Aggregator

You must login to view this content

CISA has issued an urgent warning regarding a critical zero-day vulnerability affecting Apple’s iOS, iPadOS, and macOS operating systems that threat actors are actively exploiting.  The vulnerability, tracked as CVE-2025-43300, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, signaling that immediate action is required from organizations and individual users to protect their systems […]

The post CISA Warns of Apple iOS, iPadOS, and macOS 0-day Vulnerability Exploited in Attacks appeared first on Cyber Security News.

A sophisticated traffic direction system known as Help TDS has been weaponizing compromised websites since 2017, transforming legitimate sites into gateways for elaborate tech support scams. The operation specializes in deploying PHP code templates that redirect unsuspecting visitors to fraudulent Microsoft Windows security alert pages designed to deceive users into believing their systems are compromised. […]

The post Help TDS Weaponize Legitimate Sites’ PHP Code Templates With Fake Microsoft Windows Security Alert Pages appeared first on Cyber Security News.

A sophisticated HTTP request smuggling attack that exploits inconsistent parsing behaviors between front-end proxy servers and back-end application servers.  This newly discovered technique leverages malformed chunked transfer encoding extensions to bypass established security controls and inject unauthorized secondary requests into web applications. Key Takeaways1. Exploits malformed HTTP chunked encoding to create front-end/back-end parsing discrepancies.2. Bypasses […]

The post New HTTP Smuggling Attack Technique Let Hackers Inject Malicious Requests appeared first on Cyber Security News.

Creator, Author and Presenter: Reed Loden

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Welcome To Day Two Of BSidesSF 2025! appeared first on Security Boulevard.

A sophisticated cryptojacking campaign has emerged, exploiting misconfigured Redis servers across multiple continents to deploy cryptocurrency miners while systematically dismantling security defenses. The threat actor behind this operation, designated TA-NATALSTATUS, has been active since 2020 but has significantly escalated their activities throughout 2025, targeting exposed Redis instances with alarming success rates across major economies. The […]

The post New Cryptojacking Attack Exploits Redis Servers to Install Miners and Disable Defenses appeared first on Cyber Security News.