Chrome 142 Update Patches Exploited Zero-Day
The flaw was reported by Google’s Threat Analysis Group and was likely exploited by a commercial spyware vendor. The post Chrome 142 Update Patches Exploited Zero-Day appeared first on SecurityWeek.
Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability
Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild. The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploitedRead More »Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability
New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT
Cybersecurity researchers have discovered malware campaigns using the now-prevalent ClickFix social engineering tactic to deploy Amatera Stealer and NetSupport RAT. The activity, observed this month, is being tracked by eSentire under the moniker EVALUSION. First spotted in June 2025, Amatera is assessed to be an evolution of ACR (short forRead More »New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT
Iranian Hackers Target Defense and Government Officials in Ongoing Campaign
The state-sponsored APT has been targeting the victims’ family members to increase pressure on their targets. The post Iranian Hackers Target Defense and Government Officials in Ongoing Campaign appeared first on SecurityWeek.
DoorDash Says Personal Information Stolen in Data Breach
Names, addresses, email addresses, and phone numbers were compromised after an employee fell for a social engineering attack. The post DoorDash Says Personal Information Stolen in Data Breach appeared first on SecurityWeek.
5 Plead Guilty in US to Helping North Korean IT Workers
Audricus Phagnasay, Jason Salazar, Alexander Paul Travis, Erick Ntekereze, and Oleksandr Didenko have pleaded guilty. The post 5 Plead Guilty in US to Helping North Korean IT Workers appeared first on SecurityWeek.
⚡ Weekly Recap: Fortinet Exploited, China’s AI Hacks, PhaaS Empire Falls & More
This week showed just how fast things can go wrong when no one’s watching. Some attacks were silent and sneaky. Others used tools we trust every day — like AI, VPNs, or app stores — to cause damage without setting off alarms. It’s not just about hacking anymore. Criminals areRead More »⚡ Weekly Recap: Fortinet Exploited, China’s AI Hacks, PhaaS Empire Falls & More
More Prompt||GTFO
The next three in this series on online events highlighting interesting uses of AI in cybersecurity are online: #4, #5, and #6. Well worth watching.
5 Reasons Why Attackers Are Phishing Over LinkedIn
Phishing attacks are no longer confined to the email inbox, with 1 in 3 phishing attacks now taking place over non-email channels like social media, search engines, and messaging apps. LinkedIn in particular has become a hotbed for phishing attacks, and for good reason. Attackers are running sophisticated spear-phishing attacksRead More »5 Reasons Why Attackers Are Phishing Over LinkedIn
Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT
The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan called Gh0st RAT. The campaign, which is primarily aimed at Chinese-speaking users, employs trojanized NSIS installers masquerading as legitimate like Google ChromeRead More »Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT