Former CIA Analyst Unlawfully Transmits National Defense Data, Sentenced to Prison
A former CIA analyst was sentenced to three years and one month in prison for transmitting sensitive data.
Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
Cybersecurity researchers are calling attention to a “large-scale campaign” that has been observed compromising legitimate websites with malicious JavaScript injections. According to Palo Alto Networks Unit 42, these malicious injects are obfuscated using JSFuck, which refers to an “esoteric and educational programming style” that uses only a limited set ofRead More »Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost
Noteworthy stories that might have slipped under the radar: Cloudflare outage not caused by cyberattack, Dutch police identified 126 users of Cracked.io, the Victoria’s Secret cyberattack has cost $10 million. The post In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost appeared first on SecurityWeek.
TeamFiltration Abused in Entra ID Account Takeover Campaign
Threat actors have abused the TeamFiltration pentesting framework to target over 80,000 Entra ID user accounts. The post TeamFiltration Abused in Entra ID Account Takeover Campaign appeared first on SecurityWeek.
40,000 IoT Security Cameras Are Exposed Online
Research shows that more than 40,000 security cameras across the globe are exposed to the internet.
Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday
Industry professionals comment on the Trump administration’s new executive order on cybersecurity. The post Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday appeared first on SecurityWeek.
Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of an unnamed utility billing software provider. “This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp
SimpleHelp Vulnerability Exploited Against Utility Billing Software Users
CISA warns that vulnerable SimpleHelp RMM instances have been exploited against a utility billing software provider’s customers. The post SimpleHelp Vulnerability Exploited Against Utility Billing Software Users appeared first on SecurityWeek.
CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
Introduction: Security at a Tipping Point Security Operations Centers (SOCs) were built for a different era, one defined by perimeter-based thinking, known threats, and manageable alert volumes. But today’s threat landscape doesn’t play by those rules. The sheer volume of telemetry, overlapping tools, and automated alerts has pushed traditional SOCsRead More »CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
Paragon Spyware Used to Spy on European Journalists
Paragon is an Israeli spyware company, increasingly in the news (now that NSO Group seems to be waning). “Graphite” is the name of its product. Citizen Lab caught it spying on multiple European journalists with a zero-click iOS exploit: On April 29, 2025, a select group of iOS users wereRead More »Paragon Spyware Used to Spy on European Journalists