Latest news as of 4/21/2025, 2:21:06 AM
The Hacker News
A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family called CurlBack RAT. The activity, detected by SEQRITE in December 2024, targeted Indian entities under railway, oil and gas, and external affairs ministries, marking an expansion of the hacking crew's
Graham Cluley
Read more in my article on the Hot for Security blog.
Dark Reading
A threat actor has claimed responsibility for the alleged politically motivated attack and has uploaded the stolen data to a Dark Web forum.
The Register
PLUS: Chinese robodogs include backdoor; OpenAI helps spammer; A Dutch data disaster; And more! Fortinet last week admitted that attackers have found new ways to exploit three flaws it thought it had fixed last year.… Infosec In Brief
The Register
PLUS: India's new electronics subsidies; Philippines unplugs a mobile carrier; Alibaba Cloud expands Chinese officials admitted to directing cyberattacks on US infrastructure at a meeting with their American counterparts, according to The Wall Street Journal.… Asia In Brief
The Register
Military units, government nerds appear to join the fray, with physical infra in sights From triggering a water tank overflow in Texas to shutting down Russian state news services on Vladimir Putin's birthday, self-styled hacktivists have been making headlines.… Feature
Have I Been Pwned
In March 2025, . Allegedly due to credentials being obtained by malware running on a Spectos employee's machine, the breach included 216k unique email addresses along with names, physical addresses, items purchased from Samsung Germany and related support tickets and shipping tracking numbers. data from Samsung Germany was compromised in a data breach of their logistics provider, Spectos
Bleeping Computer
A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for coding and the model's tendency to "hallucinate" non-existent package names. [...]
Bleeping Computer
Phishing-as-a-service (PhaaS) platform Tycoon2FA, known for bypassing multi-factor authentication on Microsoft 365 and Gmail accounts, has received updates that improve its stealth and evasion capabilities. [...]
Bleeping Computer
OpenAI is working on yet another AI model, reportedly called GPT-4.1, a successor to GPT-4o. [...]