A threat actor claims to offer a zero-day exploit for an unauthenticated remote code execution vulnerability in Fortinet firewalls. The post Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit appeared first on SecurityWeek.

Organizations in the healthcare and pharmaceutical sectors have been targeted with ResolverRAT, a new malware family with advanced capabilities. The post New ‘ResolverRAT’ Targeting Healthcare, Pharmaceutical Organizations appeared first on SecurityWeek.

Researchers uncover new software supply chain threat from LLM-generated package hallucinations. The post AI Hallucinations Create a New Software Supply Chain Threat appeared first on SecurityWeek.

The Wall Street Journal has the story: Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers are continuing to escalate. The Chinese delegation linkedRead More »China Sort of Admits to Being Behind Volt Typhoon

Threat actors are publishing malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers. The post Malicious NPM Packages Target Cryptocurrency, PayPal Users appeared first on SecurityWeek.

The CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices. The post Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle appeared first on SecurityWeek.

The hackers who posted the documents on Telegram said the attack was in response to alleged Moroccan “harassment” of Algeria on social media platforms. The post Hackers Breach Morocco’s Social Security Database appeared first on SecurityWeek.

A vulnerability in the OttoKit WordPress plugin with over 100,000 active installations has been exploited in the wild. The post Vulnerability in OttoKit WordPress Plugin Exploited in the Wild appeared first on SecurityWeek.

Noteworthy stories that might have slipped under the radar: Scattered Spider still active despite arrests, hacker known as EncryptHub unmasked, Rydox admins extradited to US.  The post In Other News: Scattered Spider Still Active, EncryptHub Unmasked, Rydox Extraditions appeared first on SecurityWeek.