isecnews_n8n
-
Security Flaw in Safari Allows Fullscreen Browser-In-The-Middle Attacks
A new vulnerability in Apple’s Safari web browser exposes users to fullscreen browser-in-the-middle attacks, allowing cybercriminals to steal account credentials. SquareX researchers warn that this vulnerability particularly affects Safari, which lacks adequate user alerts when entering fullscreen mode, increasing the risk of such attacks.
-
New Malware Variant Uses Corrupted Headers to Evade Detection
Fortinet researchers have discovered a new strain of malware that evades detection by manipulating its DOS and PE headers, effectively functioning as a remote access trojan capable of controlling infected systems.
-
LexisNexis Reports Data Breach Impacting Over 364,000 Individuals
LexisNexis Risk Solutions has disclosed a data breach impacting over 364,000 individuals, revealing that personal information such as names and Social Security numbers was stolen from a GitHub account. The company emphasized that no financial information was compromised and is offering two years of free identity protection to those affected.
-
Security Flaw in OneDrive File Picker Exposes Users to Risks
A recently discovered vulnerability in Microsoft’s OneDrive File Picker may allow third-party apps to access users’ entire OneDrive storage without their clear consent, posing significant risks of data exposure and compliance violations.
-
Critical WordPress Plugin Vulnerability Exposes Over 100,000 Sites to Attack
A critical vulnerability in the TI WooCommerce Wishlist plugin for WordPress exposes over 100,000 websites to potential file upload attacks, prompting security experts to recommend immediate action.
-
Security Flaw Leaves Thousands of Asus Routers Vulnerable to Backdoor Attacks
Thousands of Asus routers are vulnerable to backdoor attacks due to exploited security flaws, as revealed by cybersecurity experts. Users are urged to check their settings and apply necessary updates.
-
Czech Republic Accuses China of Cyber Espionage Targeting Foreign Ministry
The Czech Republic has publicly accused China of cyber espionage, targeting its Ministry of Foreign Affairs in a campaign attributed to the hacking group APT31, which has reportedly infiltrated critical infrastructure since 2022.
-
Coordinated Scanning Operation Targets Exposed Systems in Japan
A recent coordinated reconnaissance campaign involving 251 malicious IP addresses aims at exploiting vulnerabilities in web infrastructure, according to cybersecurity firm GreyNoise. The firm warns that organizations should take immediate action to block these IPs to reduce exposure.
-
Apple Prevents Over $9 Billion in Fraudulent Transactions in Last Five Years
Apple Inc. has revealed that it prevented more than $9 billion in fraudulent transactions in the last five years, particularly noting over $2 billion in the year 2024 alone, through stringent App Store policies aimed at protecting users from deceptive apps and other malicious activities.
-
Iranian Hacker Pleads Guilty in Major Ransomware Case Involving Robbinhood Scheme
Sina Gholinejad, an Iranian national, has pleaded guilty in the U.S. for his role in a ransomware scheme that caused tens of millions in losses to American cities, including a significant attack on Baltimore, which suffered over $19 million in damages.
