In The News

Mobile Applications: A Cesspool of Security Issues darkreadingRobert Lemos, Contributing Writer
April 25, 2025

An analysis of more than a half-million mobile apps find encryption problems, privacy issues, and known vulnerabilities in third-party code. What can users and developers do? An analysis of more than …


North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures The Hacker [email protected] (The Hacker News)
April 25, 2025

North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. "In this new campaign, the threat actor …


How Organizations Can Leverage Cyber Insurance Effectively darkreadingErich Kron
April 25, 2025

By focusing on prevention, education, and risk transfer through insurance, organizations — especially SMEs — can protect themselves from the rapidly escalating threats of cyberattacks. By focusing on prevention, education, and …


Vehicles Face 45% More Attacks, 4 Times More Hackers darkreadingNate Nelson, Contributing Writer
April 25, 2025

Two kinds of attacks are in high gear: ransomware attacks against OEMs and compromised electric vehicle chargers, according to data from Q1 2025. Two kinds of attacks are in high gear: …


Phishing Kit Darcula Gets Lethal AI Upgrade darkreadingBecky Bracken
April 25, 2025

Recently added artificial intelligence capabilities on the Chinese-language Darcula phishing-as-a-service platform make phishing attacks easy for even the least technical hackers. Recently added artificial intelligence capabilities on the Chinese-language Darcula phishing-as-a-service …


SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers The Hacker [email protected] (The Hacker News)
April 25, 2025

Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution.  "The exploitation is likely …


Why NHIs Are Security’s Most Dangerous Blind Spot The Hacker [email protected] (The Hacker News)
April 25, 2025

When we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt. But lurking beneath the surface is a growing threat that does not …


Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers The Hacker [email protected] (The Hacker News)
April 25, 2025

Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, …


DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks The Hacker [email protected] (The Hacker News)
April 25, 2025

Cybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS). The malware, along with a web …


Example of a Payload Delivered Through Steganography, (Fri, Apr 25th) SANS Internet Storm Center, InfoCON: green
April 25, 2025

In this diary, I'll show you a practical example of how steganography is used to hide payloads (or other suspicious data) from security tools and Security Analysts' eyes. Steganography can …