Recurring Supply‑Chain Lapses Expose UEFI Firmware to Pre‑OS Threats
A disturbing pattern of security failures in the firmware supply chain continues to expose millions of devices to pre-OS threats, potentially undermining the foundation of…
Author: Cybernoz
Cobalt Strike 4.11.1 Released With SSL Checkbox Fix
Cobalt Strike has announced the release of version 4.11.1, an out-of-band update addressing several critical issues discovered in the previous 4.11 release. The update primarily…
NHS trust cloud plans hampered by Trump tariff uncertainty
A plan by Essex-based Princess Alexandra Hospital NHS Trust (PAH) to move some capacity to Nutanix cloud-based services is blocked by uncertainty over pricing amid…
F5 BIG-IP Command Injection Vulnerability Let Attackers Execute Arbitrary System Commands
F5 Networks has disclosed a high-severity command injection vulnerability (CVE-2025-31644) in its BIG-IP products running in Appliance mode. The vulnerability exists in an undisclosed iControl…
Attackers Leverage Unpatched Output Messenger 0‑Day to Deliver Malicious Payloads
A Türkiye-affiliated espionage threat actor, tracked by Microsoft Threat Intelligence as Marbled Dust (also known as Sea Turtle and UNC1326), has been exploiting a zero-day…
A practitioner’s guide to classifying every asset in your attack surface
TLDR: This article details methods and tools (from DNS records and IP addresses to HTTP analysis and HTML content) that practitioners can use to classify…
Malaysia urged to curb power theft by cryptocurrency miners with tougher laws
More than US$100 million in losses incurred by Malaysia over the past five years due to power theft by illegal cryptocurrency mining operations may point…
Researchers Uncover Remote IT Job Fraud Scheme Involving North Korean Nationals
The United States indicted fourteen North Korean nationals for orchestrating a sophisticated scheme to secure remote IT jobs at American companies and nonprofits using stolen…
Moldovan Police Arrest Suspect in €4.5M Ransomware Attack on Dutch Research Agency
May 13, 2025Ravie LakshmananCybercrime / Ransomware Moldovan law enforcement authorities have arrested a 45-year-old foreign man suspected of involvement in a series of ransomware attacks…
Malware emerging from AI Video generation tools
AI-generated video content is gaining popularity, particularly among younger audiences. However, this growing trend has also caught the attention of cybercriminals, who are now leveraging…
CISOs must speak business to earn executive trust
In this Help Net Security interview, Pritesh Parekh, VP, CISO at PagerDuty talks about how CISOs can change perceptions of their role, build influence across…
Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers
May 13, 2025Ravie LakshmananZero-Day / Vulnerability A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as…