Aggregator

A newly disclosed vulnerability, CVE-2025-24071, has been identified in Windows File Explorer, specifically affecting Windows 11 (23H2) and earlier versions that support .library-ms files and the SMB protocol. This flaw enables attackers to capture NTLM (New Technology LAN Manager) authentication hashes simply by tricking a user into extracting a malicious ZIP archive—no further interaction is […]

The post Windows 11 File Explorer Vulnerability Enables NTLM Hash Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A group dubbed “Dark Partners” by cybersecurity researchers has launched a sophisticated malware campaign targeting both macOS and Windows users through a network of deceptive websites impersonating well-known AI, VPN, and software brands. This operation, which has been active for several months, employs meticulously crafted landing pages mimicking services such as Haiper, TradingView, Windscribe, and […]

The post Dark Partner Hackers Leverage Fake AI, VPN, and Crypto Sites to Target macOS and Windows Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft is phasing out password features in Authenticator. Transition to Edge for autofill and explore passwordless authentication. Learn more!

The post Microsoft Authenticator Phases Out Password Features and Apple Watch Support appeared first on Security Boulevard.

Discover the implications of the 19 billion passwords leaked in the RockYou2024 breach. Learn essential actions to secure your accounts now!

The post 19 Billion Passwords Leaked: Protect Yourself from Cyber Threats appeared first on Security Boulevard.

How k0s, a lightweight Kubernetes distribution, joins the CNCF Sandbox, enhancing cloud-native computing. Explore its features today!

The post k0s Enters CNCF Sandbox: A New Lightweight Kubernetes Option appeared first on Security Boulevard.

Discover AWS's new Product Lifecycle page for tracking service changes and updates. Stay informed and enhance your cloud strategy today!

The post AWS Centralized Product Lifecycle Page: Enhance Transparency & Info appeared first on Security Boulevard.

Today, SquareX released new threat research on an advanced Browser-in-the-Middle (BitM) attack targeting Safari users. As highlighted by Mandiant, adversaries have been increasingly using BitM attacks to steal credentials and gain unauthorized access to enterprise SaaS apps. BitM attacks work by using a remote browser to trick victims into interacting with an attacker-controlled browser via a pop-up window […]

The post Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The acquisition of Apex Security adds a powerful new layer of visibility, context and control to the Tenable One Exposure Management Platform to govern usage, enforce policy and control exposure across both the AI that organizations use and the AI they build.

Over the past 25 years, we’ve seen the attack surface shift dramatically — from traditional on-prem environments to cloud, to OT/IOT, and more. But the changes we’re seeing right now with AI feel different. Faster. More disruptive. And, frankly, more unpredictable.

That’s why I’m excited to share that Tenable has signed a definitive agreement to acquire Apex Security, a company we’ve been following for some time. They've built a powerful product that solves real problems in the emerging world of AI risk. Their focus is helping organizations secure both the AI they use and the AI they build — a problem that's becoming more critical every day.

It’s clear we’re in the early stages of a major shift. Developers are integrating large language models into products and internal tools. Employees are using generative tools in everyday workflows. AI is everywhere — but the tools to manage that risk at scale? Not so much.

Last year, we introduced AI Aware to help organizations get visibility into shadow AI. It’s been incredible to see how quickly customers adopted it — more than 6,400 customers in over 100 countries are using it today. But we also heard loud and clear: visibility isn’t enough. Security leaders want to govern usage, enforce policy, and prevent exposures before attackers take advantage. That’s exactly what Apex was built to do.

Their technology adds a powerful layer of visibility, context, and control to what we’re building with Tenable One - our exposure management platform for your entire enterprise. Once the deal closes, we will move quickly to integrate these capabilities into the platform.

This isn’t just about adding another feature — it’s about helping customers take action during a critical window of time. Most organizations haven’t yet experienced a large-scale AI-driven attack. That’s the point. We have a unique opportunity to get ahead of the threat — to define how AI is secured before attackers define it for us.

I’m proud of the team at Tenable for continuing to lead in Exposure Management, and I’m looking forward to welcoming our future teammates from Apex once the deal closes. This is how we stay in front of the attack surface — by seeing where it’s going, and building for it now.

More to come soon.

Quantum computing is rapidly emerging as one of the most transformative technology trends of 2025, promising to revolutionize industries by solving complex problems that are currently beyond the reach of classical computers. Unlike traditional computers that process information in binary code—using bits that represent either 0 or 1—quantum computers use qubits, which can represent both […]

The post New Microsoft Entra Connect Update Replaces Legacy Login Methods appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated new malware, dubbed PumaBot, has emerged as a significant threat to Internet of Things (IoT) devices worldwide. Cybersecurity researchers have identified this malicious software as a highly advanced botnet that exploits weak security configurations in IoT ecosystems, particularly targeting devices with exposed SSH (Secure Shell) ports. Emerging Threat Targets Vulnerable IoT Ecosystems By […]

The post New PumaBot Hijacks IoT Devices via SSH Brute-Force for Persistent Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

PALO ALTO, California, 29th May 2025, CyberNewsWire

The post Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari appeared first on Security Boulevard.