Spanish Energy Company Endesa Hacked
Hackers stole complete customer information, including contact details, national identity numbers, and payment details. The post Spanish Energy Company Endesa Hacked appeared first on SecurityWeek.
New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack
Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOW#REACTOR that employs an evasive multi-stage attack chain to deliver a commercially available remote administration tool called Remcos RAT and establish persistent, covert remote access. “The infection chain follows a tightly orchestrated execution path: an obfuscated VBS launcher executed viaRead More »New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack
Security Leaders Discuss FBI Warning: North Korea Exploiting QR Codes
What security leaders are saying about the recent FBI warning.
Cyber Fraud Overtakes Ransomware as Top CEO Concern: WEF
Ransomware remains the biggest concern for CISOs in 2026, according to WEF’s Global Cybersecurity Outlook 2026 report. The post Cyber Fraud Overtakes Ransomware as Top CEO Concern: WEF appeared first on SecurityWeek.
CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-8110 (CVSS score: 8.7), relates to a case of path traversal in the repository file editorRead More »CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution
n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens
Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations targeting the n8n workflow automation platform to steal developers’ OAuth credentials. One such package, named “n8n-nodes-hfgjf-irtuinvcm-lasdqewriit,” mimics a Google Ads integration, and prompts users to link their advertising account in aRead More »n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens
Cyber Insights 2026: What CISOs Can Expect in 2026 and Beyond
Here we examine the CISO Outlook for 2026, with the purpose of evaluating what is happening now and preparing leaders for what lies ahead in 2026 and beyond. The post Cyber Insights 2026: What CISOs Can Expect in 2026 and Beyond appeared first on SecurityWeek.
Instagram Fixes Password Reset Vulnerability Amid User Data Leak
The social media platform confirmed that the issue allowed third parties to send password reset emails to Instagram users. The post Instagram Fixes Password Reset Vulnerability Amid User Data Leak appeared first on SecurityWeek.
⚡ Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More
This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry points once basic safeguards were ignored. Attackers didn’t need novel tricks. They used what was already exposed and moved in without resistance. Scale amplified the damage. ARead More »⚡ Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More
Russia’s APT28 Targeting Energy Research, Defense Collaboration Entities
APT28 was seen impersonating popular webmail and VPN services, including Microsoft OWA, Google, and Sophos VPN portals. The post Russia’s APT28 Targeting Energy Research, Defense Collaboration Entities appeared first on SecurityWeek.