Tag: attacks

Source URL: https://www.theregister.com/2025/09/17/ddr5_dram_rowhammer/ Source: The Register Title: Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack Feedly Summary: Google and ETH Zurich found problems with AMD/SK Hynix combo, will probe other hardware Researchers from Google and Swiss university ETH Zurich have found a new class of Rowhammer vulnerability that could allow attackers to access info stored…

Cloud Blog: New DNS Armor can help detect, mitigate domain name system risks

—

by

Source URL: https://cloud.google.com/blog/products/identity-security/introducing-dns-armor-to-mitigate-domain-name-system-risks/ Source: Cloud Blog Title: New DNS Armor can help detect, mitigate domain name system risks Feedly Summary: The Domain Name System (DNS) is like the internet’s phone book, automatically and near-instantly translating requests for websites and mobile apps from their domain names to the Internet Protocol addresses of the actual computers hosting…

The Register: Self-propagating worm fuels latest npm supply chain compromise

—

by

Source URL: https://www.theregister.com/2025/09/16/npm_under_attack_again/ Source: The Register Title: Self-propagating worm fuels latest npm supply chain compromise Feedly Summary: Intrusions bear the same hallmarks as recent Nx mess The npm platform is the target of another supply chain attack, with crims already compromising 187 packages and counting.… AI Summary and Description: Yes Summary: The text discusses a…

Krebs on Security: Self-Replicating Worm Hits 180+ Software Packages

—

by

Source URL: https://krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/ Source: Krebs on Security Title: Self-Replicating Worm Hits 180+ Software Packages Feedly Summary: At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages…

Bulletins: Vulnerability Summary for the Week of September 8, 2025

—

by

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-258 Source: Bulletins Title: Vulnerability Summary for the Week of September 8, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Adobe–Acrobat Reader Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the…

The Register: ‘FileFix’ attacks use fake Facebook security alerts to trick victims into running infostealers

—

by

Source URL: https://www.theregister.com/2025/09/16/filefix_attacks_facebook_security_alert/ Source: The Register Title: ‘FileFix’ attacks use fake Facebook security alerts to trick victims into running infostealers Feedly Summary: Tech evolved from PoC to global campaign in under two months An attack called FileFix is masquerading as a Facebook security alert before ultimately dropping the widely used StealC infostealer and malware downloader.……

Unit 42: The Risks of Code Assistant LLMs: Harmful Content, Misuse and Deception

Sep 15, 2025

—

by

Source URL: https://unit42.paloaltonetworks.com/code-assistant-llms/ Source: Unit 42 Title: The Risks of Code Assistant LLMs: Harmful Content, Misuse and Deception Feedly Summary: We examine security weaknesses in LLM code assistants. Issues like indirect prompt injection and model misuse are prevalent across platforms. The post The Risks of Code Assistant LLMs: Harmful Content, Misuse and Deception appeared first…

The Register: Careless engineer stored recovery codes in plaintext, got whole org pwned

Sep 15, 2025

—

by

Source URL: https://www.theregister.com/2025/09/15/ransomware_recovery_codes_plaintext/ Source: The Register Title: Careless engineer stored recovery codes in plaintext, got whole org pwned Feedly Summary: Cautionary tale from the recent SonicWall attacks Failing to encrypt sensitive data leaves you wide open to attack. During the recent SonicWall attack spree, intruders bypassed multi-factor authentication (MFA) in at least one case, because…

Google Online Security Blog: Supporting Rowhammer research to protect the DRAM ecosystem

Sep 15, 2025

—

by