Google ukrywało szpiegowski oprogramowanie na własnych serwerach!
Google opóźniało zamknięcie operacji szpiegowskiej Catwatchful, która hostowała tajne oprogramowanie na własnych serwerach, monitorując tysiące telefonów. W międzyczasie na cyberprzestępczym forum Leak Zone wyciekły dane użytkowników, a firmy alarmują o rosnącej liczbie ataków łańcuchowych na open-source’owe pakiety. Nowe kampanie phishingowe i cyberespionage prowadzone przez grupy takie jak Patchwork czy Fire Ant ukazują skalę zagrożeń w globalnej cyberprzestrzeni, obejmując zarówno Turcję, Rosję, jak i Koreę Północną. Równocześnie badania wykazują, że AI wspomaga rozwój coraz bardziej wyrafinowanego malware, takiego jak Koske, które potrafi ukrywać się nawet w popularnych obrazach, czy CastleLoader rozprzestrzeniający się przez fałszywe repozytoria na GitHub. Eksperci alarmują także o lukach w infrastrukturalnych systemach bezpieczeństwa, takich jak niedawne krytyczne błędy w Mitel i SonicWall, które mogą pozwalać atakującym na pełny dostęp do krytycznych systemów komunikacyjnych i chmur.
Google zajęło miesiąc, aby zamknąć operację szpiegowskiego oprogramowania Catwatchful, które było hostowane na jego serwerach Google zawiesiło konto Firebase firmy Catwatchful po śledztwie TechCrunch. Operacja szpiegowska została złapana na korzystaniu z własnych serwerów Google do hostowania i uruchamiania aplikacji do nadzoru, która potajemnie monitorowała telefony tysięcy ludzi.
Forum cyberprzestępczości Leak Zone publicznie ujawniło adresy IP swoich użytkowników Ekskluzywnie: popularne forum „wycieków i łamania zabezpieczeń” pozostawiło jedną ze swoich baz danych dostępnych w internecie bez hasła, ujawniając adresy IP logujących się użytkowników.
AI i fałszywe raporty nadchodzą do twoich programów bug bounty „Otrzymujemy dużo materiału, który wygląda jak złoto, ale w rzeczywistości jest tylko szajsem,” powiedział założyciel jednej firmy zajmującej się testami bezpieczeństwa. Raporty o lukach generowane przez AI już wpływają na poszukiwania błędów, na lepsze i gorsze.
Ataki łańcuchów dostaw na oprogramowanie open source wymykają się spod kontroli
Ataki dotknęły pakietów, w tym jednego z około 2,8 miliona pobrań tygodniowo.
Hakerzy—masz nadzieję na defekt do Rosji? Nie Google „defecting to Russia.”
Kryminaliści, którzy zostają złapani, niekoniecznie są świetni w opsec.
Chatbot od Meta AI pozwalał na dostęp do prywatnych wiadomości i odpowiedzi wygenerowanych dla innych użytkowników
Incydent opisuje serwis TechCrunch, któremu Sandeep Hodkasia, założyciel firmy AppSecure zajmującej się testami bezpieczeństwa, przekazał informację o otrzymaniu 10 000 dolarów za zgłoszenie błędu 26 grudnia 2024 roku w ramach programu bug bounty. Meta wdrożyła poprawkę 24 stycznia 2025 r. i podobno nie wykryła dowodów na to, że luka została...
Artykuł Chatbot od Meta AI pozwalał na dostęp do prywatnych wiadomości i odpowiedzi wygenerowanych dla innych użytkowników pochodzi z serwisu Sekurak.
Szukamy admina do Securitum (Kraków!)
💼 tl;dr – szukamy Administratora IT z solidną znajomością sieci, bardzo dobrą znajomością Linuksa, w tym perfekcyjnie Debiana. Podejście i doświadczenie pracy w modelu security-first będzie krytyczne, zaś o znajomości sieci TCP/IP nawet nie wspominamy :) Praca tylko stacjonarnie w Krakowie. Start: sierpień lub wrzesień 2025. CV (PDF) wyślij na:...
Artykuł Szukamy admina do Securitum (Kraków!) pochodzi z serwisu Sekurak.
