The Japanese media giant says compromised Slack credentials were used to steal employee and business partner information. The post Nikkei Says 17,000 Impacted by Data Breach Stemming From Slack Account Hack appeared first on SecurityWeek.
A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel. “UNK_SmudgedSerpent leveraged domestic political lures, including societal change in Iran and investigation intoRead More »Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions
The gen-AI adoption management platform will invest the funds in accelerating growth and product innovations. The post Portal26 Raises $9 Million for Gen-AI Adoption Platform appeared first on SecurityWeek.
The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea’s global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud. “North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,”Read More »U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud
Behind every alert is an analyst; tired eyes scanning dashboards, long nights spent on false positives, and the constant fear of missing something big. It’s no surprise that many SOCs face burnout before they face their next breach. But this doesn’t have to be the norm. The path out isn’tRead More »Why SOC Burnout Can Be Avoided: Practical Steps
The United States on Tuesday imposed sanctions on a group of bankers, financial institutions and others accused of laundering money from cyber crime schemes — money the Treasury Department says helps pay for North Korea’s nuclear weapons program. Over the past three years, North Korean malware and social engineering schemesRead More »US Sanctions North Korean Bankers Accused of Laundering Stolen Cryptocurrency
A critical vulnerability in Control Web Panel (CWP), tracked as CVE-2025-48703, allows remote, unauthenticated command execution. The post CISA Warns of CWP Vulnerability Exploited in the Wild appeared first on SecurityWeek.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below – CVE-2025-11371 (CVSS score: 7.5) – ARead More »CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence
The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, 2025. “Since its debut, the group’s Telegram channels have been removed and recreated at least 16 times under varying iterations of the original name –Read More »A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces
Arbitrary command/code execution has been demonstrated through the exploitation of CVE-2025-11953 on Windows, macOS and Linux. The post Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks appeared first on SecurityWeek.
