A European embassy located in the Indian capital of New Delhi, as well as multiple organizations in Sri Lanka, Pakistan, and Bangladesh, have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder in September 2025. The activity “reveals a notable evolution in SideWinder’sRead More »SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats
Introduction Primarily focused on financial gain since its appearance, BlueNoroff (aka. Sapphire Sleet, APT38, Alluring Pisces, Stardust Chollima, and TA444) has adopted new infiltration strategies and malware sets over time, but it still targets blockchain developers, C-level executives, and managers within the Web3/blockchain industry as part of its SnatchCrypto operation.Read More »Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs
Social media platform X is urging users who have enrolled for two-factor authentication (2FA) using passkeys and hardware security keys like Yubikeys to re-enroll their key to ensure continued access to the service. To that end, users are being asked to complete the re-enrollment, either using their existing security keyRead More »X Warns Users With Security Keys to Re-Enroll Before November 10 to Avoid Lockouts
Chainguard has raised $636 million in the past six months alone for its software supply chain security solutions. The post Chainguard Raises $280 Million in Growth Funding appeared first on SecurityWeek.
I assume I don’t have to explain last week’s Louvre jewel heist. I love a good caper, and have (like many others) eagerly followed the details. An electric ladder to a second-floor window, an angle grinder to get into the room and the display cases, security guards there more toRead More »Louvre Jewel Heist
Cybersecurity researchers have discovered a new vulnerability in OpenAI’s ChatGPT Atlas web browser that could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant’s memory and run arbitrary code. “This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deployRead More »New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands
The malicious Smishing Triad domains were used to collect sensitive information, including Social Security numbers. The post Massive China-Linked Smishing Campaign Leveraged 194,000 Domains appeared first on SecurityWeek.
Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior. Each new breach proves a harsh truth: in cybersecurity,Read More »⚡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens
All new extensions will be required to declare their data collection practices in their manifest file using a specific key. The post New Firefox Extensions Required to Disclose Data Collection Practices appeared first on SecurityWeek.
Mother Jones has a long article on surveillance arms manufacturers, their wares, and how they avoid export control laws: Operating from their base in Jakarta, where permissive export laws have allowed their surveillance business to flourish, First Wap’s European founders and executives have quietly built a phone-tracking empire, with aRead More »First Wap: A Surveillance Computer You’ve Never Heard Of
