Today’s world requires us to make complex and nuanced decisions about our digital security. Evaluating when to use a secure messaging app like Signal or WhatsApp, which passwords to store on your smartphone, or what to share on social media requires us to assess risks and make judgments accordingly. ArrivingRead More »Digital Threat Modeling Under Authoritarianism
The malware now uses a four-stage infection chain, has an additional persistence mechanism, and also targets Firefox browser data. The post New XCSSET macOS Malware Variant Hijacks Cryptocurrency Transactions appeared first on SecurityWeek.
Cybersecurity company watchTowr Labs has disclosed that it has “credible evidence” of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a whole week before it was publicly disclosed. “This is not ‘just’ a CVSS 10.0 flawRead More »Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure
Cybersecurity researchers have discovered an updated version of a known Apple macOS malware called XCSSET that has been observed in limited attacks. “This new variant of XCSSET brings key changes related to browser targeting, clipboard hijacking, and persistence mechanisms,” the Microsoft Threat Intelligence team said in a Thursday report. “ItRead More »New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module
Eight days before patches, a threat actor exploited CVE-2025-10035 as a zero-day to create a backdoor admin account. The post Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.
Leading to remote code execution and privilege escalation, the flaws were exploited on Cisco ASA 5500-X series devices that lack secure boot. The post Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks appeared first on SecurityWeek.
The U.K. National Cyber Security Centre (NCSC) has revealed that threat actors have exploited the recently disclosed security flaws impacting Cisco firewalls as part of zero-day attacks to deliver previously undocumented malware families like RayInitiator and LINE VIPER. “The RayInitiator and LINE VIPER malware represent a significant evolution on thatRead More »Cisco ASA Firewall Zero-Day Exploits Deploy RayInitiator and LINE VIPER Malware
Cloud-native application protection platform (CNAPP) not only helps organizations protect, but offers the flexibility of multi-cloud.
Cisco is urging customers to patch two security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software, which it said have been exploited in the wild. The zero-day vulnerabilities in question are listed below – CVE-2025-20333Read More »Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive
/* ===== Container ===== */ .td-wrap {} /* ===== Section ===== */ .td-section { } .td-title { margin: 16px 0 4px; font-size: 32px; line-height: 1.2; font-weight: 800; } .td-subtitle { margin: 0 0 24px; color: #64748b; font-size: 16px; } /* ===== Timeline ===== */ .td-timeline { position: relative; margin: 0Read More »Threatsday Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal & More
