The United States on Tuesday imposed sanctions on a group of bankers, financial institutions and others accused of laundering money from cyber crime schemes — money the Treasury Department says helps pay for North Korea’s nuclear weapons program. Over the past three years, North Korean malware and social engineering schemesRead More »US Sanctions North Korean Bankers Accused of Laundering Stolen Cryptocurrency
A critical vulnerability in Control Web Panel (CWP), tracked as CVE-2025-48703, allows remote, unauthenticated command execution. The post CISA Warns of CWP Vulnerability Exploited in the Wild appeared first on SecurityWeek.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below – CVE-2025-11371 (CVSS score: 7.5) – ARead More »CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence
The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, 2025. “Since its debut, the group’s Telegram channels have been removed and recreated at least 16 times under varying iterations of the original name –Read More »A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces
Arbitrary command/code execution has been demonstrated through the exploitation of CVE-2025-11953 on Windows, macOS and Linux. The post Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks appeared first on SecurityWeek.
The University of Pennsylvania experienced a cyber incident in which a series of mass emails were sent to students, parents, faculty and alumni.
Nine people have been arrested in connection with a coordinated law enforcement operation that targeted a cryptocurrency money laundering network that defrauded victims of €600 million (~$688 million). According to a statement released by Eurojust today, the action took place between October 27 and 29 across Cyprus, Spain, and Germany,Read More »Europol and Eurojust Dismantle €600 Million Crypto Fraud Network in Global Sweep
Threat actors engage in elaborate attack chains to infect trucking and logistics companies with remote access tools. The post Transportation Companies Hacked to Steal Cargo appeared first on SecurityWeek.
Details have emerged about a now-patched critical security flaw in the popular “@react-native-community/cli” npm package that could be potentially exploited to run malicious operating system (OS) commands under certain conditions. “The vulnerability allows remote unauthenticated attackers to easily trigger arbitrary OS command execution on the machine running react-native-community/cli’s
For Agarwal, being a hacker is not what you do, but who you are; that is, someone who always questions the status quo and questions how it could be different. The post Hacker Conversations: Kunal Agarwal and the DNA of a Hacker appeared first on SecurityWeek.
