Amazon threat intelligence experts have documented two cases in which Iran leveraged hacking to prepare for kinetic attacks. The post Amazon Details Iran’s Cyber-Enabled Kinetic Attacks Linking Digital Spying to Physical Strikes appeared first on SecurityWeek.
The cybersecurity company has launched Digital Security Teammate (DST), AI agents that investigate, triage, and escalate incidents when needed. The post Secure.com Raises $4.5 Million for Agentic Security appeared first on SecurityWeek.
A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday. The vulnerability in question is CVE-2025-11001 (CVSS score: 7.0), which allows remote attackers to execute arbitrary code. It has been addressed inRead More »Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)
Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named Eternidade Stealer as part of attacks targeting users in Brazil. “It uses Internet Message Access Protocol (IMAP) to dynamically retrieve command-and-control (C2) addresses, allowingRead More »Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices
.webp?t=1763565766)
On Tuesday, November 18, Cloudfare experienced an outage that led to several websites being slow to load or completely unavailable. The outage affected programs such at ChatGPT, X, and local government websites.
An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have also triggered an impromptu networkRead More »The Cloudflare Outage May Be a Security Roadmap
The cybersecurity startup will use the funds to expand its engineering team, extend collaborations, and get ready for enterprise rollout. The post Mate Emerges From Stealth Mode With $15.5 Million in Seed Funding appeared first on SecurityWeek.
Threat actors are abusing Ray’s lack of authentication to compromise exposed clusters and deploy LLM-generated payloads and cryptocurrency miners. The post Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign appeared first on SecurityWeek.
A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive network. The router hijacking activity has been codenamed Operation WrtHug by SecurityScorecard’s STRIKE team. Southeast Asia and European countries areRead More »WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide
Kendra Albert gave an excellent talk at USENIX Security this year, pointing out that the legal agreements surrounding vulnerability disclosure muzzle researchers while allowing companies to not fix the vulnerabilities—exactly the opposite of what the responsible disclosure movement of the early 2000s was supposed to prevent. This is the talk.Read More »Legal Restrictions on Vulnerability Disclosure
