Tech Affare

Author: chouaibcher@gmail.com

  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

    CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

    The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal Civilian Executive Branch (FCEB) agencies to strengthen asset lifecycle management for edge network devices and remove those that no longer receive security updates from original equipment manufacturers (OEMs) over the next 12 to 18 months.
    The agency said the move is to drive down technical debt and minimize​Read More

  • German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists

    German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists

    The Hacker NewsGermany’s Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying out phishing attacks over the Signal messaging app.
    “The focus is on high-ranking targets in​Read More

  • OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills

    OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills

    The Hacker NewsOpenClaw (formerly Moltbot and Clawdbot) has announced that it’s partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the agentic ecosystem.
    “All skills published to ClawHub are now scanned using VirusTotal’s threat intelligence, including their new Code Insight capability,”​Read More

  • Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

    Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

    The Hacker NewsFortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems.
    The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0.

    “An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may​Read More

  • China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign

    China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign

    The Hacker NewsThe Cyber Security Agency (CSA) of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector.
    “UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore’s telecommunications sector,” CSA said. “All four of Singapore’s major telecommunications operators (‘telcos’) – M1, SIMBA Telecom, Singtel, and​Read More

  • SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

    SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

    The Hacker NewsMicrosoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization’s network to other high-value assets.
    That said, the Microsoft Defender Security Research Team said it’s not clear whether the activity weaponized recently​Read More

  • ⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More

    ⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More

    The Hacker NewsCyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths.
    A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted apps, even​Read More

  • How Top CISOs Solve Burnout and Speed up MTTR without Extra Hiring

    How Top CISOs Solve Burnout and Speed up MTTR without Extra Hiring

    The Hacker NewsWhy do SOC teams keep burning out and missing SLAs even after spending big on security tools? Routine triage piles up, senior specialists get dragged into basic validation, and MTTR climbs, while stealthy threats still find room to slip through. Top CISOs have realized the solution isn’t hiring more people or stacking yet another tool onto the workflow, but giving their teams faster, clearer​Read More

  • North Korea-Linked UNC1069 Uses AI Lures to Attack Cryptocurrency Organizations

    North Korea-Linked UNC1069 Uses AI Lures to Attack Cryptocurrency Organizations

    The Hacker NewsThe North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft.
    “The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported usage of AI-generated​Read More

  • DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies

    DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies

    The Hacker NewsThe information technology (IT) workers associated with the Democratic People’s Republic of Korea (DPRK) are now applying to remote positions using real LinkedIn accounts of individuals they’re impersonating, marking a new escalation of the fraudulent scheme.
    “These profiles often have verified workplace emails and identity badges, which DPRK operatives hope will make their fraudulent​Read More