MokN Raises $3 Million for Phish-Back Solution
The French cybersecurity startup tricks attackers into revealing stolen credentials so they can be neutralized. The post MokN Raises $3 Million for Phish-Back Solution appeared first on SecurityWeek.
New “Cavalry Werewolf” Attack Hits Russian Agencies with FoalShell and StallionRAT
A threat actor that’s known to share overlaps with a hacking group called YoroTrooper has been observed targeting the Russian public sector with malware families such as FoalShell and StallionRAT. Cybersecurity vendor BI.ZONE is tracking the activity under the moniker Cavalry Werewolf. It’s also assessed to have commonalities with clustersRead More »New “Cavalry Werewolf” Attack Hits Russian Agencies with FoalShell and StallionRAT
Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks
The software giant’s investigation showed that vulnerabilities patched in July 2025 may be involved. The post Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks appeared first on SecurityWeek.
Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities
High-severity flaws were patched in Chrome’s WebGPU and Video components, and in Firefox’s Graphics and JavaScript Engine components. The post Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities appeared first on SecurityWeek.
CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-4008 (CVSS score: 8.7), is a case of command injection in the Meteobridge web interface that could resultRead More »CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild
Red Hat Confirms GitLab Instance Hack, Data Theft
Hackers claim to have stolen 28,000 private repositories, including data associated with major companies that use Red Hat services. The post Red Hat Confirms GitLab Instance Hack, Data Theft appeared first on SecurityWeek.
Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users
Trend™ Research has identified an active campaign spreading via WhatsApp through a ZIP file attachment. When executed, the malware establishes persistence and hijacks the compromised WhatsApp account to send copies of itself to the victim’s contacts.
Daniel Miessler on the AI Attack/Defense Balance
His conclusion: Context wins Basically whoever can see the most about the target, and can hold that picture in their mind the best, will be best at finding the vulnerabilities the fastest and taking advantage of them. Or, as the defender, applying patches or mitigations the fastest. And if you’reRead More »Daniel Miessler on the AI Attack/Defense Balance
Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware
The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan with malware families like WooperStealer and Anondoor. “Over the past decade, Confucius has repeatedly targeted government agencies, military organizations, defense contractors, and critical industries — especially in Pakistan – using spear-phishing andRead More »Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware
Many Attacks Aimed at EU Targeted OT, Says Cybersecurity Agency
ENISA has published its 2025 Threat Landscape report, highlighting some of the attacks aimed at OT systems. The post Many Attacks Aimed at EU Targeted OT, Says Cybersecurity Agency appeared first on SecurityWeek.