SecurityWeek reports that website and content inferencing could be remotely conducted by threat actors without direct network traffic access via the new SnailLoad side-channel attack technique.
Several latency measurements for websites and YouTube videos viewed by targets are being conducted by threat actors to establish digital fingerprints before luring targets to download files from a malicious server. Such content is slowly loaded by the server to enable continued tracking of connection latency, with threat actors potentially using a convolutional neural network for content inferencing.
Read more…
Source: SC Media
Related:
- Konica Minolta bizhub Multifunction Printer: Pass-Back Attack Vulnerability (NOT FIXED)
June 30, 2025
During security testing, Rapid7 discovered that Konica Minolta bizhub 227 Multifunction printers (MFPs) were vulnerable to a pass-back attack. The affected products identified were: Konica Minolta bizhub MFPs Firmware Version: GCQ-Y3 and earlier This issue has been assigned the following CVEs: CVE-2025-6081: LDAP pass-back vulnerability The Konica Minolta bizhub Multifunction printer (MFP) is an all-in-one enterprise printer designed ...
- Bluetooth security flaw could let hackers spy on your device via microphone
June 30, 2025
Security researchers have uncovered three vulnerabilities in a Bluetooth chipset present in dozens of devices from multiple manufacturers. The vulnerabilities, they say, can be exploited to eavesdrop on people’s conversations, steal call history and contacts information, and possibly even deploy malware on vulnerable devices. However, exploiting the flaws for these purposes is quite difficult, so practical ...
- Hackers hijacked hundreds of devices in an outlandish intel campaign aimed at US and Asian targets
June 29, 2025
A recently disclosed cyber espionage operation, dubbed LapDogs, has drawn scrutiny following revelations from SecurityScorecard’s Strike Team. The operation, believed to be conducted by China-aligned threat actors, has quietly infiltrated over 1,000 devices across the United States, Japan, South Korea, Taiwan, and Hong Kong. What makes this campaign distinctive is its use of hijacked SOHO routers ...
- Hacktivist groups led a massive surge in DDoS on US businesses following an attack on Iran
June 28, 2025
An abrupt and massive rise in Distributed Denial of Service (DDoS) attacks against U.S. businesses has coincided with Washington’s involvement in the Israel-Iran conflict. According to Radware’s Director of Threat Intelligence, Pascal Geenens, between June 21 and 22, 2025, hacktivist-led DDoS claims surged by 800%. This dramatic increase was paralleled by a 900% drop in ...
- FBI, cybersecurity firms say a prolific hacking crew is now targeting airlines and the transportation sector
June 28, 2025
The FBI and cybersecurity firms are warning that the prolific hacking group known as Scattered Spider is now targeting airlines and the transportation sector. In a brief statement on Friday shared with TechCrunch, the FBI said it had “recently observed” cyberattacks resembling Scattered Spider to include the airline sector. Executives from Google’s cybersecurity unit Mandiant and ...
- AI Goes on Offense: How LLMs Are Redefining the Cybercrime Landscape
June 26, 2025
In their last blog, Rapid7 explored the broader rise of AI-enabled threats across ransomware, phishing, and nation-state operations. Now, they’re narrowing in on a specific piece of that evolution: how cybercriminals are using large language models to scale and automate their tactics. AI in cybersecurity is no longer experimental. It’s embedded in workflows, transforming everything from ...