Latest news as of 7/17/2025, 11:27:06 PM
Dark Reading
Targets are lured into a fake interview process that convinces them to download malware needed for a virtual interview.
Bleeping Computer
Zyxel has issued a security advisory about actively exploited flaws in CPE Series devices, warning that it has no plans to issue fixing patches and urging users to move to actively supported models. [...]
Bleeping Computer
A new campaign dubbed 'SparkCat' has been uncovered, targeting the cryptocurrency wallet recovery phrases of Android and iOS users using optical character recognition (OCR) stealers. [...]
Dark Reading
Ransomware actors are offering individuals millions to turn on their employers and divulge private company information, in a brand-new cybercrime tactic.
Dark Reading
Funnull CDN rents IPs from legitimate cloud service providers and uses them to host criminal websites, continuously cycling cloud resources in and out of use and acquiring new ones to stay ahead of cyber-defender detection.
Graham Cluley
In episode 36 of The AI Fix, Graham and Mark take a long look at DeepSeek, an upstart AI out of China that was trained on a shoestring, shook up Wall Street, kneecapped Nvidia, and challenged America's AI hegemony. Graham also discovers a remarkably f***ing effective way to remove AI snippets, a personal mobility robot gets a bit over-excited, some aliens regret installing an FTP server, and Mark explains what o3-mini owes to Spinal Tap. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.
Bleeping Computer
Five Eyes cybersecurity agencies in the UK, Australia, Canada, New Zealand, and the U.S. have issued guidance urging makers of network edge devices and appliances to improve forensic visibility to help defenders detect attacks and investigate breaches. [...]
Bleeping Computer
A Chinese hacking group is hijacking the SSH daemon on network appliances by injecting malware into the process for persistent access and covert operations. [...]
The Register
Researcher says ecosystem's auto-caching is a net positive but presents exploitable quirks A security researcher says a backdoor masquerading as a legitimate Go programming language package used by thousands of organizations was left undetected for years.…
Krebs on Security
The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled, English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent co-founders quite openly operate an Internet service provider and a pair of e-commerce platforms catering to buyers and sellers on both forums.