A critical SAP S/4HANA code injection flaw tracked as CVE-2025-42957 and allowing full system takeover has been exploited in the wild. The post Recent SAP S/4HANA Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing attacks impersonating the Colombian judicial system. The SVG files, according to VirusTotal, are distributed via email and designed to execute an embedded JavaScript payload, which then decodes and injects aRead More »VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages
The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member countries. NotDoor “is a VBA macro for Outlook designed to monitor incoming emails for a specific trigger word,” S2 Grupo’sRead More »Russian APT28 Deploys “NotDoor” Outlook Backdoor Against Companies in NATO Countries
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam. The attacks, per Slovak cybersecurity company ESET, led to the deployment of a passive C++ backdoor called Rungan andRead More »GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module
The Pennsylvania Office of Attorney General was the victim of a ransomware attack.
Security researchers interested in participating in the 2026 Apple Security Research Device program can apply until October 31. The post Apple Seeks Researchers for 2026 iPhone Security Program appeared first on SecurityWeek.
Jaguar Land Rover experienced a cyber incident that has impacted business operations.
An AI supply chain issue named Model Namespace Reuse can allow attackers to deploy malicious models and achieve code execution. The post AI Supply Chain Attack Method Demonstrated Against Google, Microsoft Products appeared first on SecurityWeek.
Marat Tyukov, Mikhail Gavrilov, and Pavel Akulov targeted US critical infrastructure and over 500 energy companies in 135 countries. The post US Offers $10 Million for Three Russian Energy Firm Hackers appeared first on SecurityWeek.
The Israeli startup’s AI-powered no-code platform helps security teams design and deploy custom apps in minutes—tackling tool sprawl without heavy engineering. The post Sola Security Raises $35M to Bring No-Code App Building to Cybersecurity Teams appeared first on SecurityWeek.
