The vulnerabilities allow attackers to predict source ports and query IDs BIND will use, and to inject forged records into the cache. The post BIND Updates Address High-Severity Cache Poisoning Flaws appeared first on SecurityWeek.
The bug has been exploited in the wild as a zero-day and the US cybersecurity agency CISA has added it to its KEV catalog. The post Lanscope Endpoint Manager Zero-Day Exploited in the Wild appeared first on SecurityWeek.
Verizon’s 2025 Mobile Security Index shows that 85% of organizations believe mobile device attacks are on the rise. The post Mobile Security: Verizon Says Attacks Soar, AI-Powered Threats Raise Alarm appeared first on SecurityWeek.
Cybersecurity researchers have shed light on a cybercriminal group called Jingle Thief that has been observed targeting cloud environments associated with organizations in the retail and consumer services sectors for gift card fraud. “Jingle Thief attackers use phishing and smishing to steal credentials, to compromise organizations that issue gift cards,”Read More »“Jingle Thief” Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards
E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source platforms, with more than 250 attack attempts recorded against multiple stores over the past 24 hours. The vulnerability in question is CVE-2025-54236 (CVSS score: 9.1),Read More »Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild. The vulnerability, CVE-2025-61932 (CVSS v4 score: 9.3), impacts on-premises versions of Lanscope Endpoint Manager,Read More »Critical Lanscope Endpoint Manager Bug Exploited in Ongoing Cyberattacks, CISA Confirms
Trend™ Research identified a sophisticated Agenda ransomware attack that deployed a Linux variant on Windows systems. This cross-platform execution can make detection challenging for enterprises.
Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada’s anti money-laundering laws come ten months after KrebsOnSecurity noted that Cryptomus’s Vancouver street address was homeRead More »Canada Fines Cybercrime Friendly Cryptomus $176M
The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to various organizations across the Middle East and North Africa (MENA) region, including over 100 government entities. The end goal of the campaignRead More »Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign
Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting organizations associated with Ukraine’s war relief efforts to deliver a remote access trojan that uses a WebSocket for command-and-control (C2). The activity, which took place on October 8, 2025, targeted individual members of the International Red Cross,Read More »Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files
