infosecintel – Page 87 – Curated Information Security Articles and Threat Intelligence News

New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus

September 24, 2025

Cybersecurity researchers have disclosed details of a new malware family dubbed YiBackdoor that has been found to share “significant” source code overlaps with IcedID and Latrodectus. “The exact connection to YiBackdoor is not yet clear, but it may be used in conjunction with Latrodectus and IcedID during attacks,” Zscaler ThreatLabzRead More »New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus

US Disrupts Massive Cell Phone Array in New York

September 24, 2025

This is a weird story: The US Secret Service disrupted a network of telecommunications devices that could have shut down cellular systems as leaders gather for the United Nations General Assembly in New York City. The agency said on Tuesday that last month it found more than 300 SIM serversRead More »US Disrupts Massive Cell Phone Array in New York

iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks

September 24, 2025

Think payment iframes are secure by design? Think again. Sophisticated attackers have quietly evolved malicious overlay techniques to exploit checkout pages and steal credit card data by bypassing the very security policies designed to stop them. Download the complete iframe security guide here. TL;DR: iframe Security Exposed Payment iframes areRead More »iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks

GitHub Boosting Security in Response to NPM Supply Chain Attacks

September 24, 2025

GitHub will implement local publishing with mandatory 2FA, granular tokens that expire after seven days, and trusted publishing. The post GitHub Boosting Security in Response to NPM Supply Chain Attacks appeared first on SecurityWeek.

Record-Breaking DDoS Attack Peaks at 22 Tbps and 10 Bpps

September 24, 2025

The attack was aimed at a European network infrastructure company and it has been linked to the Aisuru botnet. The post Record-Breaking DDoS Attack Peaks at 22 Tbps and 10 Bpps appeared first on SecurityWeek.

SonicWall Updates SMA 100 Appliances to Remove Overstep Malware

September 24, 2025

The software update includes additional file checks and helps users remove the known rootkit deployed in a recent campaign. The post SonicWall Updates SMA 100 Appliances to Remove Overstep Malware appeared first on SecurityWeek.

Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers

September 24, 2025

Tracked as CVE-2025-59689, the command injection bug could be triggered via malicious emails containing crafted compressed attachments. The post Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers appeared first on SecurityWeek.

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

September 24, 2025

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services (AWS) Instance Metadata Service (IMDS). The vulnerability in question is CVE-2025-51591 (CVSS score: 6.5), which refers to a caseRead More »Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability

September 24, 2025

Libraesva has released a security update to address a vulnerability in its Email Security Gateway (ESG) solution that it said has been exploited by state-sponsored threat actors. The vulnerability, tracked as CVE-2025-59689, carries a CVSS score of 6.1, indicating medium severity. “Libraesva ESG is affected by a command injection flawRead More »State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability

Jaguar Land Rover Says Shutdown Will Continue Until at Least Oct 1 After Cyberattack

September 23, 2025

JLR extended the pause in production “to give clarity for the coming week as we build the timeline for the phased restart of our operations and continue our investigation.” The post Jaguar Land Rover Says Shutdown Will Continue Until at Least Oct 1 After Cyberattack appeared first on SecurityWeek.

« Previous
1
…
85
86
87
88
89
…
297
Next »