Category: SecurityNews
-
MacSync Stealer Malware Targets macOS Users Through Digitally Signed Apps
Jamf Threat Labs has uncovered a new MacSync Stealer campaign that significantly raises the bar for macOS malware delivery by abusing Apple’s own trust mechanisms. The latest variant is delivered as a fully code”‘signed and notarized Swift application, allowing it to masquerade as legitimate software while executing a stealthy, multi”‘stage infostealing routine in the background.…
-
Fake VPN Chrome Extensions Steal Credentials by Intercepting User Traffic
Socket’s Threat Research Team has exposed a sophisticated credential-harvesting campaign that has operated through malicious Chrome extensions since 2017. Two variants of an extension named Phantom Shuttle (幻影穿æ¢), published under the threat actor email theknewone.com@gmail.com, have compromised over 2,180 users by masquerading as legitimate network testing tools while executing complete traffic interception and credential theft. The extensions market…
-
PoC Exploit Released for Critical n8n RCE Vulnerability
Security researchers have confirmed the release of proof-of-concept (PoC) exploit code for CVE-2025-68613, a critical remote code execution flaw affecting n8n workflow automation platform. The vulnerability carries a maximum CVSS score of 10.0 and impacts versions from v0.211.0 through v1.120.3. n8n is widely deployed in enterprise environments where it automates critical workflows and integrates with…
-
How to confidently manage secrets in an AI-driven environment
Why Is Non-Human Identity Management Crucial in AI-Driven Environments? How do organizations ensure confident security for their AI-driven systems? With the surge in AI applications and cloud-based solutions, Non-Human Identities (NHIs) have become vital to maintaining secure operations. The task of managing secrets within these environments presents a complex challenge, but it also offers substantial……
-
How does NHIDR foster innovation in data security
How Are Non-Human Identities Transforming Data Security? What if the key to revolutionizing data security lies in machine identities rather than human vigilance? Non-Human Identities (NHIs) are reshaping cybersecurity by addressing the disconnect between security and R&D teams. More than just a technological concept, NHIs bring innovative approaches to a field that is increasingly turning……
-
Malicious NPM Package Hits 56K Downloads, Steals WhatsApp Messages
A sophisticated malware campaign has compromised the npm registry through a malicious package that perfectly mimics legitimate WhatsApp API functionality while silently exfiltrating authentication credentials, messages, contacts, and media files from unsuspecting developers. The lotusbail package, addressed over 56,000 times during its six-month presence on npm, represents a dangerous evolution in supply chain attacks where…
-
What tools empower secure AI operation
How Essential is Non-Human Identity Management in Today’s Cybersecurity Landscape? Non-Human Identities (NHIs) are increasingly becoming pivotal. How effectively are organizations managing these machine identities to ensure secure AI operation? This question echoes in the boardrooms of financial services, healthcare, travel industries, and many more. The management of NHIs and their secrets is a linchpin……
-
Ransomware Attack Hits Romanian Waters Authority, Compromising 1,000+ IT Systems
Romania’s critical water infrastructure faced a significant cyber threat when the National Administration >>Romanian Waters
-
What tools empower secure AI operation
How Essential is Non-Human Identity Management in Today’s Cybersecurity Landscape? Non-Human Identities (NHIs) are increasingly becoming pivotal. How effectively are organizations managing these machine identities to ensure secure AI operation? This question echoes in the boardrooms of financial services, healthcare, travel industries, and many more. The management of NHIs and their secrets is a linchpin……
-
Top Ransomware Trends of 2025
Tags: ransomwareInfosecurity has selected some of the key ransomware statistics for 2025 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/top-ransomware-trends-of-2025/
-
Can cyber attacks impact machine identities effectively
Are Your Machine Identities Safe from Cyber Attacks? Where digital footprints are rapidly expanding, the role of machine identities in cybersecurity has become increasingly significant. Machine identities, also known as non-human identities (NHIs), are essential to maintaining security across various systems and networks. These identities, however, are not immune to cyber attacks, leaving organizations vulnerable……
-
2026: Bringing Cyber Resiliency to Organizations
4 Surprising Truths from Verizon’s 2025 Data Breach Report That Change Everything The annual release of the Verizon Data Breach Investigations Report (DBIR) is a major event in the cybersecurity calendar. For security professionals and business leaders, it’s the definitive source for understanding the threat landscape, packed with data-driven insights compiled from thousands of real-world incidents. Each year, it……
-
WhatsApp API worked exactly as promised, and stole everything
