Wed.Jun 18, 2025

article thumbnail

Fake bank ads on Instagram scam victims out of money

Malwarebytes

Ads on Instagram—including deepfake videos—are impersonating trusted financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) in order to scam people, according to BleepingComputer. There are some variations in how the scammers approach this. Some use Artificial Intelligence (AI) to create deepfake videos aimed at gathering personal information, while others link to typosquatted domains that not just look the same but also have very similar domain names as the impersonated

Banking 137
article thumbnail

New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions

The Hacker News

Cybersecurity researchers have uncovered two local privilege escalation (LPE) flaws that could be exploited to gain root privileges on machines running major Linux distributions.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Scammers hijack websites of Bank of America, Netflix, Microsoft, and more to insert fake phone number

Malwarebytes

The examples in this post are actual fraud attempts found by Malwarebytes Senior Director of Research, Jérôme Segura. Cybercriminals frequently use fake search engine listings to take advantage of our trust in popular brands, and then scam us. It often starts, as with so many attacks, with a sponsored search result on Google. In the latest example of this type of scam, we found tech support scammers hijacking the results of people looking for 24/7 support for Apple, Bank of America, Facebook, HP

Banking 137
article thumbnail

News alert: Halo Security’s attack surface management platform wins MSP Today’s top award

The Last Watchdog

Miami, June 18, 2025, CyberNewswire — Halo Security today announced that its attack surface management solution has been named a 2025 MSP Today Product of the Year Award winner by TMC, a leading global media company recognized for building communities in technology and business through live events and digital marketing platforms. The MSP Today Product of the Year Award honors standout products and services that are reshaping the managed services landscape—delivered through the Channel and

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

5 riskiest places to get scammed online

Malwarebytes

Scammers love your smartphone. They can text you fraudulent tracking links for packages you never bought. They can profess their empty love to you across your social media apps. They can bombard your email inbox with phishing attempts, impersonate a family member through a phone call, and even trick you into visiting malicious versions of legitimate websites.

Scams 117
article thumbnail

Watch out, Veeam fixed a new critical bug in Backup & Replication product

Security Affairs

Veeam addressed a new critical flaw in Backup & Replication product that could potentially result in remote code execution. Veeam has rolled out security patches to address a critical security vulnerability, tracked CVE-2025-23121 (CVSS score of 9.9) in its Backup & Replication solution that can allow remote attackers to execute arbitrary code under certain conditions. “A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.”

Backups 110

LifeWorks

More Trending

article thumbnail

News Flodrix botnet targets vulnerable Langflow servers

Security Affairs

Attackers exploit CVE-2025-3248 in Langflow servers to deliver Flodrix botnet via downloader scripts, Trend Research reports. Trend Research uncovered an ongoing campaign exploiting the vulnerability CVE-2025-3248 to deliver the Flodrix botnet. Attackers exploit the flaw to run scripts on Langflow servers, downloading and installing Flodrix malware. “If the vulnerability is successfully exploited, threat actors behind the Flodrix botnet can cause full system compromise, DDoS attacks, and p

DDOS 110
article thumbnail

Cisco ClamAV Critical Flaws: CVE-2025-20260 (CVSS 9.8) Allows Code Execution

Penetration Testing

Cisco ClamAV versions 1.4.3 and 1.0.9 fix critical flaws: CVE-2025-20260 (CVSS 9.8) in PDF scanning could allow RCE, and CVE-2025-20234 (UDF) leads to DoS.

article thumbnail

New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains

The Hacker News

A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments embedded in phishing emails. The ongoing campaign has been codenamed SERPENTINE#CLOUD by Securonix.

Phishing 115
article thumbnail

Israel-Tied Predatory Sparrow Hackers Are Waging Cyberwar on Iran’s Financial System

WIRED Threat Level

After an attack on Iran’s Sepah bank, the hyper-aggressive Israel-linked hacker group has now destroyed more than $90 million held at Iranian crypto exchange Nobitex.

Banking 102
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

An Investigation of AWS Credential Exposure via Overprivileged Containers

Trend Micro

Overprivileged or misconfigured containers in Amazon EKS can expose sensitive AWS credentials to threats like packet sniffing and API spoofing, highlighting the need for least privilege and proactive security to detect and reduce these risks.

Risk 78
article thumbnail

Iran’s Internet Blackout Adds New Dangers for Civilians Amid Israeli Bombings

WIRED Threat Level

Iran is limiting internet connectivity for citizens amid Israeli airstrikes—pushing people towards domestic apps, which may not be secure, and limiting their ability to access vital information.

article thumbnail

Out of Juice? TSA Says Don’t Plug Into Airport USB Ports 

Security Boulevard

Phone low on charge at the airport? Don't be tempted to use a public USB to recharge, according to the TSA - beware of "juice-jacking." The post Out of Juice? TSA Says Don’t Plug Into Airport USB Ports appeared first on Security Boulevard.

article thumbnail

1,500+ Minecraft Players Infected by Java Malware Masquerading as Game Mods on GitHub

The Hacker News

A new multi-stage malware campaign is targeting Minecraft users with a Java-based malware that employs a distribution-as-service (DaaS) offering called Stargazers Ghost Network. "The campaigns resulted in a multi-stage attack chain targeting Minecraft users specifically," Check Point researchers Jaromír Hořejší and Antonis Terefos said in a report shared with The Hacker News.

Malware 88
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

OpenAI Signs $200M Defense Department Deal, Then Calms Fears About Weaponized AI

eSecurity Planet

This article was originally published on eWeek. OpenAI accepted a $200 million contract with the US Department of Defense on June 17. The deal includes consolidating all the AI company’s existing public sector products under one banner, OpenAI for Government, which encompasses ChatGPT Gov, as well as existing partnerships with the US National Labs, the Air Force Research Laboratory, NASA, the National Institutes of Health, and the Treasury Department.

article thumbnail

CVE-2025-23171 & CVE-2025-23172: Versa Director Bugs Open Doors to Webshell Uploads and Command Execution

Penetration Testing

The post CVE-2025-23171 & CVE-2025-23172: Versa Director Bugs Open Doors to Webshell Uploads and Command Execution appeared first on Daily CyberSecurity.

article thumbnail

Water Curse Employs 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign

The Hacker News

Cybersecurity researchers have exposed a previously unknown threat actor known as Water Curse that relies on weaponized GitHub repositories to deliver multi-stage malware.

Malware 82
article thumbnail

CVE-2025-20271: Cisco Meraki VPN Bug Exposes MX and Z Series Devices to Remote DoS Attacks

Penetration Testing

Cisco warns of a critical flaw (CVE-2025-20271, CVSS 8.6) in Meraki MX/Z Series devices, allowing unauthenticated remote DoS on AnyConnect VPN. Update firmware now!

VPN 65
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

These XR glasses gave me a 200-inch screen to work with - and have replaced my monitors

Zero Day

X Trending Miss out on Nintendo Switch 2 preorders? Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best website builder

article thumbnail

Why AI Agents are the Secret to a Proactive Cybersecurity Defense

Security Boulevard

To level the playing field, enterprise security teams must begin to use AI — especially AI agents — to augment their existing human talent. The post Why AI Agents are the Secret to a Proactive Cybersecurity Defense appeared first on Security Boulevard.

article thumbnail

Ransomware gang busted in Thailand hotel raid

Graham Cluley

In a dramatic raid at a hotel in central Pattaya this week, Thai police have unearthed a criminal gang that was operating a ransomware and illicit gambling operation. Read more in my article on the Hot for Security blog.

article thumbnail

Critical Versa Director Flaw (CVSS 9.8): Hardcoded Credentials Grant Root Access, PoC Available

Penetration Testing

A critical flaw (CVE-2025-24288, CVSS 9.8) in Versa Director exposes hardcoded default credentials for high-privilege accounts with sudo access. PoC released.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

AWS Makes Bevy of Updates to Simplify Cloud Security

Security Boulevard

Amazon Web Services (AWS) added a bevy of additional cybersecurity tools and services to its portfolio that collectively make securing its cloud computing platform simpler. Announced at the AWS re:Inforce 2025 conference, the additions include a preview of a revamped AWS Security Hub that now identifies which vulnerabilities from a threat perspective are potentially the.

article thumbnail

Meta Adds Passkey Login Support to Facebook for Android and iOS Users

The Hacker News

Meta Platforms on Wednesday announced that it's adding support for passkeys, the next-generation password standard, on Facebook. "Passkeys are a new way to verify your identity and login to your account that's easier and more secure than traditional passwords," the tech giant said in a post. Support for passkeys is expected to be available "soon" on Android and iOS mobile devices.

article thumbnail

Root Access Unlocked: How a pam_namespace Flaw Lets Attackers Elevate Privileges on Linux

Penetration Testing

A high-severity flaw (CVE-2025-6020) in Linux PAM's pam_namespace allows unprivileged users to gain root via symlink attacks and race conditions.

article thumbnail

U.S. CISA adds Linux Kernel flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux Kernel vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium V8 Out-of-Bounds Read and Write Vulnerability, tracked as CVE-2023-0386 , to its Known Exploited Vulnerabilities (KEV) catalog.

Hacking 66
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Apache Traffic Server Flaws Allow Access Bypass & Remote DoS

Penetration Testing

Two critical flaws in Apache Traffic Server (CVE-2025-31698, CVE-2025-49763) allow IP-based ACL bypass and remote DoS via ESI plugin.

article thumbnail

AWS Extends Scope of Cybersecurity Alliance with CrowdStrike

Security Boulevard

Amazon Web Services (AWS) and CrowdStrike this week expanded their alliance to include an incident response that is now available on the Amazon Web Services (AWS) marketplace. Announced at the AWS re:Inforce 2025 conference, the Falcon for AWS Security Incident Response is a managed hosted service running on the AWS cloud that makes extensive use. The post AWS Extends Scope of Cybersecurity Alliance with CrowdStrike appeared first on Security Boulevard.

article thumbnail

From Frankenstack to Framework: How MSPs Can Build Simpler, Smarter Security with Ross Brouse

Heimadal Security

Welcome back to the MSP Security Playbook. In today’s episode, we’re diving deep into one of the most persistent challenges MSPs face: balancing layered security with operational simplicity. From tool sprawl and alert fatigue to vendor bloat and agent overload, it’s a complex puzzle. It’s easy to think more tools mean better protection, but is […] The post From Frankenstack to Framework: How MSPs Can Build Simpler, Smarter Security with Ross Brouse appeared first on

69
article thumbnail

Critical Auth Bypass Vulnerability (CVE-2025-51381) Found in KAON KCM3100 Gateways

Penetration Testing

A critical flaw (CVE-2025-51381) in KAON KCM3100 Wi-Fi gateways allows local attackers to bypass authentication. Update firmware to version 1.4.8 immediately.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!