Windows Server hotpatching to require subscription
Microsoft has announced that it will soon introduce paid subscriptions for Windows Server 2025 hotpatching, a service that enables admins to install security updates without…
Author: Cybernoz
Europol Creates Operational Taskforce to Tackle Violence-as-a-Service
In response to the concerning rise of “violence-as-a-service” (VaaS) and the exploitation of youth by organized crime, Europol has announced the formation of a new…
Outlaw Cybergang Launches Global Attacks on Linux Environments with New Malware
The Outlaw cybergang, also known as “Dota,” has intensified its global assault on Linux environments, exploiting weak or default SSH credentials to deploy a Perl-based…
SentinelOne warns of threat actors targeting its systems and high-value clients
SentinelOne warns of threat actors targeting its systems and high-value clients Pierluigi Paganini April 29, 2025 SentinelOne warns China-linked APT group PurpleHaze attempted reconnaissance on…
Hackers ramp up scans for leaked Git tokens and secrets
Threat actors are intensifying internet-wide scanning for Git configuration files that can reveal sensitive secrets and authentication tokens used to compromise cloud services and source…
Google Chrome Vulnerability Let Attackers Escape Payload from Sandbox
A critical vulnerability in Google Chrome has recently been discovered that allows malicious actors to break out of the browser’s protective sandbox environment, potentially giving…
Cyber Espionage Campaign Targets Uyghur Exiles with Trojanized Language Software
A sophisticated cyberattack targeted senior members of the World Uyghur Congress (WUC), the largest Uyghur diaspora organization, using a weaponized version of UyghurEditPP-a trusted open-source…
Amazon, CrowdStrike leaders say private threat intel can quickly bring cybercriminals to justice
SAN FRANCISCO — Threat intelligence flowing from private companies to cybersecurity authorities and law enforcement agencies is critical to the disruption of malicious activities and…
AirPlay Zero-Click RCE Vulnerability Enables Remote Device Takeover via Wi-Fi
A critical vulnerability in Apple’s AirPlay protocol, dubbed AirBorne, has exposed over 2.35 billion active Apple devices and tens of millions of third-party gadgets to…
Researchers Uncover SuperShell Payloads and Various Tools in Hacker’s Open Directories
Cybersecurity researchers at Hunt have uncovered a server hosting advanced malicious tools, including SuperShell command-and-control (C2) payloads and a Linux ELF Cobalt Strike beacon. The…
44% of the zero-days exploited in 2024 were in enterprise solutions
In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety…
New Reports Uncover Jailbreaks, Unsafe Code, and Data Theft Risks in Leading AI Systems
Various generative artificial intelligence (GenAI) services have been found vulnerable to two types of jailbreak attacks that make it possible to produce illicit or dangerous…