Latest Cybersecurity News and Articles
03 October 2025
The French cybersecurity startup tricks attackers into revealing stolen credentials so they can be neutralized.
The post MokN Raises $3 Million for Phish-Back Solution appeared first on SecurityWeek.
03 October 2025
A threat actor that's known to share overlaps with a hacking group called YoroTrooper has been observed targeting the Russian public sector with malware families such as FoalShell and StallionRAT.
Cybersecurity vendor BI.ZONE is tracking the activity under the moniker Cavalry Werewolf. It's also assessed to have commonalities with clusters tracked as SturgeonPhisher, Silent Lynx, Comrade Saiga,
03 October 2025
The software giant’s investigation showed that vulnerabilities patched in July 2025 may be involved.
The post Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks appeared first on SecurityWeek.
03 October 2025
High-severity flaws were patched in Chrome’s WebGPU and Video components, and in Firefox’s Graphics and JavaScript Engine components.
The post Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities appeared first on SecurityWeek.
03 October 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, CVE-2025-4008 (CVSS score: 8.7), is a case of command injection in the Meteobridge web interface that could result in code execution.
"
03 October 2025
Hackers claim to have stolen 28,000 private repositories, including data associated with major companies that use Red Hat services.
The post Red Hat Confirms GitLab Instance Hack, Data Theft appeared first on SecurityWeek.
02 October 2025
The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan with malware families like WooperStealer and Anondoor.
"Over the past decade, Confucius has repeatedly targeted government agencies, military organizations, defense contractors, and critical industries -- especially in Pakistan – using spear-phishing and malicious documents as initial
02 October 2025
ENISA has published its 2025 Threat Landscape report, highlighting some of the attacks aimed at OT systems.
The post Many Attacks Aimed at EU Targeted OT, Says Cybersecurity Agency appeared first on SecurityWeek.
02 October 2025
Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems.
The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down. It was first
02 October 2025
The Canadian airline fell victim to a cyberattack in June and has completed the analysis of stolen information.
The post 1.2 Million Impacted by WestJet Data Breach appeared first on SecurityWeek.
02 October 2025
Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is time we automate the delivery of these results.
The way results are delivered hasn’t kept up with today’s fast-moving threat landscape. Too often, findings are packaged into static reports, buried in PDFs or spreadsheets, and handed off manually to
02 October 2025
The hackers stole names, contact details, Social Security numbers, and driver’s license numbers in an August 19 ransomware attack.
The post 766,000 Impacted by Data Breach at Dealership Software Provider Motility appeared first on SecurityWeek.
02 October 2025
From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions.
On the defense side, AI is stepping up to block ransomware in real
02 October 2025
Google Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of activity possibly linked to a financially motivated threat actor known as Cl0p.
The malicious activity involves sending extortion emails to executives at various organizations and claiming to have stolen sensitive data from their Oracle E-Business Suite.
"This activity began on or
02 October 2025
The attack uses a passive interposer to control the SGX enclave and extract the DCAP attestation key, breaking the mechanism.
The post WireTap Attack Breaks Intel SGX Security appeared first on SecurityWeek.
02 October 2025
Running a SOC often feels like drowning in alerts. Every morning, dashboards light up with thousands of signals; some urgent, many irrelevant. The job is to find the real threats fast enough to keep cases from piling up, prevent analyst burnout, and maintain client or leadership confidence.
The toughest challenges, however, aren’t the alerts that can be dismissed quickly, but the ones that hide
02 October 2025
The attackers are claiming to be affiliated with the notorious Cl0p ransomware group and links have been found to FIN11.
The post Cybercriminals Claim Theft of Data From Oracle E-Business Suite Customers appeared first on SecurityWeek.
02 October 2025
The company plans to triple its engineering and go‑to‑market teams and to accelerate its agentic AI platform.
The post Zania Raises $18 Million for AI-Powered GRC Platform appeared first on SecurityWeek.
02 October 2025
Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to target users in the United Arab Emirates (U.A.E.).
Slovak cybersecurity company ESET said the malicious apps are distributed via fake websites and social engineering to trick unsuspecting users into downloading them. Once installed, both the spyware
02 October 2025
In July, hackers stole files containing names, addresses, dates of birth, and Social Security numbers from a cloud-based CRM.
The post 1.5 Million Impacted by Allianz Life Data Breach appeared first on SecurityWeek.