Police detains Smokeloader malware customers, seizes servers BleepingComputerIonut Ilascu
April 9, 2025

In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet's customers and detained at least five individuals. [...] In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader …


CISA Adds Two Known Exploited Vulnerabilities to Catalog AlertsCISA
April 9, 2025

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-53197 Linux Kernel Out-of-Bounds Access Vulnerability CVE-2024-53150 Linux Kernel Out-of-Bounds Read Vulnerability These types of vulnerabilities …


New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner The Hacker [email protected] (The Hacker News)
April 9, 2025

A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware codenamed TCESB. "Previously …


Explosive Growth of Non-Human Identities Creating Massive Security Blind Spots The Hacker [email protected] (The Hacker News)
April 9, 2025

GitGuardian's State of Secrets Sprawl report for 2025 reveals the alarming scale of secrets exposure in modern software environments. Driving this is the rapid growth of non-human identities (NHIs), which …


ISC Stormcast For Wednesday, April 9th, 2025 https://isc.sans.edu/podcastdetail/9400, (Wed, Apr 9th) SANS Internet Storm Center, InfoCON: green
April 9, 2025

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.  ​Read More


PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware The Hacker [email protected] (The Hacker News)
April 9, 2025

Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of …


CISA Warns of CentreStack’s Hard-Coded MachineKey Vulnerability Enabling RCE Attacks The Hacker [email protected] (The Hacker News)
April 9, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation …


Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability The Hacker [email protected] (The Hacker News)
April 9, 2025

Microsoft has released security fixes to address a massive set of 126 flaws affecting its software products, including one vulnerability that it said has been actively exploited in the wild. Of …


Obfuscated Malicious Python Scripts with PyArmor, (Wed, Apr 9th) SANS Internet Storm Center, InfoCON: green
April 8, 2025

Obfuscation is very important for many developers. They may protect their code for multiple reasons like copyright, anti-cheat (games), or to protect their code from being reused. If an obfuscated …


Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered The Hacker [email protected] (The Hacker News)
April 8, 2025

Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could result in arbitrary file read …