Author: Declan Murphy

Cybersecurity researchers have found a contemporary set of safety points within the Terrestrial Trunked Radio (TETRA) communications protocol, together with in its proprietary end-to-end encryption (E2EE) mechanism that exposes the system to replay and brute-force assaults, and even decrypt encrypted visitors. Particulars of the vulnerabilities – dubbed 2TETRA:2BURST – have been offered on the Black Hat USA

Safety researchers have uncovered a “zero-click” denial-of-service chain that may silently flip 1000’s of Microsoft Home windows Area Controllers (DCs) right into a globe-spanning botnet, elevating recent alarms in a yr already outlined by record-breaking distributed-denial-of-service (DDoS) exercise. DDoS assaults climbed 56% year-over-year in late-2024 in line with Gcore’s newest Radar report, and Cloudflare’s community has already blocked single floods peaking at 7.3 Tbps in 2025, the biggest ever disclosed. With the common minute of downtime now costing round $6,000 and typical incidents topping $400,000 for small and midsize corporations, defenders face mounting stress even earlier than new exploitation strategies…

New Heimdal research reveals how device sprawl creates blind spots, with over half of suppliers experiencing each day or weekly burnout  Survey of 80 North American MSPs exhibits fragmented safety stacks drive fatigue, missed threats, and enterprise inefficiency. Safety instruments meant to guard managed service suppliers are as an alternative overwhelming them. A brand new research from Heimdal and FutureSafe reveals that 89% of MSPs battle with device integration whereas 56% expertise alert fatigue each day or weekly. The analysis exposes a harmful paradox. MSPs experiencing excessive alert fatigue are considerably extra more likely to miss actual threats. The very instruments deployed…

A cyberattack on Bouygues Telecom uncovered knowledge for six.4 million prospects. Discover out what info was compromised and what you should do to guard your self from scams, as the corporate warns prospects to be on excessive alert. French telecommunications big Bouygues Telecom has confirmed a cyberattack that resulted within the private info of 6.4 million prospects being uncovered. The corporate, which serves practically 27 million cellular customers throughout France, found the safety breach on August 4th. What Was Compromised? An investigation by the corporate revealed that hackers gained entry to quite a lot of buyer particulars. This consists of…

A novel assault method could possibly be weaponized to rope 1000’s of public area controllers (DCs) around the globe to create a malicious botnet and use it to conduct energy distributed denial-of-service (DDoS) assaults. The method has been codenamed Win-DDoS by SafeBreach researchers Or Yair and Shahak Morag, who offered their findings on the DEF CON 33 safety convention right now. “As we

Haziz initially got down to construct an eBPF-based real-time monitoring instrument for ECS workloads. Whereas doing so, he intercepted communication between the ECS agent and AWS backend as a part of his debugging course of, which is when he observed the undocumented WebSocket channel. From lowly duties to privileged IAM roles Due to the default availability of IMDS, any container (with low-level entry) on an EC2-based ECS occasion can learn the occasion function credentials meant for the ECS agent.“No container breakout (no hostroot entry) was required – nonetheless IMDS entry was required through intelligent community and system trickery from inside…

A Nigerian man has been extradited from France to face hacking, identification theft, and fraud costs within the US. He and his co-conspirators allegedly used spearphishing to steal buyer knowledge, submitting fraudulent tax returns and catastrophe reduction claims price thousands and thousands of {dollars}. In a much-awaited authorized transfer, Nigerian man Chukwuemeka Victor Amachukwu, a/ok/a “Chukwuemeka Victor Eletuo” and “So Kwan Leung,” was lately extradited from France to the USA to face costs associated to hacking, fraud, and identification theft. The extradition, introduced by the FBI and the Division of Justice, marks the fruits of in depth teamwork between US…

Cybersecurity researchers have disclosed vulnerabilities in choose mannequin webcams from Lenovo that might flip them into BadUSB assault gadgets. “This enables distant attackers to inject keystrokes covertly and launch assaults unbiased of the host working system,” Eclypsium researchers Paul Asadoorian, Mickey Shkatov, and Jesse Michael mentioned in a report shared with The Hacker Information. The

Microsoft safety researchers have uncovered 4 important vulnerabilities in Home windows BitLocker that might enable attackers with bodily entry to bypass the encryption system and extract delicate knowledge. The findings, revealed in analysis dubbed “BitUnlocker,” show subtle assault strategies focusing on the Home windows Restoration Setting (WinRE) to bypass Microsoft’s flagship knowledge safety expertise. Safety Flaws Goal Home windows Restoration Setting The vulnerabilities, found by Alon Leviev and Netanel Ben Simon from Microsoft’s Offensive Analysis & Safety Engineering (MORSE) workforce, exploit weaknesses in how WinRE processes exterior information and configurations. The researchers recognized 4 distinct assault vectors that enable unauthorized…

“Sadly, due to the pure language nature of immediate injections, blocking them utilizing classifiers or any sort of blacklisting isn’t sufficient,” they mentioned in their report. “There are simply too some ways to write down them, hiding them behind benign matters, utilizing completely different phrasings, tones, languages, and many others. Identical to we don’t contemplate malware mounted as a result of one other pattern made it right into a deny checklist, the identical is true for immediate injection.” Hijacking Cursor coding assistant by way of Jira tickets As a part of the identical analysis effort, Zenity additionally investigated Cursor, some…