Home
Services
Credentials
News
Contact
News
NEWS
The latest news in cybersecurity!
SEP
26
Researchers Expose SVG and PureRAT Phishing Threats Targeting Ukraine and Vietnam
By:
info@thehackernews.com (The Hacker News)
on
SEP
26
A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader, which is then used to drop Amatera Stealer and PureMiner. "The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments," Fortinet FortiGuard Labs researcher Yurren Wan said in a report shared with The
Read more >>
SEP
26
New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks
By:
info@thehackernews.com (The Hacker News)
on
SEP
26
The Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed to deliver two new "lightweight" malware families tracked as BAITSWITCH and SIMPLEFIX. Zscaler ThreatLabz, which detected the new multi-stage ClickFix campaign earlier this month, described BAITSWITCH as a downloader that ultimately drops SIMPLEFIX, a
Read more >>
SEP
26
Crash Tests for Security: Why BAS Is Proof of Defense, Not Assumptions
By:
info@thehackernews.com (The Hacker News)
on
SEP
26
Car makers don’t trust blueprints. They smash prototypes into walls. Again and again. In controlled conditions. Because design specs don’t prove survival. Crash tests do. They separate theory from reality. Cybersecurity is no different. Dashboards overflow with “critical” exposure alerts. Compliance reports tick every box. But none of that proves what matters most to a CISO: The
Read more >>
SEP
26
Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure
By:
info@thehackernews.com (The Hacker News)
on
SEP
26
Cybersecurity company watchTowr Labs has disclosed that it has "credible evidence" of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a whole week before it was publicly disclosed. "This is not 'just' a CVSS 10.0 flaw in a solution long favored by APT groups and ransomware operators – it is a
Read more >>
SEP
26
New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module
By:
info@thehackernews.com (The Hacker News)
on
SEP
26
Cybersecurity researchers have discovered an updated version of a known Apple macOS malware called XCSSET that has been observed in limited attacks. "This new variant of XCSSET brings key changes related to browser targeting, clipboard hijacking, and persistence mechanisms," the Microsoft Threat Intelligence team said in a Thursday report. "It employs sophisticated encryption and obfuscation
Read more >>
SEP
26
Cisco ASA Firewall Zero-Day Exploits Deploy RayInitiator and LINE VIPER Malware
By:
info@thehackernews.com (The Hacker News)
on
SEP
26
The U.K. National Cyber Security Centre (NCSC) has revealed that threat actors have exploited the recently disclosed security flaws impacting Cisco firewalls as part of zero-day attacks to deliver previously undocumented malware families like RayInitiator and LINE VIPER. "The RayInitiator and LINE VIPER malware represent a significant evolution on that used in the previous campaign, both in
Read more >>
SEP
25
Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive
By:
info@thehackernews.com (The Hacker News)
on
SEP
25
Cisco is urging customers to patch two security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software, which it said have been exploited in the wild. The zero-day vulnerabilities in question are listed below - CVE-2025-20333 (CVSS score: 9.9) - An improper validation of user-supplied input
Read more >>
SEP
25
Threatsday Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal & More
By:
info@thehackernews.com (The Hacker News)
on
SEP
25
Welcome to this week’s Threatsday Bulletin—your Thursday check-in on the latest twists and turns in cybersecurity and hacking. The digital threat landscape never stands still. One week it’s a critical zero-day, the next it’s a wave of phishing lures or a state-backed disinformation push. Each headline is a reminder that the rules keep changing and that defenders—whether you’re protecting a
Read more >>
SEP
25
Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network
By:
info@thehackernews.com (The Hacker News)
on
SEP
25
The threat actor known as Vane Viper has been outed as a purveyor of malicious ad technology (adtech), while relying on a tangled web of shell companies and opaque ownership structures to deliberately evade responsibility. "Vane Viper has provided core infrastructure in widespread malvertising, ad fraud, and cyberthreat proliferation for at least a decade," Infoblox said in a technical report
Read more >>
SEP
25
Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection
By:
info@thehackernews.com (The Hacker News)
on
SEP
25
Cybersecurity researchers have disclosed a critical flaw impacting Salesforce Agentforce, a platform for building artificial intelligence (AI) agents, that could allow attackers to potentially exfiltrate sensitive data from its customer relationship management (CRM) tool by means of an indirect prompt injection. The vulnerability has been codenamed ForcedLeak (CVSS score: 9.4) by Noma Security,
Read more >>
More posts
Contact Us
014
91 842 907
info@pensecure.co.uk
Graffix House,
Newtown Rd,
Henley-on-Thames,
Oxfordshire,
RG9 1LY
Business Hours
Mon - Fri
9:00 am
-
5:00 pm
Sat - Sun
Closed
Copyright © PenSecure
Share by:
