How to Address the Expanding Security Risk
Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world…
Category: TheHackerNews
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
A novel attack technique named EchoLeak has been characterized as a “zero-click” artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from…
ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks
Jun 12, 2025Ravie LakshmananVulnerability / Software Security ConnectWise has disclosed that it’s planning to rotate the digital code signing certificates used to sign ScreenConnect, ConnectWise…
Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool
Jun 12, 2025Ravie LakshmananEnterprise Security / Active Directory Cybersecurity researchers have uncovered a new account takeover (ATO) campaign that leverages an open-source penetration testing framework…
Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks
Jun 11, 2025Ravie LakshmananRansomware / Cybercrime Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email…
295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager
Jun 11, 2025Ravie LakshmananNetwork Security / Threat Intelligence Threat intelligence firm GreyNoise has warned of a “coordinated brute-force activity” targeting Apache Tomcat Manager interfaces. The…
Why DNS Security Is Your First Defense Against Cyber Attacks?
In today’s cybersecurity landscape, much of the focus is placed on firewalls, antivirus software, and endpoint detection. While these tools are essential, one critical layer…
INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation Secure
Jun 11, 2025Ravie LakshmananCybercrime / Malware INTERPOL on Wednesday announced the dismantling of more than 20,000 malicious IP addresses or domains that have been linked…
5 Lessons from River Island
In today’s security landscape, budgets are tight, attack surfaces are sprawling, and new threats emerge daily. Maintaining a strong security posture under these circumstances without…
SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords
Jun 11, 2025Ravie LakshmananIoT Security / Vulnerability Two security vulnerabilities have been disclosed in SinoTrack GPS devices that could be exploited to control certain remote…
Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild
Microsoft has released patches to fix 67 security flaws, including one zero-day bug in Web Distributed Authoring and Versioning (WEBDAV) that it said has come…
Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud
Jun 10, 2025Ravie LakshmananVulnerability / SaaS Security Cybersecurity researchers have uncovered over 20 configuration-related risks affecting Salesforce Industry Cloud (aka Salesforce Industries), exposing sensitive data…