The Miljödata data breach has impacted numerous organizations, education institutions, and Swedish municipalities. The post Volvo Group Employee Data Stolen in Ransomware Attack appeared first on SecurityWeek.
Introduction The modern development world is almost entirely dependent on third-party modules. While this certainly speeds up development, it also creates a massive attack surface for end users, since anyone can create these components. It is no surprise that malicious modules are becoming more common. When a single maintainer accountRead More »Massive npm infection: the Shai-Hulud worm and patient zero
The security defect allows remote attackers with administrative privileges to execute arbitrary code as the root user. The post Cisco Patches Zero-Day Flaw Affecting Routers and Switches appeared first on SecurityWeek.
Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and Ethereum wallet keys from source code. The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased on May 25, 2025, amassing 8,424 downloads inRead More »Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed
Cisco has warned of a high-severity security flaw in IOS Software and IOS XE Software that could allow a remote attacker to execute arbitrary code or trigger a denial-of-service (DoS) condition under specific circumstances. The company said the vulnerability, CVE-2025-20352 (CVSS score: 7.7), has been exploited in the wild, addingRead More »Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software
More than 5 million records were exposed in an online database.
A suspected cyber espionage activity cluster that was previously found targeting global government and private sector organizations spanning Africa, Asia, North America, South America, and Oceania has been assessed to be a Chinese state-sponsored threat actor. Recorded Future, which was tracking the activity under the moniker TAG-100, has now graduatedRead More »Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike
Companies in the legal services, software-as-a-service (SaaS) providers, Business Process Outsourcers (BPOs), and technology sectors in the U.S. have been targeted by a suspected China-nexus cyber espionage group to deliver a known backdoor referred to as BRICKSTORM. The activity, attributed to UNC5221 and closely related, suspected China-nexus threat clusters, isRead More »UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors
Boyd Gaming has informed the SEC about a data breach affecting the information of employees and other individuals. The post Hackers Target Casino Operator Boyd Gaming appeared first on SecurityWeek.
Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the system to artificial intelligence (AI) model tampering and supply chain risks. The critical-rated vulnerabilities in question, discovered by Trend Micro, are listed below – CVE-2025-10643 (CVSS score: 9.1) – An authenticationRead More »Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models