U.S. Sanctions Firm Behind N. Korean IT Scheme; Arizona Woman Jailed for Running Laptop Farm The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned a North Korean front company and three associated individuals for their involvement in the fraudulent remote information technology (IT) worker scheme designed to generate illicit revenues for Pyongyang. The sanctions target Korea Sobaeksu Trading Company (aka Sobaeksu United Corporation), and Kim Se Un, Jo
Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files The threat actor known as Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence. "The campaign employs a five-stage execution chain delivered via malicious LNK files disguised as conference invitations sent to targets interested in learning more about unmanned vehicle systems," Arctic Wolf Labs said
Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor Russian aerospace and defense industries have become the target of a cyber espionage campaign that delivers a backdoor called EAGLET to facilitate data exfiltration. The activity, dubbed Operation CargoTalon, has been assigned to a threat cluster tracked as UNG0901 (short for Unknown Group 901). "The campaign is aimed at targeting employees of Voronezh Aircraft Production Association (VASO), one
Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks Threat hunters have disclosed two different malware campaigns that have targeted vulnerabilities and misconfigurations across cloud environments to deliver cryptocurrency miners. The threat activity clusters have been codenamed Soco404 and Koske by cloud security firms Wiz and Aqua, respectively. Soco404 "targets both Linux and Windows systems, deploying platform-specific malware," Wiz
Overcoming Risks from Chinese GenAI Tool Usage A recent analysis of enterprise data suggests that generative AI tools developed in China are being used extensively by employees in the US and UK, often without oversight or approval from security teams. The study, conducted by Harmonic Security, also identifies hundreds of instances in which sensitive data was uploaded to platforms hosted in China, raising concerns over compliance, data
Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems Mitel has released security updates to address a critical security flaw in MiVoice MX-ONE that could allow an attacker to bypass authentication protections. "An authentication bypass vulnerability has been identified in the Provisioning Manager component of Mitel MiVoice MX-ONE, which, if successfully exploited, could allow an unauthenticated attacker to conduct an authentication bypass attack
Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments Virtualization and networking infrastructure have been targeted by a threat actor codenamed Fire Ant as part of a prolonged cyber espionage campaign. The activity, observed this year, is primarily designed Now to infiltrate organizations' VMware ESXi and vCenter environments as well as network appliances, Sygnia said in a new report published today. "The threat actor leveraged combinations of
CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing Cybersecurity researchers have shed light on a new versatile malware loader called CastleLoader that has been put to use in campaigns distributing various information stealers and remote access trojans (RATs). The activity employs Cloudflare-themed ClickFix phishing attacks and fake GitHub repositories opened under the names of legitimate applications, Swiss cybersecurity company PRODAFT said in
Sophos and SonicWall Patch Critical RCE Flaws Affecting Firewalls and SMA 100 Devices Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances that could be exploited to achieve remote code execution. The two vulnerabilities impacting Sophos Firewall are listed below -
CVE-2025-6704 (CVSS score: 9.8) - An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature can lead
Watch This Webinar to Uncover Hidden Flaws in Login, AI, and Digital Trust — and Fix Them Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud,
Pentests once a year? Nope. It’s time to build an offensive SOC You wouldn’t run your blue team once a year, so why accept this substandard schedule for your offensive side? Your cybersecurity teams are under intense pressure to be proactive and to find your network’s weaknesses before adversaries do. But in many organizations, offensive security is still treated as a one-time event: an annual pentest, a quarterly red team engagement, maybe an audit sprint
China-Based APTs Deploy Fake Dalai Lama Apps to Spy on Tibetan Community The Tibetan community has been targeted by a China-nexus cyber espionage group as part of two campaigns conducted last month ahead of the Dalai Lama's 90th birthday on July 6, 2025. The multi-stage attacks have been codenamed Operation GhostChat and Operation PhantomPrayers by Zscaler ThreatLabz. "The attackers compromised a legitimate website, redirecting users via a malicious link and
Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems. The tech giant, in an update shared Wednesday, said the findings are based on an "expanded analysis and threat intelligence from our continued monitoring of exploitation activity by Storm-2603." The threat actor attributed to the financially
Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cybercrime Marketplace Europol on Monday announced the arrest of the suspected administrator of XSS.is (formerly DaMaGeLaB), a notorious Russian-speaking cybercrime platform. The arrest, which took place in Kyiv, Ukraine, on July 222, 2025, was led by the French Police and Paris Prosecutor, in collaboration with Ukrainian authorities and Europol. The action is the result of an investigation that was launched by the
Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the "mu-plugins" directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary actions. Must-use plugins (aka mu-plugins) are special plugins that are automatically activated on all WordPress sites in the installation. They are located in the "wp-content/mu-plugins"
ToolShell: An all-you-can-eat buffet for threat actors ESET Research has been monitoring attacks involving the recently discovered ToolShell zero-day vulnerabilities
Rogue CAPTCHAs: Look out for phony verification pages spreading malware Before rushing to prove that you're not a robot, be wary of deceptive human verification pages as an increasingly popular vector for delivering malware
In Other News: $30k Google Cloud Build Flaw, Louis Vuitton Breach Update, Attack Surface Growth Noteworthy stories that might have slipped under the radar: Google Cloud Build vulnerability earns researcher big bounty, more countries hit by Louis Vuitton data breach, organizations’ attack surface is increasing. The post In Other News: $30k Google Cloud Build Flaw, Louis Vuitton Breach Update, Attack Surface Growth appeared first on SecurityWeek.
