A naukri.com initiative
Hacking News
Guardian
7d
104
Image Credit: Guardian
Co-op cyber-attack: stock availability in stores ‘will not improve until weekend’
- Co-op stores continue to struggle with stock availability after a cyber-attack, recovery expected by the weekend.
- Shoppers facing empty shelves, especially in rural areas; Co-op working with suppliers to restock stores with essential items.
- Hackers accessed customer data from Co-op systems, no financial information compromised.
- M&S also affected by cyber-attack, facing possible significant fines and loss of sales; expected to claim up to £100m from cyber insurers.
Read Full Article
6 Likes
Hackingblogs
7d
12
Image Credit: Hackingblogs
MacOS Malware Alert: Python-Based Infostealer Bundled via PyInstaller
- Researchers at Jamf Threat Labs discovered a MacOS malware using PyInstaller to distribute infostealer malicious software meant to steal confidential data.
- The malware prompts users for their password through an AppleScript dialog and communicates with suspicious domains like 'connect' patterned sites.
- PyInstaller is a tool for converting Python scripts into standalone executables that include all necessary components without requiring Python installation.
- Static analysis revealed the ad-hoc signing, architecture support for Intel and Apple Silicon Macs, and the use of PyInstaller in the malware file.
- Dynamic analysis using Mac Monitor exposed malicious activities like password prompts, volume reduction, Python script unpacking, and private information gathering.
- The malware's capabilities include password theft, AppleScript execution, Keychain credential extraction, and cryptocurrency wallet information theft.
- Attackers are increasingly using PyInstaller to cloak malware, as evidenced by the growing prevalence of infostealers on MacOS.
- Indicators of Compromise (IOCs) for the MacOS malware include filenames like stl, stl-deobf.py, installer, and sosorry, along with contacted domains.
Read Full Article
Like
Securityaffairs
7d
4
Image Credit: Securityaffairs
Fortinet fixed actively exploited FortiVoice zero-day
- Fortinet has fixed a critical remote code execution zero-day vulnerability, CVE-2025-32756, actively exploited in attacks targeting FortiVoice enterprise phone systems.
- The vulnerability affects FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera, allowing remote unauthenticated attackers to execute arbitrary code via malicious HTTP requests.
- Threat actors exploiting the flaw scanned networks, erased crash logs, and deployed malware on compromised servers. They also added credential-stealing cron jobs and used scripts to scan victim networks.
- Fortinet recommends disabling the HTTP/HTTPS administrative interface as a workaround. The attackers were identified using several IP addresses and enabling the 'fcgi debugging' setting on compromised systems.
Read Full Article
Like
Idownloadblog
1w
358
Image Credit: Idownloadblog
Lars Fröder, developer of Dopamine jailbreak, shares full video presentation from Nullcon Goa 2025 in March
- Lars Fröder, developer of Dopamine jailbreak, shared his full video presentation from Nullcon Goa 2025 in March.
- The presentation discussed the state of jailbreaking in 2025, including details about Dopamine, TrollStore, and challenges in jailbreak development.
- Fröder highlighted the reasons why people jailbreak their devices today, explained how TrollStore works, and discussed the challenges faced in jailbreak development.
- Fröder expressed skepticism about the future of jailbreaking on modern iOS devices due to Apple's security measures, making it tough to develop exploits.
Read Full Article
21 Likes
Arstechnica
1w
121
Image Credit: Arstechnica
Google introduces Advanced Protection mode for its most at-risk Android users
- Google introduces Advanced Protection mode for Android to enhance security against attacks that infect devices, tap calls, and deliver scams.
- It will be rolled out in the upcoming release of Android 16 to help defend against mercenary malware and exploit sellers.
- The setting aims to combat attacks-as-a-service platforms that exploit zero-day vulnerabilities and capture sensitive information.
- Google recommends the Advanced Protection mode for high-risk users like journalists and elected officials.
Read Full Article
7 Likes
Securityaffairs
1w
401
Image Credit: Securityaffairs
How Interlock Ransomware Affects the Defense Industrial Base Supply Chain
- Interlock Ransomware attack on a defense contractor exposed global defense supply chain details, risking operations of top contractors and their clients.
- Interlock Ransomware uncovered supply chain details of top defense contractors globally, leading to potential exposure of classified information and interest from foreign intelligence agencies and espionage groups.
- Numerous documents related to global defense corporations were found in the leaked dataset released by Interlock Ransomware.
- Ransomware attacks on defense contractors can have profound implications for national security, operational efficiency, financial stability, trust, and brand reputation, highlighting the need for robust cybersecurity measures and CMMC implementation.
Read Full Article
24 Likes
Securityaffairs
1w
330
Image Credit: Securityaffairs
Marks and Spencer confirms data breach after April cyber attack
- Marks and Spencer confirms data breach after April cyber attack, where threat actors stole customer data.
- The cyber incident led to temporary changes in store operations and affected card payments, gift cards, and Click and Collect service.
- The stolen data includes customer contact details, birthdate, order history, and masked card details, but not full payment info.
- M&S recommends caution against phishing attempts, resetting passwords, and staying updated on security practices post-breach.
Read Full Article
19 Likes
Silicon
1w
317
Image Credit: Silicon
Marks & Spencer Warns Customers Over Data Theft
- Marks & Spencer informed online customers of data theft during a cyber-attack on 25 April.
