Chrome 138 and Firefox 140 are rolling out with fixes for two dozen vulnerabilities, including high-severity memory safety issues. The post Chrome 138, Firefox 140 Patch Multiple Vulnerabilities appeared first on SecurityWeek.
Cyberattackers often view small and medium-sized businesses (SMBs) as easier targets, assuming their security measures are less robust than those of larger enterprises. In fact, attacks through contractors, also known as trusted relationship attacks, remain one of the top three methods used to breach corporate networks. With SMBs generally being less protectedRead More »AI and collaboration tools: how cyberattackers are targeting SMBs in 2025
Mainline Health and Select Medical Holdings have suffered data breaches that affect more than 100,000 individuals. The post Mainline Health, Select Medical Each Disclose Data Breaches Impacting 100,000 People appeared first on SecurityWeek.
Unknown threat actors have been distributing a trojanized version of SonicWall’s SSL VPN NetExtender application to steal credentials from unsuspecting users who may have installed it. “NetExtender enables remote users to securely connect and run applications on the company network,” SonicWall researcher Sravan Ganachari said. “Users can upload and downloadRead More »SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks
Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea. According to Socket, the ongoing supply chain attack involves 35 malicious packages that were uploaded from 24 npm accounts. These packages have been collectively downloaded over 4,000 times.Read More »North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages
Russia-linked APT28 deployed new malware against Ukrainian government targets through malicious documents sent via Signal chats. The post Russian APT Hits Ukrainian Government With New Malware via Signal appeared first on SecurityWeek.
Microsoft on Tuesday announced that it’s extending Windows 10 Extended Security Updates (ESU) for an extra year by letting users either pay a small fee of $30 or by sync their PC settings to the cloud. The development comes ahead of the tech giant’s upcoming October 14, 2025, deadline, whenRead More »Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options
The United States Embassy in India has announced that applicants for F, M, and J nonimmigrant visas should make their social media accounts public. The new guideline seeks to help officials verify the identity and eligibility of applicants under U.S. law. The U.S. Embassy said every visa application review isRead More »New U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to Public
Cybersecurity researchers have detailed two novel methods that can be used to disrupt cryptocurrency mining botnets. The methods take advantage of the design of various common mining topologies in order to shut down the mining process, Akamai said in a new report published today. “We developed two techniques by leveragingRead More »Researchers Find Way to Shut Down Cryptominer Campaigns Using Bad Shares and XMRogue
Siemens is working with Microsoft to address a Defender Antivirus problem that can lead to no malware alerts or plant disruptions. The post Siemens Notifies Customers of Microsoft Defender Antivirus Issue appeared first on SecurityWeek.