Mitel Patches Critical Flaw in Enterprise Communication Platform An authentication bypass vulnerability in Mitel MiVoice MX-ONE could allow attackers to access user or admin accounts on the system. The post Mitel Patches Critical Flaw in Enterprise Communication Platform appeared first on SecurityWeek.
Sophisticated Koske Linux Malware Developed With AI Aid The Koske Linux malware shows how cybercriminals can use AI for payload development, persistence, and adaptivity. The post Sophisticated Koske Linux Malware Developed With AI Aid appeared first on SecurityWeek.
UK Student Sentenced to Prison for Selling Phishing Kits Ollie Holman was sentenced to prison for selling over 1,000 phishing kits that caused estimated losses of over $134 million. The post UK Student Sentenced to Prison for Selling Phishing Kits appeared first on SecurityWeek.
Chinese Spies Target Networking and Virtualization Flaws to Breach Isolated Environments The Chinese cyberespionage group Fire Ant is targeting virtualization and networking infrastructure to access isolated environments. The post Chinese Spies Target Networking and Virtualization Flaws to Breach Isolated Environments appeared first on SecurityWeek.
No Patch for Flaw Exposing Hundreds of LG Cameras to Remote Hacking LG Innotek LNV5110R security cameras are affected by a vulnerability that can be exploited for unauthenticated remote code execution. The post No Patch for Flaw Exposing Hundreds of LG Cameras to Remote Hacking appeared first on SecurityWeek.
US Targets North Korea’s Illicit Funds: $15M Rewards Offered as American Woman Jailed in IT Worker Scam Christina Chapman was sentenced to prison for helping North Korean IT workers infiltrate US companies and running a laptop farm for them. The post US Targets North Korea’s Illicit Funds: $15M Rewards Offered as American Woman Jailed in IT Worker Scam appeared first on SecurityWeek.
HeroDevs Raises $125 Million to Secure Deprecated OSS HeroDevs has received a $125 milion strategic growth investment from PSG to secure enterprise security stacks. The post HeroDevs Raises $125 Million to Secure Deprecated OSS appeared first on SecurityWeek.
New York Seeking Public Opinion on Water Systems Cyber Regulations The proposed cyber regulations include the implementation of incident reporting, response plans, and cybersecurity controls, training, and certification of compliance. The post New York Seeking Public Opinion on Water Systems Cyber Regulations appeared first on SecurityWeek.
GRC Firm Vanta Raises $150 Million at $4.15 Billion Valuation Risk management and compliance solutions provider Vanta has raised more than $500 milion since 2021. The post GRC Firm Vanta Raises $150 Million at $4.15 Billion Valuation appeared first on SecurityWeek.
Steam games abused to deliver malware once again A cybercriminal managed to insert malicious files leading to info stealers in a pre-release of a game on the Steam platform
Watch out: Instagram users targeted in novel phishing campaign Phishers are using legitimate looking Instagram emails in order to scam users.
Age verification: Child protection or privacy risk? With more platforms and governments asking for age verification, we look at the options and the implications.
iPhone vs. Android: iPhone users more reckless, less protected online Lower rates for creating unique passwords, buying items from known websites, and using protection software leave iPhone users at risk to online scams.
Introducing the smarter, more sophisticated Malwarebytes Trusted Advisor, your cybersecurity personal assistant Malwarebytes Trusted Advisor has had an update, and it's now sharper, smarter, and more helpful than ever.
AI-generated image watermarks can be easily removed, say researchers The battle to fight misinformation continues.
Fire Ant Cyber Spies Compromise Siloed VMware Systems Suspected China-nexus threat actors targeted virtual environments and used several tools and techniques to bypass security barriers and reach isolated portions of victims' networks.
