- Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theftby info@thehackernews.com (The Hacker News) on 06/08/2025 at 20:30
Cybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment. The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at the
- Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scamsby info@thehackernews.com (The Hacker News) on 06/08/2025 at 20:00
The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google's official app storefronts under the guise of seemingly useful applications. These apps masquerade as VPNs, device "monitoring" apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said in an exhaustive
- AI Slashes Workloads for vCISOs by 68% as SMBs Demand More – New Report Revealsby info@thehackernews.com (The Hacker News) on 06/08/2025 at 11:00
As the volume and sophistication of cyber threats and risks grow, cybersecurity has become mission-critical for businesses of all sizes. To address this shift, SMBs have been urgently turning to vCISO services to keep up with escalating threats and compliance demands. A recent report by Cynomi has found that a full 79% of MSPs and MSSPs see high demand for vCISO services among SMBs. How are
- Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Toolsby info@thehackernews.com (The Hacker News) on 06/08/2025 at 10:36
Microsoft on Tuesday announced an autonomous artificial intelligence (AI) agent that can analyze and classify software without assistance in an effort to advance malware detection efforts. The large language model (LLM)-powered autonomous malware classification system, currently a prototype, has been codenamed Project Ire by the tech giant. The system "automates what is considered the gold
- Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systemsby info@thehackernews.com (The Hacker News) on 06/08/2025 at 08:57
Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild. The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both rated 9.4 on the CVSS scoring system, have been described as management console command injection and remote code execution flaws. "A vulnerability in Trend Micro