Columbia University has been targeted in a cyberattack where hackers stole the personal information of students, applicants, and employees. The post Columbia University Data Breach Impacts 860,000 appeared first on SecurityWeek.
Introduction In June, we encountered a mass mailing campaign impersonating lawyers from a major company. These emails falsely claimed the recipient’s domain name infringed on the sender’s rights. The messages contained the Efimer malicious script, designed to steal cryptocurrency. This script also includes additional functionality that helps attackers spread itRead More »Scammers mass-mailing the Efimer Trojan to steal crypto
Bouygues has been targeted in a cyberattack that resulted in the personal information of millions of customers getting compromised. The post French Telecom Firm Bouygues Says Data Breach Affects 6.4M Customers appeared first on SecurityWeek.
A newly discovered campaign dubbed GreedyBear has leveraged over 150 malicious extensions to the Firefox marketplace that are designed to impersonate popular cryptocurrency wallets and steal more than $1 million in digital assets. The published browser add-ons masquerade as MetaMask, TronLink, Exodus, and Rabby Wallet, among others, Koi Security researcherRead More »GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions
The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to sketchy content. “The core of their operation is a sophisticated Malware-as-a-Service (MaaS) model, where infected systems are sold as initial access pointsRead More »SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others
SonicWall has been investigating reports about a zero-day potentially being exploited in ransomware attacks, but found no evidence of a new vulnerability. The post SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability appeared first on SecurityWeek.
Python is everywhere in modern software. From machine learning models to production microservices, chances are your code—and your business—depends on Python packages you didn’t write. But in 2025, that trust comes with a serious risk. Every few weeks, we’re seeing fresh headlines about malicious packages uploaded to the Python PackageRead More »Webinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You Need
Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems. “At runtime the code silently spawns a shell, pulls a second-stage payload from an interchangeable set of .icu and .techRead More »Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes
Many companies are showcasing their products and services this week at the 2025 edition of the Black Hat conference in Las Vegas. The post Black Hat USA 2025 – Summary of Vendor Announcements (Part 3) appeared first on SecurityWeek.
Airlines Air France and KLM have disclosed a data breach stemming from unauthorized access to a third-party platform. The post Air France, KLM Say Hackers Accessed Customer Data appeared first on SecurityWeek.
