Tor has announced improved encryption and security for the circuit traffic by replacing the old tor1 relay encryption algorithm with a new design called Counter Galois Onion (CGO). […]
Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys
New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter and CodeBeautify that are used to format and validate code.
Cybersecurity company watchTowr Labs said it captured a dataset of over 80,000 files on these sites, uncovering thousands of
Cybersecurity company watchTowr Labs said it captured a dataset of over 80,000 files on these sites, uncovering thousands of
Microsoft: Exchange Online outage blocks access to Outlook mailboxes
Microsoft is investigating an Exchange Online service outage that is preventing customers from accessing their mailboxes using the classic Outlook desktop client. […]
Microsoft is speeding up the Teams desktop client for Windows
Microsoft says it will add a new Teams call handler beginning in January 2026 to reduce launch times and boost call performance for the Windows desktop client. […]
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
Cybersecurity researchers are calling attention to a new campaign that’s leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise of a “critical” Windows security update.
“Campaign leverages fake adult websites (xHamster, PornHub clones) as its phishing mechanism, likely distributed via malvertising,” Acronis said in a
“Campaign leverages fake adult websites (xHamster, PornHub clones) as its phishing mechanism, likely distributed via malvertising,” Acronis said in a
Alumni, Student, and Staff Information Stolen From Harvard University
A phone phishing attack led to the compromise of a system containing information about alumni, donors, students, staff, and other individuals.
The post Alumni, Student, and Staff Information Stolen From Harvard University appeared first on SecurityWeek.
Year-end approaches: How to maximize your cyber spend
Year-end budgeting is the perfect time to close real security gaps by strengthening identity controls, reducing redundant tools, and investing in outcome-driven engagements. The article highlights how targeting credential risks and documenting results helps teams maximize spend and justify next year’s budget. […]
Fluent Bit Vulnerabilities Expose Cloud Services to Takeover
Five flaws in the open source tool may lead to path traversal attacks, remote code execution, denial-of-service, and tag manipulation.
The post Fluent Bit Vulnerabilities Expose Cloud Services to Takeover appeared first on SecurityWeek.
WormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime Automation
Palo Alto Networks has conducted an analysis of malicious LLMs that help threat actors with phishing, malware development, and reconnaissance.
The post WormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime Automation appeared first on SecurityWeek.
Major US Banks Impacted by SitusAMC Hack
Hackers stole corporate data such as accounting records and legal agreements, but did not deploy file-encrypting ransomware.
The post Major US Banks Impacted by SitusAMC Hack appeared first on SecurityWeek.