ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs
by info@thehackernews.com (The Hacker News) on July 10, 2025 at 7:24 am
A high-severity security flaw has been disclosed in ServiceNow's platform that, if successfully exploited, could result in data exposure and exfiltration. The vulnerability, tracked as CVE-2025-3648 (CVSS score: 8.2), has been described as a case of data inference in Now Platform through conditional access control list (ACL) rules. It has been codenamed Count(er) Strike. "A vulnerability has
Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets
by info@thehackernews.com (The Hacker News) on July 9, 2025 at 4:26 pm
The Initial Access Broker (IAB) known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized access to organizations and peddle that access to other threat actors. The activity is being tracked by Palo Alto Networks Unit 42 under the moniker TGR-CRI-0045, where "TGR" stands for "temporary group" and "CRI" refers to criminal motivation.
DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware
by info@thehackernews.com (The Hacker News) on July 9, 2025 at 1:28 pm
A threat actor with suspected ties to India has been observed targeting a European foreign affairs ministry with malware capable of harvesting sensitive data from compromised hosts. The activity has been attributed by Trellix Advanced Research Center to an advanced persistent threat (APT) group called DoNot Team, which is also known as APT-C-35, Mint Tempest, Origami Elephant, SECTOR02, and
U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme
by info@thehackernews.com (The Hacker News) on July 9, 2025 at 11:25 am
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology (IT) worker scheme. The Treasury said Song Kum Hyok, a 38-year-old North Korean national with an address in the Chinese province of Jilin, enabled the fraudulent operation by using
How To Automate Ticket Creation, Device Identification and Threat Triage With Tines
by info@thehackernews.com (The Hacker News) on July 9, 2025 at 11:00 am
Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform’s Community Edition. A recent standout is a workflow that handles malware alerts with CrowdStrike, Oomnitza, GitHub, and PagerDuty. Developed by Lucas Cantor at