1010.cx

1010.cx

/

Archive

/

Category: cyber security

  • Hackers Reap Minimal Gains from Massive npm Supply Chain Breach

    On September 8th, 2025, at approximately 9AM EST, the npm ecosystem faced an acute supply chain attack. A threat actor leveraged social engineering techniques to compromise the account of well-known npm developer Qix, subsequently publishing malicious …

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Dell PowerProtect Data Manager Flaw Allows System Compromise by Attackers

    Dell has released a critical security update for its PowerProtect Data Manager (PPDM) platform, addressing multiple vulnerabilities that could allow attackers to compromise systems and execute arbitrary commands. The security advisory DSA-2025-326 reve…

    ·

    , , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Reflected XSS Flaw Enables Attackers to Evade Amazon CloudFront Protection Using Safari

    A recent bug bounty discovery has drawn attention to a browser-specific reflected Cross-Site Scripting (XSS) vulnerability on help-ads.target.com. This flaw was found to bypass Amazon CloudFront’s Web Application Firewall (WAF) protections but could on…

    ·

    , , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Cursor AI Code Editor RCE Vulnerability Enables “autorun” of Malicious on your Machine

    A remote code execution vulnerability has been discovered in the Cursor AI Code Editor, enabling a malicious code repository to run code on a user’s machine upon opening automatically. The research team at Oasis Security uncovered the flaw, which bypasses typical user consent prompts by exploiting a default configuration setting in the popular editor. According […] The post Cursor AI Code Editor RCE Vulnerability Enables “autorun” of Malicious on your Machine appeared first on Cyber Security News.

    ·

    , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Jaguar Land Rover Confirms Hackers Stole Data in Ongoing Cyberattack

    Jaguar Land Rover (JLR) has confirmed that data was stolen during a major cyberattack that has crippled its global operations, bringing vehicle production to a standstill since early September. The luxury carmaker, a subsidiary of India’s Tata Motors, is now working with cybersecurity specialists to investigate the breach and restore its systems. The cyber incident, […] The post Jaguar Land Rover Confirms Hackers Stole Data in Ongoing Cyberattack appeared first on Cyber Security News.

    ·

    , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • AsyncRAT Uses Fileless Loader to Bypass Detections and Gain Remote Access

    Security researchers have recently observed a surge in sophisticated fileless malware campaigns targeting enterprise environments. AsyncRAT, a powerful Remote Access Trojan, leverages legitimate system tools to execute malicious payloads entirely in memory, effectively sidestepping traditional disk-based defenses. Emergence of this threat underscores the evolving tactics employed by cyber adversaries to maintain stealth and persistence on […] The post AsyncRAT Uses Fileless Loader to Bypass Detections and Gain Remote Access appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Beware of Malicious Facebook Ads With Meta Verified Steals User Account Details

    Malicious actors have launched a sophisticated malvertising campaign on Facebook that coerces unsuspecting users into installing a fake “Meta Verified” browser extension. Promoted through seemingly legitimate video tutorials, these ads promise to unlock the coveted blue verification tick without paying Meta’s subscription fee. In reality, the extension is engineered to harvest sensitive user data, including […] The post Beware of Malicious Facebook Ads With Meta Verified Steals User Account Details appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Threat Actor Installed EDR on Their Systems, Revealing Workflows and Tools Used

    A recent incident uncovered how a threat actor inadvertently exposed its entire operational workflow by installing a popular endpoint detection and response (EDR) agent on their own attacking infrastructure. The scenario unfolded when the adversary, while evaluating various security platforms, triggered alerts that led Huntress analysts to investigate unusual telemetry data. Initial observations of system […] The post Threat Actor Installed EDR on Their Systems, Revealing Workflows and Tools Used appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • New Phishing Attack Mimics Google AppSheet to Steal Login Credentials

    A sophisticated phishing campaign has emerged targeting Google Workspace organizations through fraudulent emails impersonating Google’s AppSheet platform. The attack demonstrates how cybercriminals exploit legitimate cloud services to bypass traditional email security measures and steal user credentials. Discovered in September 2025, this campaign represents a significant escalation in social engineering tactics, leveraging the inherent trust organizations […] The post New Phishing Attack Mimics Google AppSheet to Steal Login Credentials appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • New GONEPOSTAL Malware Hijacking Outlook to Enable Command and Control Communication

    In recent weeks, security teams have observed a sophisticated new strain of malware—dubbed GONEPOSTAL—that subverts Microsoft Outlook to relay command and control (C2) instructions. Emerging through spear-phishing campaigns targeting corporate environments, GONEPOSTAL disguises itself as a benign Office document. Upon opening the weaponized attachment, victims unknowingly activate a multi-stage payload that interfaces directly with Outlook’s […] The post New GONEPOSTAL Malware Hijacking Outlook to Enable Command and Control Communication appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