Two Biden-era memorandums have been revoked, but some of the resources they provide can still be used by government organizations. The post White House Scraps ‘Burdensome’ Software Security Rules appeared first on SecurityWeek.
Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026. The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, but with a specific focus on targets inRead More »China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware
Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape? Introduction: One view on the scattered fight against cybercrime The growing sophistication and diversification of cybercrime have compelledRead More »Badges, Bytes and Blackmail
Android users were lured to applications that served a malicious payload hosted in a Hugging Face repository. The post Hugging Face Abused to Deploy Android RAT appeared first on SecurityWeek.
Sandworm/Electrum hackers targeted communication and control systems at 30 sites. The post ICS Devices Bricked Following Russia-Linked Intrusion Into Polish Power Grid appeared first on SecurityWeek.
The critical-severity vulnerabilities could allow unauthenticated attackers to execute arbitrary code remotely. The post Ivanti Patches Exploited EPMM Zero-Days appeared first on SecurityWeek.
A former Google engineer accused of stealing thousands of the company’s confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice (DoJ) announced Thursday. Linwei Ding (aka Leon Ding), 38, was convicted by a federal jury on seven counts of economic espionageRead More »Ex-Google Engineer Convicted for Stealing AI Secrets for China Startup
SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-24423, carries a CVSS score of 9.3 out of 10.0. “SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code executionRead More »SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score
Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog. The critical-severity vulnerabilities areRead More »Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released
Impacting Anthropic’s official MCP server, the vulnerabilities can be exploited through prompt injections. The post Anthropic MCP Server Flaws Lead to Code Execution, Data Exposure appeared first on SecurityWeek.
