Critical OpenSSH Vulnerabilities Could Enable Traffic Interception and Service Disruption
Qualys researchers uncover two serious security flaws in OpenSSH that could allow attackers to perform man-in-the-middle attacks and cause system crashes. The vulnerabilities affect multiple versions of this widely-used secure networking tool, prompting urgent patches and mitigation recommendations.
AI-Generated Optical Illusions: A New Frontier in Human-Bot Detection
Researchers have developed AI-powered optical illusions that can effectively distinguish between human users and automated bots, potentially revolutionizing website security. This innovative approach leverages human visual perception patterns to create puzzles that confound AI systems while remaining solvable by humans.
Hidden Data in Emojis: Engineer Reveals Unicode Steganography Technique
A software engineer has discovered how to embed secret data within emoji using Unicode variation selectors, raising security concerns. The technique could enable message tracking and bypass content moderation while remaining invisible to human readers.
Russian Hackers Exploit Microsoft Device Code Authentication to Target M365 Accounts
Security researchers uncover sophisticated Russian threat actors using Microsoft's legitimate Device Code Authentication to compromise M365 accounts of government organizations and NGOs. The attack leverages social engineering and authentic Microsoft domains to bypass traditional security measures.
Cyber Espionage Targets Military Drone Systems Amid Global Conflicts
Recent investigations uncover an alarming increase in cyberattacks targeting drone and counter-drone technologies during major conflicts like the Russia-Ukraine war. State-sponsored actors and cybercriminals are pursuing sensitive military data while tracking buyers and targeting drone specialists.
Critical Windows Security Update Patches 55 Flaws, Including Two Active Exploits
Microsoft's February 2025 Patch Tuesday addresses 55 security vulnerabilities in Windows systems, with two zero-day flaws already exploited by hackers. The update fixes multiple critical issues including remote code execution and privilege elevation vulnerabilities.
Password Manager Attacks Triple as Cybercriminals Deploy Advanced Malware
New research reveals malware targeting password storage systems now accounts for 25% of all variants, with attacks becoming increasingly sophisticated. Security experts recommend combining password managers with multi-factor authentication while maintaining their value as an essential security tool.
Massive Botnet Deploys 2.8M IPs in Global VPN Infrastructure Attack
A massive cyber attack campaign utilizing 2.8 million compromised IP addresses is targeting major VPN and security devices worldwide through automated brute force attempts. The attack, largely originating from US-based IPs, employs a botnet of hijacked consumer routers to route malicious traffic through organizational networks.
Browser Syncjacking: The New Chrome Extension Attack That Gives Hackers Full Device Control
A dangerous new cyberattack method called 'browser syncjacking' exploits Chrome extensions to give attackers complete control of victims' computers. The attack uses legitimate-looking extensions and Google sync features to steal sensitive data and establish backdoor access.
US Lawmakers Move to Ban Chinese AI App DeepSeek from Government Devices
A bipartisan bill aims to prohibit federal employees from using DeepSeek on government devices due to national security concerns about data collection by China. The legislation follows discoveries of code that could transmit user data to China Telecom and mirrors similar restrictions in other countries.