An Automated Exploitation Toolkit Targeting Hikvision IP Cameras
A new open-source tool called HikvisionExploiter has emerged, designed to automate attacks on vulnerable Hikvision IP cameras. Released on GitHub in mid-2024 but gaining renewed…
Author: Cybernoz
PureHVNC RAT Distributed via Weaponized Judicial Documents
The campaign leverages judicial document themes to distribute Hijackloader malware, which subsequently deploys PureHVNC remote access trojan (RAT)—marking the first observed instance where this combination…
Post Office Capture redress scheme ‘went down like lead balloon’ and is ‘discriminatory’
A former subpostmaster who suffered at the hands of the Post Office’s faulty Capture accounting software has said the announced compensation scheme “discriminates” against claimants.…
Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets
Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets Pierluigi Paganini October 29, 2025 Russian actors, likely linked to Sandworm, targeted Ukrainian…
AI risks pack a punch, but governance provides a buffer
Dive Brief: Enterprise decision-makers say AI risks are packing a punch as adoption grows and tool rollouts continue, according to an EY survey of nearly…
Streamlining Patching and Vulnerability Remediation
For years, patch management has been one of the least glamorous yet most consequential aspects of IT operations. Vulnerabilities emerge daily, and while most administrators…
10 Malicious npm Packages with Auto-Run Feature on Install Deploys Multi-Stage Credential Harvester
The npm ecosystem faces a sophisticated new threat as ten malicious packages have emerged, each designed to automatically execute during installation and deploy a comprehensive…
Google Publishes New Guide to Help Defenders Monitor Privileged Accounts
Google has released comprehensive guidance on protecting privileged accounts, recognizing that stolen credentials have become one of the most dangerous attack vectors facing modern organizations.…
Sanctions won’t stop cyberattacks, but they can still “bite”
Sanctions are one of the tools Western governments use when they want to hit back at state-sponsored cyber threat actors. But do they actually work?…
41% Of Ransomware Victims Who Pay Ransom Can’t Recover Data
Paying attackers a ransom to recover from ransomware attacks fails 41% of the time, and even when recovery keys work, ransomware victims don’t always recover…
Microsoft fixes 0x800F081F errors causing Windows update failures
Microsoft has resolved a known issue that caused Windows updates to fail, leading to 0x800F081F errors on Windows 11 24H2 systems. In a service alert…
PoC Exploit Released for BIND 9 Vulnerability that Let Attackers Forge DNS Records
A public exploit code demonstrating how attackers could exploit CVE-2025-40778, a critical vulnerability in BIND 9 that enables DNS cache poisoning. The Internet Systems Consortium…