Ransomware incidents reached record levels in 2024
An analysis of global ransomware activity reveals ransomware incidents reached record levels in 2024.
The SOC files: Chasing the web shell
Web shells have evolved far beyond their original purpose of basic remote command execution, and many now function more like lightweight exploitation frameworks. These tools often include features such as in-memory module execution and encrypted command-and-control (C2) communication, giving attackers flexibility while minimizing their footprint. This article walks through aRead More »The SOC files: Chasing the web shell
26 New Threat Groups Spotted in 2024: CrowdStrike
CrowdStrike has published its 2025 Global Threat Report, which warns of faster breakout time and an increase in Chinese activity. The post 26 New Threat Groups Spotted in 2024: CrowdStrike appeared first on SecurityWeek.
“Emergent Misalignment” in LLMs
Interesting research: “Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs“: Abstract: We present a surprising result regarding LLMs and alignment. In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model acts misaligned on a broad range of prompts thatRead More »“Emergent Misalignment” in LLMs
Hacker Behind Over 90 Data Leaks Arrested in Thailand
A Singaporean man accused of being a hacker responsible for over 90 data leaks has been arrested in Thailand. The post Hacker Behind Over 90 Data Leaks Arrested in Thailand appeared first on SecurityWeek.
MITRE Caldera security advisory warns of maximum severity flaw
MITRE Caldera security advisory warns of maximum severity flaw, and experts weigh share their insights.
The Hidden Cost of Compliance: When Regulations Weaken Security
The current state of regulation and the overwhelming burden it brings to most enterprises is a discussion worth having The post The Hidden Cost of Compliance: When Regulations Weaken Security appeared first on SecurityWeek.
Sites of Major Orgs Abused in Spam Campaign Exploiting Virtual Tour Software Flaw
XSS vulnerability allowed a threat actor to redirect users to arbitrary domains. The post Sites of Major Orgs Abused in Spam Campaign Exploiting Virtual Tour Software Flaw appeared first on SecurityWeek.
U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”
A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S. government officials searched online for non-extradition countries and for an answer to the question “can hacking be treason?” prosecutors in the case said Wednesday. The government disclosed the details in a court motion toRead More »U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”
Now Live: Ransomware Resilience & Recovery Summit – Join the Virtual Event In-Progress
SecurityWeek’s 2025 Ransomware Resilience & Recovery Summit takes place today, February 26th, as a fully immersive virtual event. The post Now Live: Ransomware Resilience & Recovery Summit – Join the Virtual Event In-Progress appeared first on SecurityWeek.