Security Affairs

APRIL 23, 2025

“Alpine Quest is topographic software that allows different maps to be used both in online and offline mode. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Android spyware) ” reads the report published by Doctor Web.

Spyware 80

Spyware Software Malware Hacking 80

Security Affairs

FEBRUARY 25, 2025

Russia’s NKTsKI warns financial sector organizations about a breach at major Russian IT service and software provider LANIT. According to the security breach notification published by GosSOPKA, the attack occurred on February 21, 2025. ” reads the security breach notification published by GosSOPKA. ” said U.S.

Telecommunications 99

Telecommunications Software Technology Healthcare 99

Security Affairs

JANUARY 28, 2025

Threat actors exploit recently fixed SimpleHelp RMM software vulnerabilities to breach targeted networks, experts warn. “On 22 January 2025, Arctic Wolf began observing a campaign involving unauthorised access to devices running SimpleHelp RMM software as an initial access vector. ” reads the report published by Artic Wolf.

Software 67

Software Passwords Accountability Encryption 67

Security Affairs

OCTOBER 22, 2024

VMware addressed a remote code execution flaw, demonstrated in a Chinese hacking contest, for the second time in two months. In September, Broadcom released security updates to the vulnerability CVE-2024-38812. vCenter Server is a critical component in VMware virtualization and cloud computing software suite.

Hacking 139

Hacking Government Software Information Security 139

Security Affairs

NOVEMBER 15, 2024

“Ilya Lichtenstein was sentenced today to five years in prison for his involvement in a money laundering conspiracy arising from the hack and theft of approximately 120,000 bitcoin from Bitfinex, a global cryptocurrency exchange.” Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex.

Cryptocurrency 104

Cryptocurrency Hacking Government Accountability 104

Security Affairs

OCTOBER 11, 2024

.” The Internet Archive is an American nonprofit digital library website that provides free access to collections of digitized materials including websites, software applications, music, audiovisual, and print materials. Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked.

Data breaches 119

Data breaches Internet Internet DDOS 119

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. from fake websites (phishing sites) disguised as websites of real securities companies.” Keeping devices updated and using reliable antivirus software also helps prevent malware-related data theft.

Financial Services 117

Financial Services Passwords Accountability Antivirus 117

Security Affairs

MARCH 30, 2025

This week, Cl0p ransomware group listed Sams Club among the victims of its December Cleo software exploit , accusing it of ignoring security. “We are aware of reports regarding a potential security incident and are actively investigating the matter,” a company spokesperson told BleepingComputer.

Ransomware 113

Ransomware Data breaches Software Hacking 113

Security Affairs

DECEMBER 3, 2024

The vulnerability resides in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software, an unauthenticated, remote attacker could exploit the flaw to conduct a cross-site scripting (XSS) attack against a user of WebVPN on the Cisco ASA. ” reads the advisory.

Software 117

Software Hacking Information Security 117

Security Affairs

DECEMBER 3, 2024

According to rumors, the Polish special services are using surveillance software to spy on government opponents. The news of the hack was reported by the Gazeta Wyborcza daily, and unfortunately, it isn’t the first time that the Pegasus spyware was used in the country.

Spyware 116

Spyware Government Surveillance Hacking 116

Security Affairs

OCTOBER 29, 2024

The two infostealers allowed operators to harvest usernames, passwords, contact info, and crypto-wallets from victims, the threat actors sold this data to criminals for financial theft and hacking. Update software : Keep your operating system, security software, and firewall up to date to patch vulnerabilities.

Identity Theft 122

Identity Theft Passwords Malware Banking 122

Security Affairs

APRIL 26, 2025

Security footage reportedly shows the man attempting to access multiple offices before installing malicious software designed to capture screenshots every 20 minutes and transmit them to an external IP address. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, malware )

Malware 145

Malware Cybersecurity Healthcare Media 145

Security Affairs

JANUARY 22, 2025

A vulnerability in the 7-Zip file software allows attackers to bypass the Mark of the Web (MotW) Windows security feature. Attackers can exploit a vulnerability, tracked as CVE-2025-0411 , in the free, open-source file archiver software 7-Zip to bypass the Mark of the Web (MotW) Windows security feature.

