Surge in Leaked Credentials: Up 160%—Understanding the Tactics of Cyber Attackers
Leaked Credentials Surge by 160%: Unpacking the Threat Landscape August 8, 2025 Identity Protection / Endpoint Security The digital landscape has witnessed a striking surge in credential leaks, a development that carries profound implications for organizations across sectors. Though the…
Scattered Spider Launches New Telegram Channel to Disclose Attacks In a recent development in the world of cybersecurity, the notorious threat actor group known as Scattered Spider has established a Telegram channel dedicated to publicizing its cyberattacks. This move appears…
GPUHammer: New RowHammer Attack Variant Compromises AI Model Integrity on NVIDIA GPUs
NVIDIA is advising customers to activate System-level Error Correction Codes (ECC) as a safeguard against a newly identified variant of the RowHammer attack targeting its graphics processing units (GPUs). “The likelihood of successful RowHammer exploitation varies depending on DRAM device, platform, design specifications, and system settings,” the company noted in a recent advisory. Named GPUHammer, this marks the first incident of a RowHammer exploit impacting NVIDIA GPUs, such as the A6000 with GDDR6 memory. This attack allows malicious users to manipulate other users’ data by inducing bit flips in GPU memory. Researchers from the University of Toronto highlighted a particularly alarming outcome: the accuracy of an AI model can plummet from 80% to below 1%. RowHammer poses a similar risk to modern DRAMs as Spectre and Meltdown do for contemporary CPUs, representing critical hardware-level security vulnerabilities.
GPUHammer: New RowHammer Attack Variant Threatens AI Performance on NVIDIA GPUs On July 12, 2025, NVIDIA issued a critical advisory urging its customers to activate System-level Error Correction Codes (ECC) to combat a newly revealed variant of RowHammer attacks targeting…
Date: Nov 11, 2024
Category: Malware / SEO Poisoning
In a uniquely targeted effort, individuals looking for information on the legality of Bengal Cats in Australia are falling victim to the GootLoader malware. “We discovered GootLoader operators utilizing search inquiries regarding a specific cat breed and region to deliver malware: ‘Are Bengal Cats legal in Australia?'” noted Sophos researchers Trang Tang, Hikaru Koike, Asha Castle, and Sean Gallagher in a report released last week. GootLoader, as its name suggests, is a malware loader typically spread through search engine optimization (SEO) poisoning techniques for initial entry. The malware is triggered when users search for terms related to legal documents and agreements; this leads to compromised links that direct them to infected websites hosting a ZIP file containing a JavaScript payload. Once executed, it paves the way for further malicious software installation.
New GootLoader Campaign Targets Searches for Bengal Cat Laws in Australia In a targeted cybersecurity threat, attackers are leveraging interest in the legality of Bengal cats in Australia to distribute GootLoader malware. This specific campaign highlights the methodical approach employed…
Researchers in the Netherlands have uncovered serious vulnerabilities in encryption standards used across various critical communication systems, including those for law enforcement and military applications. Two years ago, these researchers revealed an intentional backdoor in the TETRA (Terrestrial Trunked Radio)…
Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Company Claims Enhanced Model Reduces Hallucination, Excels in Benchmarks Rashmi Ramesh ( rashmiramesh_) • August 8, 2025 Image: Rokas Tenys/Shutterstock OpenAI has officially launched its latest AI model, GPT-5, making…
Date: Aug 09, 2025
Category: Vulnerability / Enterprise Security
Cybersecurity researchers have uncovered a series of serious vulnerabilities in the secure vault systems of CyberArk and HashiCorp. These flaws can potentially allow remote attackers to infiltrate corporate identity systems, extracting sensitive information and tokens. Identified collectively as “Vault Fault,” the 14 vulnerabilities impact CyberArk’s Secrets Manager, Self-Hosted, and Conjur Open Source, as well as HashiCorp Vault, as detailed in a report from identity security firm Cyata.
Following responsible disclosure in May 2025, the vulnerabilities have been addressed in the following updates:
The vulnerabilities include serious issues such as authentication bypasses, impersonation, privilege escalation, code execution pathways, and root token theft. The most critical flaw allows for remote code execution, posing a significant threat to security.
CyberArk and HashiCorp Vulnerabilities Expose Corporate Vaults to Remote Takeover August 9, 2025—In a significant cybersecurity alert, researchers have identified a series of vulnerabilities in the enterprise secure vaults offered by CyberArk and HashiCorp. These vulnerabilities, totaling 14 and collectively…
Google has confirmed a significant hacking incident. SOPA Images/LightRocket via Getty Images Update, August 9, 2025: This report has been updated to reflect new insights from cybersecurity experts on the confirmed breach involving Google, elaborating on the compromised user data…
Cybersecurity researchers have uncovered a new hacking technique that exploits vulnerabilities in eSIM technology, putting users at significant risk. This issue particularly affects the Kigen eUICC card, with over two billion IoT device SIMs activated as of December 2020, according to the Irish company’s website. The findings come from Security Explorations, a research lab affiliated with AG Security Research, which was awarded a $30,000 bounty by Kigen for their report. An eSIM, or embedded SIM, is a digital SIM card integrated into a device via software on an Embedded Universal Integrated Circuit Card (eUICC) chip. eSIMs enable users to activate cellular plans without needing a physical SIM card, while eUICC software facilitates the installation of operator profiles, remote provisioning, and SIM profile management.
eSIM Vulnerability in eUICC Cards Threatens Billions of IoT Devices to Cyber Attacks In a significant cybersecurity breakthrough, researchers have unveiled a vulnerability within the eSIM technology that could expose billions of Internet of Things (IoT) devices to malicious attacks.…
THN Weekly Roundup: Key Cybersecurity Threats, Tools, and Practices (Nov 4 – Nov 10)
📅 Published: November 11, 2024
Category: Cybersecurity / Hacking News
⚠️ Picture this: the tools you rely on for online security—two-factor authentication, your car’s tech, and even your security software—have become covert accomplices for hackers. Sounds like a suspenseful plot, right? Yet, in 2024, this is the startling reality of cyber threats. Today’s adversaries are leveraging our trusted resources as hidden gateways, evading defenses without leaving a trace. For financial institutions, this development is particularly concerning. Modern malware doesn’t just compromise codes; it undermines the very trust that underpins digital banking. These advanced threats often stay one step ahead of our protective measures.
Moreover, critical infrastructure in our cities is under siege. Cybercriminals are infiltrating the very tools that operate these essential services, making detection and prevention increasingly challenging. It’s a tense game of cat and mouse, where every action heightens the stakes. As these threats escalate, let’s explore …
THN Recap: Key Cybersecurity Threats, Tools, and Practices (Nov 04 – Nov 10) Published: Nov 11, 2024 Category: Cybersecurity / Hacking News This week, the landscape of cybersecurity has taken a concerning turn as trusted protection tools are being exploited…
