Email Bombs Exploit Lax Authentication in Zendesk – Krebs on Security
Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from…
Author: Cybernoz
ConnectWise Flaws Let Attackers Deliver Malicious Software Updates
ConnectWise has issued a critical security update for its Automate platform after uncovering vulnerabilities that could allow attackers to intercept and tamper with software updates.…
Your First and Last Line of Defense
Oct 17, 2025The Hacker NewsArtificial Intelligence / Identity Security The danger isn’t that AI agents have bad days — it’s that they never do. They…
LinkPro Rootkit Attacking GNU/Linux Systems Using eBPF Module to Hide Malicious Activities
A sophisticated rootkit targeting GNU/Linux systems has emerged, leveraging advanced eBPF (extended Berkeley Packet Filter) technology to conceal malicious activities and evade traditional monitoring tools.…
New Tech Support Scam Exploits Microsoft Logo to Steal User Credentials
Microsoft’s name and branding have long been associated with trust in computing, security, and innovation. Yet a newly uncovered campaign by the Cofense Phishing Defense…
Prosper data breach puts 17 million people at risk of identity theft
Peer-to-peer lending marketplace Prosper detected unauthorized activity on their systems on September 2, 2025. It published an FAQ page later that month to address the…
Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign
Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign Pierluigi Paganini October 17, 2025 Microsoft revoked 200+ certificates used by Vanilla Tempest…
North Korean Hackers Using EtherHiding to Deliver Malware and Steal Cryptocurrency
In recent months, a sophisticated malware campaign—dubbed EtherHiding—has emerged from North Korea-aligned threat actors, sharply escalating the cybersecurity risks facing cryptocurrency exchanges and their users…
Windows GDI Vulnerability in Rust Kernel Module Enables Remote Attacks
A newly discovered flaw in Microsoft’s Rust-based Graphics Device Interface (GDI) kernel component allows unprivileged attackers to crash or take control of Windows systems. Check…
Microsoft revokes 200 certs used to sign malicious Teams installers
By revoking 200 software-signing certificates, Microsoft has hampered the activities of Vanilla Tempest, a ransomware-wielding threat actor that has been targeting organizations with malware posing…
Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices
Oct 17, 2025Ravie LakshmananVulnerability / VPN Security Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow…
Cisco Desk, IP, and Video Phone Vulnerabilities Let Remote Attackers Trigger DoS And XSS Attacks
Cisco has issued a security advisory warning of multiple vulnerabilities in its Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone…