Beware! Malware Hidden in Free Word-to-PDF Converters
The FBI has issued a warning about a growing threat involving free file conversion tools, which are being used to spread malware. This scam, described…
Author: Cybernoz
New RAT malware used for crypto theft, reconnaissance
Microsoft has discovered a new remote access trojan (RAT) that employs “sophisticated techniques” to avoid detection, ensure persistence, and extract sensitive information data. While the malware…
Supply Chain Attack Targets 23,000 GitHub Repositories
A critical security incident has been uncovered involving the popular GitHub Action tj-actions/changed-files, which is used in over 23,000 repositories. The attack involves a malicious…
Online Safety Act measures come into effect
Regulator Ofcom has begun enforcing its “illegal content” codes under the Online Safety Act (OSA) after the end of a three-month deadline for companies to…
Funny, Scary & Just Plain Weird
With thousands of threat groups trying to make a name for themselves and new ones cropping up every day, it can take some work to…
OKX suspends DEX aggregator after Lazarus hackers try to launder funds
OKX Web3 has decided to suspend its DEX aggregator services to implement security upgrades following reports of abuse by the notorious North Korean Lazarus hackers,…
Hackers Rapidly Adopt ClickFix Technique for Sophisticated Attacks
In recent months, a sophisticated social engineering technique known as ClickFix has gained significant traction among cybercriminals and nation-state-sponsored groups. This method exploits human psychology…
Custom vs. Off-the-shelf Educational Software
Educational institutions and businesses looking to implement technology-driven learning solutions often face a key decision: should they invest in custom-built educational software or opt for…
Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure
Mar 17, 2025Ravie LakshmananVulnerability / Web Security A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the…
Data protection and AI: what to know about new UK cyber standard
In a significant move positioning the UK at the forefront of responsible AI adoption, the government has introduced what it calls a “world first” AI-focused…
DOGE staffer violated security policies at Treasury Department, court filing shows
A staffer for the Department of Government Efficiency (DOGE) violated security policies at the Treasury Department by improperly sharing sensitive personal information outside the agency,…
Supply chain attack against GitHub Action triggers massive exposure of secrets
Security researchers are warning of a supply chain attack against tj-actions/changed-files GitHub Action, which is used in more than 23,000 repositories. A malicious commit was…