Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers
Tue, 13 May 2025 10:38:00 +0530
A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024.
“These exploits have resulted in a collection of related user data from targets in Iraq,” the Microsoft Threat Intelligence team said. “The targets of the attack are associated with the Kurdish
https://thehackernews.com/2025/05/turkiye-hackers-exploited-output.html
Apple Patches Major Security Flaws in iOS, macOS Platforms
Mon, 12 May 2025 19:03:01 +0000
Apple rolls out iOS and macOS platform updates to fix serious security bugs that could be triggered simply by opening an image or video file.
The post Apple Patches Major Security Flaws in iOS, macOS Platforms appeared first on SecurityWeek.
https://www.securityweek.com/apple-patches-major-security-flaws-in-ios-macos-platforms/
Security Firm Andy Frain Says 100,000 People Impacted by Ransomware Attack
Mon, 12 May 2025 14:11:54 +0000
Andy Frain was targeted by the Black Basta ransomware group in 2024 and the hackers have stolen a wide range of information.
The post Security Firm Andy Frain Says 100,000 People Impacted by Ransomware Attack appeared first on SecurityWeek.
https://www.securityweek.com/security-firm-andy-frain-says-100000-people-impacted-by-ransomware-attack/
ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files
Mon, 12 May 2025 19:33:00 +0530
ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve remote code execution.
DriverHub is a tool that’s designed to automatically detect the motherboard model of a computer and display necessary driver updates for subsequent installation by communicating with a
https://thehackernews.com/2025/05/asus-patches-driverhub-rce-flaws.html
Google Agrees to $1.3 Billion Settlement in Texas Privacy Lawsuits
Mon, 12 May 2025 12:53:45 +0000
Google has agreed to a $1.375 billion settlement with Texas in lawsuits over location and private browsing tracking, and biometric data collection.
The post Google Agrees to $1.3 Billion Settlement in Texas Privacy Lawsuits appeared first on SecurityWeek.
https://www.securityweek.com/google-agrees-to-1-3-billion-settlement-in-texas-privacy-lawsuits/
⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams
Mon, 12 May 2025 17:40:00 +0530
What do a source code editor, a smart billboard, and a web server have in common? They’ve all become launchpads for attacks—because cybercriminals are rethinking what counts as “infrastructure.” Instead of chasing high-value targets directly, threat actors are now quietly taking over the overlooked: outdated software, unpatched IoT devices, and open-source packages. It’s not just clever—it’s
https://thehackernews.com/2025/05/weekly-recap-zero-day-exploits.html
437,000 Impacted by Ascension Health Data Breach
Mon, 12 May 2025 12:03:03 +0000
Ascension Health has notified the HHS that more than 437,000 people were affected by a recently disclosed data breach.
The post 437,000 Impacted by Ascension Health Data Breach appeared first on SecurityWeek.
https://www.securityweek.com/437000-impacted-by-ascension-health-data-breach/
Asus DriverHub Vulnerabilities Expose Users to Remote Code Execution Attacks
Mon, 12 May 2025 11:28:48 +0000
Two vulnerabilities in ASUS’s pre-installed software DriverHub can be exploited for remote code execution.
The post Asus DriverHub Vulnerabilities Expose Users to Remote Code Execution Attacks appeared first on SecurityWeek.
https://www.securityweek.com/asus-driverhub-vulnerabilities-expose-users-to-remote-code-execution-attacks/
US Deportation Airline GlobalX Confirms Hack
Mon, 12 May 2025 11:09:28 +0000
Global Crossing Airlines is investigating a cybersecurity incident after Anonymous hackers targeted its systems.
The post US Deportation Airline GlobalX Confirms Hack appeared first on SecurityWeek.
https://www.securityweek.com/us-deportation-airline-globalx-confirms-hack/
The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That
Mon, 12 May 2025 16:30:00 +0530
Detecting leaked credentials is only half the battle. The real challenge—and often the neglected half of the equation—is what happens after detection. New research from GitGuardian’s State of Secrets Sprawl 2025 report reveals a disturbing trend: the vast majority of exposed company secrets discovered in public repositories remain valid for years after detection, creating an expanding attack
https://thehackernews.com/2025/05/the-persistence-problem-why-exposed.html
German Authorities Take Down Crypto Swapping Service eXch
Mon, 12 May 2025 09:50:58 +0000
German authorities seized the servers of crypto-swapping service eXch for laundering approximately $1.9 billion in fraudulent assets.
