Security Leaders Share Why 77% Organizations Lose Data Due to Insider Risks
77% of organizations have experienced insider-related data loss in the last 18 months.
In Other News: CrowdStrike Vulnerabilities, CISA Layoffs, Mango Data Breach
Other noteworthy stories that might have slipped under the radar: Capita fined £14 million, ICTBroadcast vulnerability exploited, Spyware maker NSO acquired. The post In Other News: CrowdStrike Vulnerabilities, CISA Layoffs, Mango Data Breach appeared first on SecurityWeek.
North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware
The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset. That’s according to new findings from Cisco Talos, which said recent campaigns undertaken by theRead More »North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware
Over $3 Million in Prizes Offered at Pwn2Own Automotive 2026
Set for January 2026 at Automotive World in Tokyo, the contest will have six categories, including Tesla, infotainment systems, EV chargers, and automotive OSes. The post Over $3 Million in Prizes Offered at Pwn2Own Automotive 2026 appeared first on SecurityWeek.
Email Bombs Exploit Lax Authentication in Zendesk
Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. Zendesk is an automated help desk service designed to make it simple for people to contact companies for customerRead More »Email Bombs Exploit Lax Authentication in Zendesk
Hackers Steal Sensitive Data From Auction House Sotheby’s
Sotheby’s has disclosed a data breach impacting personal information, including SSNs. The post Hackers Steal Sensitive Data From Auction House Sotheby’s appeared first on SecurityWeek.
A Surprising Amount of Satellite Traffic Is Unencrypted
Here’s the summary: We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls andRead More »A Surprising Amount of Satellite Traffic Is Unencrypted
Identity Security: Your First and Last Line of Defense
The danger isn’t that AI agents have bad days — it’s that they never do. They execute faithfully, even when what they’re executing is a mistake. A single misstep in logic or access can turn flawless automation into a flawless catastrophe. This isn’t some dystopian fantasy—it’s Tuesday at the officeRead More »Identity Security: Your First and Last Line of Defense
‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability
CVE-2025-55315 is an HTTP request smuggling bug leading to information leaks, file content tampering, and server crashes. The post ‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability appeared first on SecurityWeek.
Post-exploitation framework now also delivered via npm
Incident description The first version of the AdaptixC2 post-exploitation framework, which can be considered an alternative to the well-known Cobalt Strike, was made publicly available in early 2025. In spring of 2025, the framework was first observed being used for malicious means. In October 2025, Kaspersky experts found that theRead More »Post-exploitation framework now also delivered via npm