-
Cloud environments rely on the Instance Metadata Service (IMDS) to provide virtual machines with temporary credentials and essential configuration data. IMDS allows applications to securely retrieve credentials without embedding secrets in code or conf…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Open source software powers much of today’s technology, enabling developers around the world to build and share tools, libraries, and applications. However, the same openness that drives innovation also presents serious security challenges. Attackers r…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In recent weeks, security researchers have uncovered an elaborate phishing campaign that leverages legitimate GitHub notification mechanisms to deliver malicious content. Victims receive seemingly authentic repository alerts, complete with real-looking commit messages and collaborator updates. Upon closer inspection, the notification headers reveal altered sender addresses and obfuscated links. The campaign’s sophistication has allowed it to […] The post Hackers Abusing GitHub Notifications to Deliver Phishing Emails appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In 2024, as the Russia-Ukraine war prolongs and military and economic cooperation between North Korea and Russia deepens, cyberspace has become a central battleground for international conflict. Russia is leveraging cyber-attacks to alleviate economic …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cloudflare announced today that it has successfully mitigated the largest distributed denial-of-service (DDoS) attack ever recorded. The hyper-volumetric assault peaked at a staggering 22.2 terabits per second (Tbps) and 10.6 billion packets per second…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Check Point Research has identified a long-running campaign by the Iranian-aligned threat actor Nimbus Manticore—also known as UNC1549, Smoke Sandstorm, and the “Iranian Dream Job” operation—targeting defense manufacturers, telecommunications, and avia…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical cross-site scripting (XSS) vulnerability affecting both Lectora Desktop and Lectora Online has been disclosed, enabling attackers to inject JavaScript through crafted URL parameters. Discovered by security researcher Mohammad Jassim and docu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw in Libraesva ESG email security gateways has been identified and patched, allowing threat actors to execute arbitrary commands through specially crafted email attachments. The vulnerability, tracked as CVE-2025-59689, affects multiple versions of the popular email security platform and has already been exploited by what security researchers believe to be a foreign […] The post Libraesva ESG Vulnerability Let Attackers Inject Malicious Commands appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Over the weekend, a sophisticated ransomware attack compromised Collins Aerospace’s Muse check-in and boarding systems, forcing key hubs including Heathrow, Brussels, and Berlin to return to manual processes. Airlines reported hundreds of delayed and cancelled flights as security teams raced to contain the breach, restore encrypted data, and deploy software patches. The Guardian stated that […] The post European Airport Disruptions Caused by Sophisticated Ransomware Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Passengers across Europe are facing another day of flight delays after a cyber-attack struck the company behind the check-in and boarding software used at many airports. London Heathrow, Brussels, Dublin and Berlin have been worst hit since Friday, whe…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
