1010.cx

1010.cx

/

Archive

/

Category: cyber security

  • Phishing Campaign Went Undetected for Over 3 Years on Google Cloud and Cloudflare

    A sophisticated phishing operation has been running undetected for over three years across Google Cloud and Cloudflare infrastructure, impersonating major corporations including defense contractor Lockheed Martin. The campaign, which utilized advanced cloaking techniques and compromised expired domains, demonstrates a concerning failure in detection capabilities by two of the internet’s largest service providers. The operation began […] The post Phishing Campaign Went Undetected for Over 3 Years on Google Cloud and Cloudflare appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Disney Agreed to Pay $10 Million for Collection Personal Data From Children

    Disney Worldwide Services, Inc. and Disney Entertainment Operations LLC have agreed to pay $10 million in a landmark settlement to resolve allegations that they systematically collected personal data from children under 13 in violation of the Children’s Online Privacy Protection Act (COPPA) Rule. The U.S. Department of Justice, acting at the behest of the Federal […] The post Disney Agreed to Pay $10 Million for Collection Personal Data From Children appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Attackers Are Abusing Malicious PDFs: Here’s How to Spot Them Early

    Phishing has moved far beyond suspicious links. Today, attackers hide inside the files employees trust most; PDFs. On the surface, they look like invoices, contracts, or reports. But once opened, these documents can trigger hidden scripts, redirect to fake login pages, or quietly steal credentials. The danger lies in how convincing they are. PDFs often […] The post Attackers Are Abusing Malicious PDFs: Here’s How to Spot Them Early appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • New Stealthy Python Malware Leverages Discord to Steal Data From Windows Machines

    A sophisticated new Python-based information stealer has emerged in the cybersecurity landscape, demonstrating advanced capabilities for data exfiltration through Discord channels. The malware, identified as “Inf0s3c Stealer,” represents a significant evolution in the realm of data theft tools, combining traditional system reconnaissance techniques with modern communication platforms to avoid detection while efficiently harvesting sensitive information […] The post New Stealthy Python Malware Leverages Discord to Steal Data From Windows Machines appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • RapperBot Hijacking Devices to Launch DDoS Attack In a Split Second

    Cybersecurity researchers began detecting an alarming surge in early April 2025 in UDP flood traffic emanating from compromised network video recorders (NVRs) and other edge devices. Within milliseconds of infection, these devices were weaponized to direct overwhelming volumes of packets at unsuspecting targets, leading to service disruptions and massive bandwidth consumption. Bitsight analysts identified this […] The post RapperBot Hijacking Devices to Launch DDoS Attack In a Split Second appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • PagerDuty Confirms Data Breach After Salesforce Account Compromise

    PagerDuty has confirmed that it experienced a data breach following a compromise of its Salesforce account. The company was first alerted to the issue by Salesloft on August 20, 2025, when Salesloft notified PagerDuty of a security problem in the Drift…

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Namespace Reuse Vulnerability Exposes AI Platforms to Remote Code Execution

    A newly discovered vulnerability in the AI supply chain—termed Model Namespace Reuse—permits attackers to achieve Remote Code Execution (RCE) across major AI platforms, including Microsoft Azure AI Foundry, Google Vertex AI, and thousands of open-sourc…

    ·

    , , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • CISA Alerts on TP-Link Authentication Flaw Under Active Exploitation

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about a serious security hole in certain TP-Link devices. This flaw, tracked as CVE-2020-24363, allows an attacker on the same network to take control without needing …

    ·

    , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • PagerDuty Confirms Data Breach After Third-Party App Vulnerability Exposes Salesforce Data

    PagerDuty, a leader in digital operations management, has confirmed a security incident that resulted in unauthorized access to some of its data stored in Salesforce. The company stated that no PagerDuty platform credentials were compromised and that the breach resulted from a vulnerability in a third-party application, Salesloft Drift. The incident’s timeline began on August […] The post PagerDuty Confirms Data Breach After Third-Party App Vulnerability Exposes Salesforce Data appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Over 1,100 Ollama AI Servers Found Online, 20% at Risk

    More than 1,100 instances of Ollama—a popular framework for running large language models (LLMs) locally—were discovered directly accessible on the public internet, with approximately 20% actively hosting vulnerable models that could be exploited by un…

    ·

    , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