In our previous article we dissected penetration testing techniques for IBM z/OS mainframes protected by the Resource Access Control Facility (RACF) security package. In this second part of our research, we delve deeper into RACF by examining its decision-making logic, database structure, and the interactions between the various entities inRead More »Approach to mainframe penetration testing on z/OS. Deep dive into RACF
Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia. The activity, per cybersecurity vendor Kaspersky, has been active since July 2024. “The targeted attack begins with bait emails containing malicious links, sent under the pretext of signing a contract,”Read More »Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is as follows – CVE-2014-3931 (CVSS score: 9.8) – A buffer overflow vulnerability in Multi-Router Looking GlassRead More »CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation
CVE-2025-6554 and three other Chromium vulnerabilities could allow attackers to execute code and corrupt memory remotely. The post Grafana Patches Chromium Bugs, Including Zero-Day Exploited in the Wild appeared first on SecurityWeek.
Cybersecurity researchers have disclosed a malicious campaign that leverages search engine optimization (SEO) poisoning techniques to deliver a known malware loader called Oyster (aka Broomstick or CleanUpLoader). The malvertising activity, per Arctic Wolf, promotes fake websites hosting trojanized versions of legitimate tools like PuTTY and WinSCP, aiming to trick softwareRead More »SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools
The notorious Hive successor ceases ransomware operations but pivots to pure data extortion under the new World Leaks brand. The post Hunters International Shuts Down, Offers Free Decryptors as It Morphs Into World Leaks appeared first on SecurityWeek.
The IT products and services giant did not say how the intrusion occurred or whether any data was stolen from its systems. The post Ingram Micro Scrambling to Restore Systems After Ransomware Attack appeared first on SecurityWeek.
Everything feels secure—until one small thing slips through. Even strong systems can break if a simple check is missed or a trusted tool is misused. Most threats don’t start with alarms—they sneak in through the little things we overlook. A tiny bug, a reused password, a quiet connection—that’s all itRead More »⚡ Weekly Recap: Chrome 0-Day, Ivanti Exploits, MacOS Stealers, Crypto Heists and More
Academic papers were found to contain hidden instructions to LLMs: It discovered such prompts in 17 articles, whose lead authors are affiliated with 14 institutions including Japan’s Waseda University, South Korea’s KAIST, China’s Peking University and the National University of Singapore, as well as the University of Washington and ColumbiaRead More »Hiding Prompt Injections in Academic Papers
If you didn’t hear about Iranian hackers breaching US water facilities, it’s because they only managed to control a single pressure station serving 7,000 people. What made this attack noteworthy wasn’t its scale, but how easily the hackers gained access — by simply using the manufacturer’s default password “1111.” This narrowRead More »Manufacturing Security: Why Default Passwords Must Go