Software 123

Software Internet Internet Hacking 123

Security Affairs

APRIL 1, 2025

Threat actors are exploiting a critical authentication bypass vulnerability, tracked as CVE-2025-2825 , in the CrushFTP file transfer software. The file transfer software maker CrushFTP urge customers to take immediate action to address the vulnerability. The vulnerability impacts CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0,

Authentication 115

Authentication Software Ransomware Hacking 115

Security Affairs

OCTOBER 23, 2024

The SEC fined Unisys, Avaya, Check Point, and Mimecast for misleading disclosures about the impact of the SolarWinds Orion hack. The US Securities and Exchange Commission (SEC) charged four companies, Unisys, Avaya, Check Point, and Mimecast for misleading public disclosures related to the supply chain attack on SolarWinds.

Hacking 112

Hacking Risk Cybersecurity Government 112

Security Affairs

APRIL 25, 2025

The campaign has been active since at least November 2024, Lazarus Group is targeting South Korean organizations using watering hole tactics and exploiting software vulnerabilities. The attackers used multiple hacking tools and malware, including ThreatNeedle , Agamemnon downloader, wAgent , SIGNBT, and COPPERHEDGE.

Malware 91

Malware Software Encryption Hacking 91

Security Affairs

FEBRUARY 20, 2025

Cloud Software Group recommends configuring external authentication for NetScaler Console as a best practice.” ” Cloud Software Group addressed the flaw with the release of the following versions: NetScaler Console 14.1-38.53 ” reads the advisory published by Netscaler. and later releases NetScaler Console 13.1-56.18

Authentication 116

Authentication Software Hacking Information Security 116

Security Affairs

OCTOBER 19, 2024

The most severe flaw included in the September 2024 security bulletin is the critical, remote code execution (RCE) vulnerability CVE-2024-40711 (CVSS v3.1 Veeam Backup & Replication is a comprehensive data protection and disaster recovery software developed by Veeam. Some of these VPNs were running unsupported software versions.”

Backups 127

Backups VPN Ransomware Authentication 127

Security Affairs

APRIL 8, 2025

Security flaws in the platform have previously been leveraged in real incidents, allowing attackers to infiltrate systems, harvest confidential details, or deploy harmful software. The hacking campaign targeted 90 users and was disrupted in December, WhatsApp immediately alerted targeted users of a possible compromise of their devices.

Spyware 113

Spyware Media Surveillance Hacking 113

Krebs on Security

APRIL 20, 2023

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. “This is the first time Mandiant has seen a software supply chain attack lead to another software supply chain attack,” reads the April 20 Mandiant report.

Malware 326

Malware Software Technology Accountability 326

Security Affairs

OCTOBER 21, 2024

It provides a range of development resources, including SDKs (Software Development Kits), documentation, sample code, and learning materials for networking, security, and cloud infrastructure. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, data breach)

Cybercrime 129

Cybercrime Data breaches Technology Banking 129

Security Affairs

JANUARY 21, 2025

The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyber scams involving threat actors impersonating the agency by sending fraudulent AnyDesk connection requests under the guise of security audits. CERT-UA pointed out that it uses the software AnyDesk in some cases, but only with prior approval via official channels.

Social Engineering 108

Social Engineering Scams Engineering Software 108

Security Affairs

AUGUST 29, 2024

Cisco addressed multiple vulnerabilities impacting NX-OS software, including a high-severity flaw in the DHCPv6 relay agent. Cisco released security updates for NX-OS software that address multiple vulnerabilities. The most severe of the vulnerabilities fixed by the IT giant is a high-severity issue tracked as CVE-2024-20446.

Software 123

Software Hacking Risk Information Security 123

Security Affairs

DECEMBER 23, 2024

Court documents state that on October 29, 2019, plaintiffs filed this lawsuit, alleging that the defendants used WhatsApp to target approximately 1,400 mobile phones and devices to infect them with the surveillance software. said Gil Lanier, vice president of global communications for the Israeli firm.

Spyware 107

Spyware Surveillance Software Hacking 107

Security Affairs

DECEMBER 27, 2024

Palo Alto Networks addressed a high-severity flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), in PAN-OS software that could cause a denial-of-service (DoS) condition. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,PAN-OS) ” reads the advisory.

