Premier industrial cybersecurity conference Offers 70+ sessions, five training courses, and and ICS Village CTF competition. The post SecurityWeek to Host 2025 ICS Cybersecurity Conference October 27-30 in Atlanta appeared first on SecurityWeek.
U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP’s source code and information related to undisclosed vulnerabilities in the product. It attributed the activity to a “highly sophisticated nation-state threat actor,” adding the adversary maintained long-term, persistentRead More »F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion
F5 shared few details on the threat actor, but the attack profile seems to point to China. The post F5 Says Nation-State Hackers Stole Source Code and Vulnerability Data appeared first on SecurityWeek.
Get practical guidance to protect APIs against the threats attackers are using right now. The post Webinar Today: Fact vs. Fiction – The Truth About API Security appeared first on SecurityWeek.
New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk. “A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attackerRead More »Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks
After being named by Discord as the third-party responsible for the breach, 5CA said none of its systems were involved. The post Customer Service Firm 5CA Denies Responsibility for Discord Data Breach appeared first on SecurityWeek.
A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs. To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless,Read More »Maverick: a new banking Trojan abusing WhatsApp in a mass-scale distribution
TLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys. Synced passkeys inherit the risk of the cloud accounts and recovery processes that protect them, which creates material enterprise exposure. Adversary-in-the-middle (AiTM) kits can forceRead More »How Attackers Bypass Synced Passkeys
Over 20 advisories have been published by industrial giants this Patch Tuesday. The post ICS Patch Tuesday: Fixes Announced by Siemens, Schneider, Rockwell, ABB, Phoenix Contact appeared first on SecurityWeek.
Apple is now offering a $2M bounty for a zero-click exploit. According to the Apple website: Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s highest rewards, expanded research categories, and a flag system for researchers to objectively demonstrate vulnerabilities and obtain accelerated awards. We’reRead More »Apple’s Bug Bounty Program
