Wed.Jan 29, 2025

article thumbnail

Samsung Galaxy S25 Ultra vs. OnePlus 13: I tested both, and the winner surprised me

Zero Day

Between the two best Android phones right now, which one should you buy? Based on my testing, it'll depend on these key differences.

127
127
article thumbnail

Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks

The Hacker News

The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. "Each C2 server hosted a web-based administrative platform, built with a React application and a Node.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Exposed DeepSeek Database Revealed Chat Prompts and Internal Data

WIRED Threat Level

China-based DeepSeek has exploded in popularity, drawing greater scrutiny. Case in point: Security researchers found more than 1 million records, including user data and API keys, in an open database.

article thumbnail

Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution

The Hacker News

A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances. The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a maximum of 10.0.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Windows 11 24H2 plagued by yet more bugs in 2025

Zero Day

Microsoft's official 24H2 update for Windows 11 has been hit with one bug after another. Here's why you might want to hold off on updating and what you could run into if you decide to upgrade now.

117
117
article thumbnail

New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks

The Hacker News

A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks. The vulnerability in question is CVE-2024-41710 (CVSS score: 6.

DDOS 114

More Trending

article thumbnail

New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits

The Hacker News

A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome.

article thumbnail

Microsoft kills off Smart Lookup feature in Word as it pushes Copilot

Zero Day

The defunct feature used to let users search for definitions and online articles about highlighted words and phrases.

111
111
article thumbnail

How Interlock Ransomware Infects Healthcare Organizations

The Hacker News

Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total.

article thumbnail

The Windows January updates are a mess - here's why you should wait to install

Zero Day

Some of the issues affect both Windows 10 and 11, as Microsoft continues to struggle with updates that do more harm than good.

104
104
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CVE-2024-56614 & CVE-2024-56615: PoC Exploits Released for Severe eBPF Vulnerabilities in Linux Kernel

Penetration Testing

Two new vulnerabilities have been uncovered in the Linux kernels eBPF (Extended Berkeley Packet Filter) framework, specifically affecting The post CVE-2024-56614 & CVE-2024-56615: PoC Exploits Released for Severe eBPF Vulnerabilities in Linux Kernel appeared first on Cybersecurity News.

article thumbnail

Just installed iOS 18.3? I'd change these 3 settings first for the best experience

Zero Day

The latest iOS 18.3 update brings some notable changes to the iPhone's AI and camera features. Here's the rundown - and how to modify them.

98
article thumbnail

Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits

The Hacker News

Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. "When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server," Sonar researcher Yaniv Nizry said in a write-up published earlier this week.

article thumbnail

With Wine 10 update, run your Windows app on Linux better than ever

Zero Day

The latest version of Wine features better graphics and videos. Gamers will be especially pleased.

93
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

AI in Cybersecurity: What's Effective and What’s Not – Insights from 200 Experts

The Hacker News

Curious about the buzz around AI in cybersecurity? Wonder if it's just a shiny new toy in the tech world or a serious game changer? Let's unpack this together in a not-to-be-missed webinar that goes beyond the hype to explore the real impact of AI on cybersecurity.

article thumbnail

How I changed my default apps in MacOS - and you can too, in seconds

Zero Day

It's so easy, you'll wonder why you didn't do it sooner.

90
article thumbnail

Password Management at Risk: Vaultwarden Vulnerabilities Expose Millions

Penetration Testing

A series of critical vulnerabilities have been discovered in Vaultwarden, a popular open-source alternative to the Bitwarden password The post Password Management at Risk: Vaultwarden Vulnerabilities Expose Millions appeared first on Cybersecurity News.

article thumbnail

I put GitHub Copilot's AI to the test - and it just might be terrible at writing code

Zero Day

It could have done better. But it also could have done worse.

90
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response

Trend Micro

The Managed XDR team investigated a sophisticated campaign distributing Lumma Stealer through GitHub, where attackers leveraged the platform's release infrastructure to deliver malware such as SectopRAT, Vidar, and Cobeacon.

Malware 87
article thumbnail

A popular airline just became the first to accept Venmo for payment

Zero Day

Paying for a group trip? Just Venmo the airline.

88
article thumbnail

WhatsApp Phishing Campaign Targets SBI Bank Users with Malicious App

Penetration Testing

Cybercriminals are once again exploiting social engineering tactics to trick unsuspecting users into installing malicious Android applications. A The post WhatsApp Phishing Campaign Targets SBI Bank Users with Malicious App appeared first on Cybersecurity News.

Banking 83
article thumbnail

The best PDF editors in 2025: Expert tested

Zero Day

PDF editors are crucial tools for businesses today and come in handy for consumers, too. We've rounded up the best PDF editors for various needs.

87
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

CVE-2024-12647 (CVSS 9.8): Canon Printers at Risk of Remote Code Execution

Penetration Testing

Canon has issued a critical security advisory warning customers of multiple buffer overflow vulnerabilities affecting its Laser Printers The post CVE-2024-12647 (CVSS 9.8): Canon Printers at Risk of Remote Code Execution appeared first on Cybersecurity News.

Risk 82
article thumbnail

The Pebble smartwatch is set to return with these major upgrades - and I can't wait

Zero Day

It's been a decade since Pebble watches were available, but the enthusiast community lives on, and its CEO plans to revive the hardware with Google's support.

83
article thumbnail

Aquabot variant v3 targets Mitel SIP phones

Security Affairs

A new variant of the Mirai-based botnet Aquabot targets vulnerable Mitel SIP phones to recruit them into a DDoS botnet. Akamai researchers spotted a new variant of the Mirai -based botnet Aquabot that is targeting vulnerable Mitel SIP phones. Aquabot is a Mirai-based botnet designed for DDoS attacks. Named after the Aqua filename, it was first reported in November 2023.

DDOS 67
article thumbnail

The best video doorbells of 2025: Expert tested

Zero Day

Whether you're looking for a video doorbell without a subscription or one to work seamlessly with your smart home setup, ZDNET tested the best video doorbells.

81
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

The Trial at the Tip of the Terrorgram Iceberg

WIRED Threat Level

Atomwaffen Division cofounder and alleged Terrorgram Collective member Brandon Russell is facing a potential life sentence for an alleged plot on a Baltimore electrical station. His case is only the beginning.

76
article thumbnail

T-Mobile customers can get a new Galaxy S25 series phone for free. How to qualify

Zero Day

Samsung just released its flagship line of Galaxy S25 smartphones, and you can already score big savings on several plans at T-Mobile.

Mobile 79
article thumbnail

ABB Advisory Warns of CVE-2024-48841: RCE Threat with CVSS 10.0 Severity

Penetration Testing

ABB has released a cybersecurity advisory addressing multiple critical vulnerabilities in its FLXeon controllers. These vulnerabilities, tracked as The post ABB Advisory Warns of CVE-2024-48841: RCE Threat with CVSS 10.0 Severity appeared first on Cybersecurity News.

article thumbnail

Should you buy an Echo Show 8? I tested the smart speaker and give it a resounding yes

Zero Day

Amazon's third-generation Echo Show features faster speeds and an ambient display to streamline your smart home experience.

79
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.