerrit code collaboration platform could have led to the compromise of ChromiumOS and other Google projects.
The post Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection appeared first on SecurityWeek.
New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains
A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments embedded in phishing emails.
The ongoing campaign has been codenamed SERPENTINE#CLOUD by Securonix.
It leverages “the Cloudflare Tunnel infrastructure and Python-based loaders to deliver memory-injected payloads through a chain of shortcut files and obfuscated
The ongoing campaign has been codenamed SERPENTINE#CLOUD by Securonix.
It leverages “the Cloudflare Tunnel infrastructure and Python-based loaders to deliver memory-injected payloads through a chain of shortcut files and obfuscated
Microsoft 365 to block file access via legacy auth protocols by default
Microsoft has announced that it will soon update security defaults for all Microsoft 365 tenants to block access to SharePoint, OneDrive, and Office files via legacy authentication protocols. […]
‘Stargazers’ use fake Minecraft mods to steal player passwords
A large-scale malware campaign specifically targets Minecraft players with malicious mods and cheats that infect Windows devices with infostealers that steal credentials, authentication tokens, and cryptocurrency wallets. […]