The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of services across the world, according to new findings from Palo Alto Networks Unit 42. “Although these domains are registered through a Hong Kong-basedRead More »Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation
Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS thatRead More »Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation
CVE-2025-59287 allows a remote, unauthenticated attacker to execute arbitrary code and a PoC exploit is available. The post Critical Windows Server WSUS Vulnerability Exploited in the Wild appeared first on SecurityWeek.
A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT. The activity, observed in August and September 2025 by Sekoia, has been attributed to Transparent Tribe (aka APT36), a state-sponsored hacking group known to beRead More »APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign
Shortly after the browser was launched, numerous fraudulent domains and fake applications were discovered. The post Hackers Target Perplexity Comet Browser Users appeared first on SecurityWeek.
Lazarus has used fake job offers in attacks targeting companies developing UAV technology, for information theft. The post North Korean Hackers Aim at European Drone Companies appeared first on SecurityWeek.
Other noteworthy stories that might have slipped under the radar: Everest group takes credit for Collins Aerospace hack, Maryland launches VDP, gamers targeted with red teaming tool and RAT. The post In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to Russia appeared firstRead More »In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to Russia
The customer information published on the dark web includes names, addresses, phone numbers, and email addresses. The post Toys ‘R’ Us Canada Customer Information Leaked Online appeared first on SecurityWeek.
Two people found the solution. They used the power of research, not cryptanalysis, finding clues amongst the Sanborn papers at the Smithsonian’s Archives of American Art. This comes as an awkward time, as Sanborn is auctioning off the solution. There were legal threats—I don’t understand their basis—and the solvers areRead More »Part Four of The Kryptos Sculpture
Does your organization suffer from a cybersecurity perception gap? Findings from the Bitdefender 2025 Cybersecurity Assessment suggest the answer is probably “yes” — and many leaders may not even realize it. This disconnect matters. Small differences in perception today can evolve into major blind spots tomorrow. After all, perception influences whatRead More »The Cybersecurity Perception Gap: Why Executives and Practitioners See Risk Differently
