Discover a wonderful selection of rare and collectible books, used copies, signed and first editions and more, from booksellers located around the world.

Security researchers have attributed the attempted use of destructive "wiper" malware across Poland's energy infrastructure in late December to a Russian-backed hacking group known for causing power o...

A cyberattack targeting Poland's power grid in late December 2025 has been linked to the Russian state-sponsored hacking group Sandworm, which attempted to deploy a new destructive data-wiping malware dubbed DynoWiper during the attack..

View post on Reddit.

An urgent security update addressing a critical vulnerability in NSIGHT Graphics for Linux that could allow attackers to execute arbitrary code on affected systems. The flaw, tracked as CVE-2025-33206, has been rated as High severity with a CVSS score of 7.8. The vulnerability in NVIDIA NSIGHT Graphics for Linux allows attackers to inject commands . A successful exploit could result in unauthorized code execution, privilege escalation, data tampering, or denial-of-service attacks. The vulnerability requires local access and user interaction to trigger. However, it presents a significant risk to development and graphics-related workloads. CVE ID CVSS Attack Vector Impact Affected Platform Vulnerable Versions CVE-2025-33206 7.8 Local Code execution, privilege escalation, data tampering, DoS Linux All versions before 2025.5 The weakness stems from improper input validation in command processing, classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command). Attackers with local system access could craft malicious inputs to escape intended command contexts and execute arbitrary system commands with elevated privileges. The attack requires local access and user interaction (UI: R), meaning an attacker must trick a user into performing a specific action. However, once triggered, the vulnerability grants unauthorized code execution capabilities with high impact on confidentiality, integrity, and availability. Affected Systems and Patching All versions of NVIDIA NSIGHT Graphics for Linux before version 2025.5 are vulnerable. Organizations running NSIGHT Graphics must immediately upgrade to version 2025.5 or later to remediate the vulnerability. Users should immediately download and install NVIDIA NSIGHT Graphics 2025.5 from the official NVIDIA developer portal. Until patches can be deployed, organizations should restrict local access to systems running vulnerable versions and implement the principle of least privilege. Additional details and the latest security bulletins are available on NVIDIA’s official Product Security page , which also provides subscription options for security notifications. Follow us on Google News , LinkedIn , and X for daily cybersecurity updates. Contact us to feature your stories. The post NVIDIA NSIGHT Graphics for Linux Vulnerability Allows Code Execution Attacks appeared first on Cyber Security News .

Threat actors are leveraging a dangerous new campaign that weaponizes ordinary-looking shipping documents to distribute Remcos, a powerful remote access trojan. This phishing scheme uses fake shipping emails as the entry point, tricking users into opening malicious Word documents disguised as legitimate cargo documentation. Once a victim opens the document, the attack chain begins silently, compromising the system without visible warning. The malware delivers a commercial-grade remote access tool capable of taking complete control of infected machines. The Remcos variant identified in this campaign represents a particularly troubling advancement in attack sophistication. Unlike traditional malware that leaves obvious traces, this version operates in a fileless manner, meaning it executes entirely in system memory without writing suspicious files to disk. This stealthy approach makes detection significantly harder for security teams relying on traditional file-based threat detection. The campaign specifically targets Windows users and represents a high-severity risk to any organization that hasn’t implemented robust email security measures. The Remcos variant infection chain (Source – Fortinet) Fortinet analysts identified the malware after discovering the phishing emails being sent in the wild. The security researchers documented how attackers crafted the shipping document emails with authentic-looking branding and reference numbers to maximize the chances of victims opening the attachments. Once opened in Microsoft Word, the document automatically fetches a malicious template from a remote server, triggering a chain of exploits that ultimately installs Remcos on the target system. The phishing email contents (Source – Fortinet) The attack uses a known but still-critical vulnerability called CVE-2017-11882 in the Microsoft Equation Editor. When the downloaded template file is processed, it contains specially crafted data designed to crash the Equation Editor in a controlled way. This crash allows attackers to execute arbitrary code with the same permissions as the Word application, providing a perfect launching point for the malware installation process. Infection Chain and Persistence Mechanisms The way this malware achieves persistence demonstrates careful engineering by the attackers. After the initial exploitation, the attack downloads a Visual Basic Script that further downloads a .NET module. This module is then loaded into a PowerShell process where it operates invisibly. Decrypted SETTINGS data (Source – Fortinet) The Remcos agent itself masquerades as a legitimate Windows utility file called colorcpl.exe, which helps it blend into normal system operations. To ensure the malware survives system reboots, the threat actors leverage Windows Task Scheduler to create scheduled tasks that relaunch the malware whenever the infected computer starts. The most concerning aspect is the range of capabilities this RAT provides once installed. Remcos can capture screenshots, record keystrokes, monitor microphone and camera input, and access sensitive files stored on the infected machine. Remcos Control Center interface (Source – Fortinet) It can establish connections back to command-and-control servers at 216.9.224.26:51010, allowing attackers to issue remote commands . The malware uses Transport Layer Security encryption to protect its communication with attackers, making network-based detection even more difficult. Organizations discovered with Remcos infections face complete system compromise, as attackers gain administrative-level remote control over their Windows infrastructure. Follow us on  Google News ,  LinkedIn , and  X  to Get More Instant Updates ,  Set CSN as a Preferred Source in  Google . The post Beware of Weaponized Shipping Documents that Deliver Remcos RAT with a Wide Range of Capabilities appeared first on Cyber Security News .

Universal infrastructure monitoring tool - Scan for exposed ICS/SCADA, IoT devices, and critical infrastructure using Shodan and multiple threat intelligence sources - dfrye120/WatchTower

YouTube video by Dan Frye

For years, North Korea has been secretly placing young IT workers inside Western companies. With AI, their schemes are now more devious—and effective—than ever.

In the coming weeks, the shelves at dozens of food pantries in California’s Fresno County will be a little emptier. Visitors won’t be able to take home as many groceries, and their bags will contain f...

Cyber threats targeting the energy sector are increasing, driven by a host of geopolitical and technological factors.