Swedish Truck Giant Scania Investigating Hack
A hacker is selling allegedly valuable data stolen from Scania, but the truck maker believes impact is very limited. The post Swedish Truck Giant Scania Investigating Hack appeared first on SecurityWeek.
Meta Adds Passkey Login Support to Facebook for Android and iOS Users
Meta Platforms on Wednesday announced that it’s adding support for passkeys, the next-generation password standard, on Facebook. “Passkeys are a new way to verify your identity and login to your account that’s easier and more secure than traditional passwords,” the tech giant said in a post. Support for passkeys isRead More »Meta Adds Passkey Login Support to Facebook for Android and iOS Users
New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions
Cybersecurity researchers have uncovered two local privilege escalation (LPE) flaws that could be exploited to gain root privileges on machines running major Linux distributions. The vulnerabilities, discovered by Qualys, are listed below – CVE-2025-6018 – LPE from unprivileged to allow_active in SUSE 15’s Pluggable Authentication Modules (PAM) CVE-2025-6019 – LPERead More »New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions
An Investigation of AWS Credential Exposure via Overprivileged Containers
Overprivileged or misconfigured containers in Amazon EKS can expose sensitive AWS credentials to threats like packet sniffing and API spoofing, highlighting the need for least privilege and proactive security to detect and reduce these risks.
Russian Hackers Bypass Gmail MFA with App Specific Password Ruse
Russian hackers posed as US State Department staff and convinced targets to generate and give up Google app-specific passwords. The post Russian Hackers Bypass Gmail MFA with App Specific Password Ruse appeared first on SecurityWeek.
Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection
Misconfigured permissions in Google’s Gerrit code collaboration platform could have led to the compromise of ChromiumOS and other Google projects. The post Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection appeared first on SecurityWeek.
New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains
A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments embedded in phishing emails. The ongoing campaign has been codenamed SERPENTINE#CLOUD by Securonix. It leverages “the Cloudflare Tunnel infrastructure and Python-based loaders to deliver memory-injected payloads through a chain ofRead More »New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains
Ghostwriting Scam
The variations seem to be endless. Here’s a fake ghostwriting scam that seems to be making boatloads of money. This is a big story about scams being run from Texas and Pakistan estimated to run into tens if not hundreds of millions of dollars, viciously defrauding Americans with false hopesRead More »Ghostwriting Scam
1,500+ Minecraft Players Infected by Java Malware Masquerading as Game Mods on GitHub
A new multi-stage malware campaign is targeting Minecraft users with a Java-based malware that employs a distribution-as-service (DaaS) offering called Stargazers Ghost Network. “The campaigns resulted in a multi-stage attack chain targeting Minecraft users specifically,” Check Point researchers Jaromír Hořejší and Antonis Terefos said in a report shared with TheRead More »1,500+ Minecraft Players Infected by Java Malware Masquerading as Game Mods on GitHub
Critical Vulnerability Patched in Citrix NetScaler
Citrix has released patches for critical- and high-severity vulnerabilities in NetScaler and Secure Access Client and Workspace for Windows. The post Critical Vulnerability Patched in Citrix NetScaler appeared first on SecurityWeek.