IT Security News
Press release/News aggregator
IT Security News
Aggregated IT Security News and articles about information security, vulnerabilities, exploits, patches, releases, software, features, hacks, laws, spam, viruses, malware, breaches. Source
Actions
Media Outlet details
| Scope | International |
|---|---|
| Language | English, German |
| Country | United States of America |
|
Similarweb UVM |
Request pricing |
|
Comscore UVM |
Request pricing |
Recent Articles
Search ArticlesMachine Identity Debt: Why Human Identity Is No Longer Cloud Security's Primary Boundary
Cloud-native systems now create far more machine identities than human ones. Security strategies built around workforce identity are no longer sufficient. Here's what engineering leaders should build instead. The Breach That Didn't Need a Password On August 8, 2025, a threat actor now tracked by Google's Threat Intelligence Group as UNC6395 began quietly moving through the Salesforce instances of hundreds of companies. No phishing email landed in an inbox that day. No password was cracked.
Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found
Google and Microsoft have pulled ModHeader, a popular header-editing extension with roughly 1.6 million installs across Chrome and Edge, after researchers found a hidden browsing-history collector built into its official store version. The collector was dormant. An empty allow-list kept it switched off, and no proof has emerged that it ever gathered or sent a single browsing domain. The This article has been indexed from The Hacker News Read the original article:
CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks
Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in native C++, according to Jamf Threat Labs. "It validates the victim's login password locally before This article has been indexed from The Hacker News Read the original article:
Microsoft Entra ID security updates: Passkeys are the default authentication method in Entra ID
Microsoft Entra ID makes passkeys the default sign-in experience and introduces a new model for SMS and voice authentication. Read about how to prepare. The post Microsoft Entra ID security updates: Passkeys are the default authentication method in Entra ID appeared first on Microsoft Security Blog. This article has been indexed from Microsoft Security Blog
Hackers breach Lidl's IT service provider, steal customer data
German discount supermarket chain Lidl has notified customers in Germany, Belgium, and the Netherlands that customer data was stolen after attackers breached one of its IT service providers. In notices published on its support websites in Belgium and the Netherlands, Lidl said it was informed of the incident last week. "Despite high IT security standards, unidentified individuals were briefly able to access a separately stored file containing customer data and steal some of it. The ...
New macOS Stealer Mimics Apple's Crash Report Framework to Steal Browser Credentials
CrashStealer, a native C++ macOS infostealer that disguises itself as Apple's built-in crash-reporting utility to harvest browser credentials, cryptocurrency wallets, password manager data, and keychain contents before encrypting and exfiltrating everything to a remote command-and-control server.
US authorities warn that state-linked hackers are targeting vulnerable networking devices
By IT Security News Bot Hackers linked to Russian intelligence have exploited vulnerabilities in Cisco Smart Install devices. This article has been indexed from Cybersecurity Dive - Latest News Read the original article:
Hackers find a new trick to collect Microsoft Entra user data without raising red flags
By IT Security News Bot Organizations should check their logs for signs of an increasingly popular obfuscation technique, Proofpoint said. This article has been indexed from Cybersecurity Dive - Latest News Read the original article:
Compromised Jscrambler npm Releases Target Developer Environments with Cross-Platform Rust Infostealer
Developers and organizations using the Jscrambler npm package are being urged to audit their systems after multiple malicious releases were uploaded to the npm registry through a compromised publishing credential. The incident transformed a trusted development dependency into a malware delivery mechanism capable of stealing credentials, browser sessions, cryptocurrency wallets, and sensitive configuration files from Windows, macOS, and Linux systems.
Zimbra Urges Immediate Update to Fix Critical Classic Web Client XSS Vulnerability
Zimbra has released a security update to address a critical vulnerability in the Zimbra Classic Web Client that could allow malicious actors to compromise user accounts and execute unauthorized code. The company recommends that customers install the latest update to mitigate the threat. The flaw is a stored cross-site scripting (XSS) vulnerability that could allow an unauthenticated attacker to execute malicious JavaScript in the browser of a user viewing a specially crafted email message.