![]() |
Description: Cybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-stealing malware called Banshee Stealer.
"Once thought dormant after its source code leak in late 2024, this new iteration introduces advanced string encryption inspired by Apple's XProtect," Check Point Research said in a new analysis shared with The Hacker News. "This development allows it to
January 9th, 2025 (6 months ago)
|
![]() |
Description: As SaaS providers race to integrate AI into their product offerings to stay competitive and relevant, a new challenge has emerged in the world of AI: shadow AI.
Shadow AI refers to the unauthorized use of AI tools and copilots at organizations. For example, a developer using ChatGPT to assist with writing code, a salesperson downloading an AI-powered meeting transcription tool, or a
January 9th, 2025 (6 months ago)
|
![]() |
Description: Japan's National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accused a China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019.
The primary objective of the attack campaign is to steal information related to Japan's national
January 9th, 2025 (6 months ago)
|
![]() |
Description: Ransomware isn’t slowing down—it’s getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection.The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking ransom payouts in history, including a $75 million ransom in 2024.
Are you prepared to fight back?
Join
January 9th, 2025 (6 months ago)
|
![]() |
Description: The Japanese National Police Agency (NPA) and the Cabinet Cybersecurity Center have issued a comprehensive advisory about an ongoing cyberespionage campaign targeting the nation since 2019. The attacks, attributed to the Chinese threat group MirrorFace (also known as Earth Kasha), focus on stealing sensitive data related to Japan's national security and advanced technologies. These operations …
The post Japan Reveals Espionage Campaign by ‘MirrorFace’ Cyberspies appeared first on CyberInsider.
January 9th, 2025 (6 months ago)
|
![]() |
Description: The European General Court on Wednesday fined the European Commission, the primary executive arm of the European Union responsible for proposing and enforcing laws for member states, for violating the bloc's own data privacy regulations.
The development marks the first time the Commission has been held liable for infringing stringent data protection laws in the region.
The court determined that
January 9th, 2025 (6 months ago)
|
CVE-2025-0282 |
Description: Ivanti has disclosed a critical zero-day vulnerability (CVE-2025-0282) actively exploited in the wild, affecting Ivanti Connect Secure (ICS) VPN appliances. The flaw, a stack-based buffer overflow, allows unauthenticated remote code execution, potentially compromising entire network infrastructures. Ivanti has released a patch and strongly advises immediate updates to ICS version 22.7R2.5 or higher. The advisory also …
The post Hackers Exploiting Critical Ivanti VPN Code Execution Vulnerability appeared first on CyberInsider.
CVSS: CRITICAL (9.0) EPSS Score: 15.33%
January 9th, 2025 (6 months ago)
|
CVE-2025-0282 |
Description: Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024.
The security vulnerability in question is CVE-2025-0282 (CVSS score: 9.0), a stack-based buffer overflow that affects Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2
CVSS: CRITICAL (9.0) EPSS Score: 15.33%
January 9th, 2025 (6 months ago)
|
![]() |
Description: The country awaits implementation guidelines for a framework that gives Indians greater autonomy and security over their personal data — and recognizes a right to personal privacy.
January 9th, 2025 (6 months ago)
|
CVE-2025-22215 |
Description: VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. A malicious actor with "Organization Member" access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 9th, 2025 (6 months ago)
|