Security researchers have discovered an arbitrary account takeover flaw in Subaru’s Starlink service that could let attackers track, control, and hijack vehicles in the United States, Canada, and Japan using just a license plate. […]
Hackers use Windows RID hijacking to create hidden admin account
A North Korean threat group has been using a technique called RID hijacking that tricks Windows into treating a low-privileged account as one with administrator permissions. […]
Hacker infects 18,000 “script kiddies” with fake malware builder
A threat actor targeted low-skilled hackers, known as “script kiddies,” with a fake malware builder that secretly infected them with a backdoor to steal data and take over computers. […]
Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs
Microsoft says outdated Exchange servers cannot receive new emergency mitigation definitions because an Office Configuration Service certificate type is being deprecated. […]
Managed Detection and Response – How are you monitoring?
Security Information and Event Management (SIEM) systems are now a critical component of enterprise security. Learn more from Smarttech247 about how its VisionX + Splunk solution can help secure your organization. […]
Subaru Starlink Vulnerability Exposed Cars to Remote Hacking
A vulnerability in Subaru’s Starlink connected vehicle service exposed US, Canada, and Japan vehicle and customer accounts.
The post Subaru Starlink Vulnerability Exposed Cars to Remote Hacking appeared first on SecurityWeek.
North Korean Fake IT Workers More Aggressively Extorting Enterprises
North Korean fake IT workers are more aggressively extorting their employers in response to law enforcement actions.
The post North Korean Fake IT Workers More Aggressively Extorting Enterprises appeared first on SecurityWeek.
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York for $2 million, trojanized RAT builder targets script kiddies.
The post In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies appeared first on SecurityWeek.
Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025
The Pwn2Own Automotive 2025 hacking contest has ended with security researchers collecting $886,250 after exploiting 49 zero-days. […]
RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations
A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network.
The 119 vulnerabilities, assigned 97 unique CVE identifiers, span seven LTE implementations – Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC,
The 119 vulnerabilities, assigned 97 unique CVE identifiers, span seven LTE implementations – Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC,