-
Cybersecurity firm GreyNoise has launched a new, free utility designed to answer a question most internet users never think to ask: Is my home router secretly attacking other computers? The newly released GreyNoise IP Check is a simple, web-based tool …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated, complex new cyber offensive has emerged from the “Scattered Lapsus$ Hunters,” a threat collective that has aggressively shifted toward exploiting supply-chain vulnerabilities. This latest campaign targets Zendesk, a critical customer support platform, effectively turning a trusted business tool into a launchpad for corporate spying. The attackers have successfully registered over 40 typosquatted domains, […] The post Scattered Lapsus$ Hunters Registered 40+ Domains Mimicking Zendesk Environments appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Comcast has agreed to a $1.5 million settlement with the Federal Communications Commission (FCC) following a data breach at a third-party vendor that exposed the personal information of hundreds of thousands of its customers. The breach has raised conc…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has announced a significant security change to the Microsoft Entra ID sign-in experience that will block external scripts from running during user logins. The update is designed to stop unauthorized or injected code from executing on the logi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council, and Hammersmith and Fulham Council confirmed they were targeted in the incident that began on Monday, November 24. The attack has forced officials to shut down systems as a p…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new open-source tool called KawaiiGPT has surfaced on GitHub, positioning itself as a “cute” but unrestricted version of artificial intelligence. Developed by a user known as MrSanZz (along with contributors Shoukaku07 and FlamabyX5), the…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Black Friday is supposed to be chaotic, sure, but not this chaotic. Amid genuine doorbusters and flash sales, a large-scale, highly polished scam campaign is hijacking web traffic and pushing shoppers to fake “survey reward” pages impersonating dozens …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hidden vulnerabilities in legacy code often create unseen risks for modern development environments. One such issue recently surfaced within the Python ecosystem, where outdated bootstrap scripts associated with the zc.buildout tool expose users to domain takeover attacks. These scripts, designed to automate the installation of package dependencies, contain hardcoded references to external domains that are […] The post Vulnerable Codes in Legacy Python Packages Enables Attacks on Python Package Index Via Domain Compromise appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Digital calendars have become indispensable tools for managing personal and professional schedules. Users frequently subscribe to external calendars for public holidays, sports schedules, or community events to keep their agendas up to date. While these subscriptions offer convenience, they create a persistent connection between a user’s device and an external server. If the domain hosting […] The post Over 390 Abandoned iCalendar Sync Domains Could Expose ~4 Million Devices to Security Risks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The software supply chain is under siege from “Shai Hulud v2,” a sophisticated malware campaign that has compromised 834 packages across the npm and Maven ecosystems. This new wave specifically targets GitHub Actions workflows, exploiting pull_request_target triggers to inject malicious code into widely used libraries. The attack has impacted major projects like PostHog, Zapier, and […] The post Shai Hulud v2 Exploits GitHub Actions Workflows as Attack Vector to Steal Secrets appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