The post German Authorities Take Down Crypto Swapping Service eXch appeared first on SecurityWeek.
https://www.securityweek.com/german-authorities-take-down-crypto-swapping-service-exch/
US Announces Botnet Takedown, Charges Against Russian Administrators
Mon, 12 May 2025 08:37:07 +0000
Anyproxy and 5socks, websites offering proxy services through devices ensnared by a botnet, have been disrupted in a law enforcement operation.
The post US Announces Botnet Takedown, Charges Against Russian Administrators appeared first on SecurityWeek.
https://www.securityweek.com/us-announces-botnet-takedown-charges-against-russian-administrators/
Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures
Mon, 12 May 2025 12:56:00 +0530
Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile.
“Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms – often advertised via legitimate-looking Facebook groups and viral social media campaigns,”
https://thehackernews.com/2025/05/fake-ai-tools-used-to-spread.html
Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection
Sat, 10 May 2025 12:24:00 +0530
Google has agreed to pay the U.S. state of Texas nearly $1.4 billion to settle two lawsuits that accused the company of tracking users’ personal location and maintaining their facial recognition data without consent.
The $1.375 billion payment dwarfs the fines the tech giant has paid to settle similar lawsuits brought by other U.S. states. In November 2022, it paid $391 million to a group of 40
https://thehackernews.com/2025/05/google-pays-1375-billion-to-texas-over.html
Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data
Sat, 10 May 2025 12:17:00 +0530
Germany’s Federal Criminal Police Office (aka Bundeskriminalamt or BKA) has seized the online infrastructure and shutdown linked to the eXch cryptocurrency exchange over allegations of money laundering and operating a criminal trading platform.
The operation was carried out on April 30, 2025, authorities said, adding they also confiscated 8 terabytes worth of data and cryptocurrency assets
https://thehackernews.com/2025/05/germany-shuts-down-exch-over-19b.html
BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
Fri, 09 May 2025 21:58:00 +0530
A joint law enforcement operation undertaken by Dutch and U.S. authorities has dismantled a criminal proxy network that’s powered by thousands of infected Internet of Things (IoT) and end-of-life (EoL) devices, enlisting them into a botnet for providing anonymity to malicious actors.
In conjunction with the domain seizure, Russian nationals, Alexey Viktorovich Chertkov, 37, Kirill Vladimirovich
https://thehackernews.com/2025/05/breaking-7000-device-proxy-botnet-using.html
OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
Fri, 09 May 2025 21:55:00 +0530
The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files.
NTT Security Holdings, which detailed the new findings, said the attackers have “actively and continuously” updated the malware, introducing versions v3 and v4 in
https://thehackernews.com/2025/05/ottercookie-v4-adds-vm-detection-and.html
In Other News: India-Pakistan Cyberattacks, Radware Vulnerabilities, xAI Leak
Fri, 09 May 2025 14:54:21 +0000
Noteworthy stories that might have slipped under the radar: surge in cyberattacks between India and Pakistan, Radware cloud WAF vulnerabilities, xAI key leak.
The post In Other News: India-Pakistan Cyberattacks, Radware Vulnerabilities, xAI Leak appeared first on SecurityWeek.
https://www.securityweek.com/in-other-news-india-pakistan-cyberattacks-radware-vulnerabilities-xai-leak/
Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack
Fri, 09 May 2025 14:12:29 +0000
Supply chain attack compromises the popular rand-user-agent NPM package to deploy and activate a backdoor.
The post Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack appeared first on SecurityWeek.
https://www.securityweek.com/popular-scraping-tools-npm-package-compromised-in-supply-chain-attack/
Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
Fri, 09 May 2025 17:10:00 +0530
Cybersecurity researchers are warning of a new campaign that’s targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management (RMM) software since January 2025.
“The spam message uses the Brazilian electronic invoice system, NF-e, as a lure to entice users into clicking hyperlinks and accessing malicious content hosted in Dropbox,” Cisco Talos
https://thehackernews.com/2025/05/initial-access-brokers-target-brazil.html