AI-Generated Linux Miner 'Koske' Beats Human Malware AI malware is becoming less of a gimmick, with features that meet or exceed what traditional human-developed malware typically can do.
North Korea's IT Worker Rampage Continues Amid DoJ Action Arrests and indictments keep coming, but the North Korean fake IT worker scheme is only snowballing, and businesses can't afford to assume their applicant-screening processes are up to the task of weeding the imposters out.
Why Security Nudges Took Off Nudges can be powerful — but they are not immune to overuse or misapplication.
The Young and the Restless: Young Cybercriminals Raise Concerns National governments warn that many hacker groups attract young people through a sense of community, fame, or the promise of money and the perception of a lack of risk of prosecution.
Can Security Culture Be Taught? AWS Says Yes Newly appointed Amazon Web Services CISO Amy Herzog believes security culture goes beyond frameworks and executive structures. Having the right philosophy throughout the organization is key.
Law Enforcement Cracks Down on XSS — but Will It Last? The arrest of a suspected administrator for the popular cybercrime forum was one of several enforcement actions in the past week targeting malicious activity.
Ransomware Actors Pile on 'ToolShell' SharePoint Bugs Storm-2603, a China-based threat actor, is targeting SharePoint customers in an ongoing ransomware campaign.
Translating Cyber-Risk for the Boardroom When security leaders embrace this truth and learn to speak in the language of leadership, they don't just protect the enterprise, they help lead it forward.
Fixed Ivanti Bugs Still Haunt Japan Orgs 6 Months Later Chinese threat actors have been feeding off the same Ivanti RCE vulnerabilities we've known about since January, partly thanks to complications in patching.
Amazon AI coding agent hacked to inject data wiping commands A hacker planted data wiping code in a version of Amazon's generative AI-powered assistant, the Q Developer Extension for Visual Studio Code. [...]
Microsoft investigates outage affecting Microsoft 365 admin center Microsoft is investigating an ongoing outage blocking Microsoft 365 administrators with business or enterprise subscriptions from accessing the admin center. [...]
The role of the cybersecurity PM in incident-driven development From PowerShell abuse to USB data theft, modern threats hit fast—and hard.vSee how security-minded PMs are responding with real-time controls, smarter policies, and tools like ThreatLocker Patch Management. [...]
US sanctions North Korean firm, nationals behind IT worker schemes The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned three North Korean nationals and a company for supporting fraudulent IT worker schemes that generated illicit revenue for the Democratic People's Republic of Korea (DPRK) government. [...]
Woman gets 8 years for aiding North Koreans infiltrate 300 US firms Christina Marie Chapman, a 50-year-old woman from Arizona, was sentenced to 102 months in prison after pleading guilty to her involvement in a scheme that enabled North Korean IT workers to infiltrate 309 U.S. companies. [...]
Microsoft lifts Windows 11 update block for Easy Anti-Cheat users Microsoft has removed a compatibility hold that prevented some Easy Anti-Cheat users from installing the Windows 11 2024 Update because of a known issue that triggers restarts with blue screen of death (BSOD) errors. [...]
BlackSuit ransomware extortion sites seized in Operation Checkmate Law enforcement has seized the dark web extortion sites of the BlackSuit ransomware operation, which has targeted and breached the networks of hundreds of organizations worldwide over the past several years. [...]
OpenAI confirms ChatGPT Agent is now rolling out for $20 Plus users ChatGPT Agent is now rolling out to users with $20 Plus subscription, but OpenAI warns that it will take a few days for the rollout to finish. [...]
New Koske Linux malware hides in cute panda images A new Linux malware named Koske may have been developed with artificial intelligence and is using seemingly benign JPEG images of panda bears to deploy malware directly into system memory. [...]
Hacker sneaks infostealer malware into early access Steam game A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title. [...]
Mitel warns of critical MiVoice MX-ONE authentication bypass flaw Mitel Networks has released security updates to patch a critical-severity authentication bypass vulnerability impacting its MiVoice MX-ONE enterprise communications platform. [...]
Hackers breach Toptal GitHub account, publish malicious npm packages Hackers compromised Toptal's GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index. [...]
SonicWall urges admins to patch critical RCE flaw in SMA 100 devices SonicWall urges customers to patch SMA 100 series appliances against a critical authenticated arbitrary file upload vulnerability that can let attackers gain remote code execution. [...]