Tags: access, api, attack, backdoor, encryption, endpoint, github, malicious, malware, metric, monitoring, supply-chain, threat, tool, updateBackdoor sticks around even after package removal: Koi said the most significant component of the attack was its persistence. WhatsApp allows users to link multiple devices to a single account through a pairing process involving an 8-character code. The malicious lotusbail package hijacked this mechanism by embedding a hardcoded pairing code that effectively added the…
-
How to determine if agentic AI browsers are safe enough for your enterprise
Automation is transforming web browsing, enabling AI agents to perform tasks once handled by humans. Yet with greater convenience comes a complex security landscape that enterprises can’t afford to ignore. First seen on cyberscoop.com Jump to article: cyberscoop.com/agentic-ai-browsers-security-enterprise-risk/
-
Passwd: A walkthrough of the Google Workspace Password Manager
Passwd is designed specifically for organizations operating within Google Workspace. Rather than competing as a general consumer password manager, its purpose is narrow, and business-focused: secure credential storage, controlled sharing, and seamless Workspace integration. The platform emphasizes practicality over feature overload, aiming to provide a reliable system for teams that already rely First seen on…
-
INTERPOL Arrests 574 in Africa; Ukrainian Ransomware Affiliate Pleads Guilty
A law enforcement operation coordinated by INTERPOL has led to the recovery of $3 million and the arrest of 574 suspects by authorities from 19 countries, amidst a continued crackdown on cybercrime networks in Africa.The coordinated effort, named Operation Sentinel, took place between October 27 and November 27, 2025, and mainly focused on business email…
-
Forscher warnen: Kritische n8n-Lücke betrifft über 17.000 deutsche Server
Eine Sicherheitslücke lässt Angreifer n8n-Instanzen kapern und Schadcode einschleusen. Besonders viele anfällige Systeme gibt es in Deutschland. First seen on golem.de Jump to article: www.golem.de/news/forscher-warnen-kritische-n8n-luecke-betrifft-ueber-17-000-deutsche-server-2512-203557.html
-
Italy fines Apple $116 million over App Store privacy policy issues
Italy’s competition authority (AGCM) has fined Apple Euro98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/italy-fines-apple-116-million-over-app-store-tracking-privacy-practices/
-
Italy fines Apple $116 million over App Store privacy policy issues
Italy’s competition authority (AGCM) has fined Apple Euro98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/italy-fines-apple-116-million-over-app-store-tracking-privacy-practices/
-
Italy fines Apple $116 million over App Store privacy policy issues
Italy’s competition authority (AGCM) has fined Apple Euro98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/italy-fines-apple-116-million-over-app-store-tracking-privacy-practices/
-
Nissan: Thousands Impacted By Red Hat Breach
Nissan has revealed that over 20,000 customers have had personal information compromised in a third-party data breach First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nissan-thousands-impacted-by-red/
-
Das Internet im Würgegriff – Network Blocking: Wie Netzsperren das Web kaputtmachen
First seen on security-insider.de Jump to article: www.security-insider.de/network-blocking-wie-netzsperren-das-web-kaputtmachen-a-b4aec351dde7fbe6764db786f792dbdd/
-
Japan Adopts New Cybersecurity Strategy to Counter Rising Cyber Threats
The Japanese government has formally adopted a new cybersecurity strategy that will guide national policy over the next five years. The decision was approved at a cabinet meeting on Tuesday and aims at strengthening Japanese cybersecurity coordination across civilian, law enforcement, and defense institutions. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/japan-cybersecurity-strategy-five-year-plan/
-
Why Third-Party Access Remains the Weak Link in Supply Chain Security
Attackers exploited a supply chain weakness, abusing trusted components to compromise systems and spread malicious activity across connected targets. Your next breach probably won’t start inside your network”, it will start with someone you trust. Every supplier, contractor, and service provider needs access to your systems to keep business running, yet each login is a…
-
Pirate Group Anna’s Archive Copies 256M Spotify Songs in Data Scrape
Spotify has confirmed a massive unauthorised data scrape involving 256 million track records and 86 million audio files. Learn how “Anna’s Archive” bypassed security, and why experts warn against downloading the leaked files. First seen on hackread.com Jump to article: hackread.com/annas-archive-pirate-spotify-songs-data-scrape/
-
Top 10 ANZ stories of 2025
The 2025 tech landscape in Australia and New Zealand was dotted with major data breaches even as organisations continue to press on with their digital transformation efforts in areas such as AI and automation First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366636080/Top-10-ANZ-stories-of-2025
-
Top 10 ANZ stories of 2025
The 2025 tech landscape in Australia and New Zealand was dotted with major data breaches even as organisations continue to press on with their digital transformation efforts in areas such as AI and automation First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366636080/Top-10-ANZ-stories-of-2025