DNS 111

DNS Firewall Spyware Software 111

Security Affairs

APRIL 6, 2025

The hacker has published 10,000 customer records, a file showing Oracle Cloud access, user credentials, and an internal video as proof of the hack. The incident has raised serious concerns about the security of Oracles cloud infrastructure and the potential implications for affected customers. . “Oracle Corp.

Data breaches 123

Data breaches Encryption Hacking Passwords 123

Security Affairs

OCTOBER 11, 2024

Rather than using advanced hacking techniques, they exploited systems with default credentials to compromise target networks. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, OpenAI)

Malware 134

Malware Social Engineering Engineering Hacking 134

Security Affairs

MARCH 24, 2025

The FBI Denver Field Office advises staying cautious online, being aware of potential risks, and keeping antivirus software updated to scan files before opening them. If users fall victim to this scam, immediately contact their financial institutions, secure their accounts, and change all passwords using a trusted device.

Malware 114

Malware Scams Identity Theft Antivirus 114

Security Affairs

MARCH 4, 2024

The Main Intelligence Directorate (GUR) of Ukraine’s Ministry of Defense claims that it hacked the Russian Ministry of Defense. software used by the Russian Ministry of Defense to encrypt and protect its data. software used by the Russian Ministry of Defense to encrypt and protect its data.

Hacking 139

Hacking Data breaches Encryption Government 139

Security Affairs

JANUARY 21, 2025

The experts used a diagnostic software to analyze the vehicle architecture, scan the Electronic Control Unit (ECU), identify its version, and test diagnostic functions. The research combined hardware interfaces and software to communicate with the vehicle via Diagnostic Over Internet Protocol (DoIP).

Software 130

Software Architecture Media Engineering 130

Security Affairs

APRIL 29, 2025

“This jumped to 44% in 2024, primarily fueled by the increased exploitation of security and networking software and appliances.” ” In 2024, over 60% of zero-day exploits targeting enterprise tech hit security and networking tools, offering attackers efficient access to systems and networks.

Surveillance 107

Surveillance Mobile Software Hacking 107

Security Affairs

SEPTEMBER 29, 2024

Progress Software addresses six new security vulnerabilities affecting its WhatsUp Gold, two of them are rated as critical severity. Progress Software has addressed six new security vulnerabilities in its IT infrastructure monitoring product WhatsUp Gold.

Software 120

Software Encryption Passwords Hacking 120

Security Affairs

FEBRUARY 13, 2025

A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. Broadcom researchers reported that threat actors behind an RA World ransomware attack against an Asian software and services firm employed a tool that was explosively associated in the past with China-linked APT groups.

Ransomware 116

Ransomware Software Cybercrime Encryption 116

Security Affairs

APRIL 2, 2025

The Triada Trojan makes use of the Zygote parent process to implement its code in the context of all software on the device, this means that the threat is able to run in each application. The experts who investigated the issue discovered that a software developer from Shanghai was responsible for the infection.

Malware 118

Malware Cryptocurrency Mobile Firmware 118

Security Affairs

FEBRUARY 13, 2025

. “The builds containing the suspected malware have been removed from Steam, but we strongly encourage you to run a full-system scan using an anti-virus product that you trust or use regularly, and inspect your system for unexpected or newly installed software. Valve have removed the game two days ago.

Malware 107

Malware Antivirus Accountability Software 107

Security Affairs

JANUARY 28, 2025

.” VMware Avi Load Balancer, formerly known as Avi Vantage, is a next-generation application delivery controller (ADC) that provides advanced load balancing, application analytics, and security for modern multi-cloud environments. with security patches now available. The vulnerability affects Avi Load Balancer versions 30.1.1,

Risk 115

Risk Hacking Software Information Security 115

Security Affairs

JANUARY 17, 2025

ESET disclosed details of a now-patched vulnerability, tracked as CVE-2024-7344 (CVSS score: 6.7), that could allow a bypass of the Secure Boot mechanism in UEFI systems. The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware. SANFONG Inc.,

Firmware 106

Firmware Technology Software Manufacturing 106