- The stolen data included contact details, dates of birth, and online order history.
- No card details, payment information, or account passwords were compromised.
- Customers are advised to change passwords as a precaution, and M&S is working on resolving the issue.
Read Full Article
19 Likes
Hackingblogs
1w
410
Image Credit: Hackingblogs
VMware Tools CVE-2025-22247 Vulnerability Lets Hackers Tamper with Virtual Machines: Patch Now
- VMware Tools CVE-2025-22247 Vulnerability affects VMware Tools software, allowing hackers to tamper with files inside guest VMs.
- The vulnerability impacts Windows and Linux virtual machines, but not macOS computers.
- The issue arises from the way VMware Tools processes local files within guest virtual machines.
- A patch (VMware Tools version 12.5.2) is available to address the vulnerability and organizations using VMware-based servers are advised to apply it for protection.
Read Full Article
24 Likes
Securityaffairs
1w
41
Image Credit: Securityaffairs
Moldovan Police arrested a 45-year-old foreign man participating in ransomware attacks on Dutch companies
- A 45-year-old foreign man was arrested in Moldova for participating in ransomware attacks on Dutch companies in 2021.
- The arrest was a result of a joint international operation involving Moldovan and Dutch authorities, with the suspect wanted for cybercrimes including ransomware attacks and money laundering.
- The suspect was linked to a ransomware attack on the Netherlands Organization for Scientific Research, resulting in €4.5 million in damages, attributed to the DoppelPaymer ransomware operation.
- In a related development, Europol announced an international operation targeting key members of the DoppelPaymer ransomware group in March 2023.
Read Full Article
2 Likes
Securityaffairs
1w
71
Image Credit: Securityaffairs
APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq
- A Türkiye-linked group, Marbled Dust, exploited a zero-day vulnerability in Output Messenger (CVE-2025-27920) to spy on Kurdish military targets in Iraq since April 2024.
- Marbled Dust, active since 2017, primarily targets organizations in Europe and the Middle East, with a history of using DNS hijacking in campaigns.
- The group targeted various entities, including government entities, Kurdish political groups, telecommunication, ISPs, NGO, and Media & Entertainment sectors.
- The exploit allowed the group to upload malicious files, gain access to user communications, steal data, compromise credentials, and deploy backdoors for exfiltration.
Read Full Article
4 Likes
Securelist
1w
29
Image Credit: Securelist
Using a Mythic agent to optimize penetration testing
- Researchers are using post-exploitation frameworks like Mythic to enhance penetration testing practices to stay ahead of threat actors.
- A proactive approach in learning new technologies and techniques employed by threat actors is crucial for security professionals.
- Kaspersky emphasizes detecting tools and techniques used by threat actors in real-world attacks for enhanced security.
- Behavioral analysis, exploit prevention, and fileless threats protection are integral in countering sophisticated attacks.
- Layered security solutions like EDR, NDR, and XDR are essential for quick detection and response to potential threats.
- Pentesters face challenges due to the detectability of popular tools by security solutions.
- Open-source pentesting frameworks like Sliver and Havoc have limitations in payload size and stability.
- Balancing in-house solutions and open-source tools is crucial for effective pentesting.
- Pentesting payloads are divided into modules to manage execution and maintain covert communications.
- The Stage 1 module of the pentesting payload requires dynamic functionality, minimal system traces, and compliance with OPSEC principles.
Read Full Article
1 Like
TechDigest
1w
255
Image Credit: TechDigest
M&S admits customer data was stolen in cyber attack
- Marks & Spencer has confirmed a cyber attack resulted in stolen customer data and disruptions to their operations.
- The incident affected customers' personal information, prompting password resets, but no payment details were compromised.
- The cyber attack led to online order halts, empty shelves, and a drop in M&S's share price.
- M&S is taking measures to investigate the breach, improve security, and recover from the incident that impacted its supply chain.
Read Full Article
15 Likes
Securityaffairs
1w
37
Image Credit: Securityaffairs
Apple released security updates to fix multiple flaws in iOS and macOS
- Apple released urgent security updates for iOS and macOS to fix critical vulnerabilities that could be exploited by attackers.
- The updates address flaws in AppleJPEG, CoreMedia, ImageIO, and WebKit components that could lead to memory corruption or unexpected crashes.
- iOS 18.5 update resolved multiple critical flaws, including file-parsing issues in CoreAudio, CoreGraphics, and ImageIO.
- Updates for macOS and other Apple devices were also released to address vulnerabilities in various components like mDNSResponder, Notes, FrontBoard, iCloud Document Sharing, and Mail Addressing.
Read Full Article
2 Likes
Securityaffairs
1w
67
Image Credit: Securityaffairs
Researchers found one-click RCE in ASUS’s pre-installed software DriverHub
- Two vulnerabilities were found in DriverHub, pre-installed on Asus motherboards, allowing remote code execution via crafted HTTP requests.
- The vulnerabilities, CVE-2025-3462 and CVE-2025-3463, were discovered by security researcher 'MrBruh' and could be exploited by a remote attacker to gain arbitrary code execution.
- The flaws in DriverHub stem from insufficient validation, enabling misuse of features such as accepting requests from unauthorized domains.
- Asus released security updates on May 9 in response to MrBruh's report, as the researcher highlighted the potential for remote code execution through the flawed DriverHub.
Read Full Article
4 Likes
For uninterrupted reading, download the app