CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in its Known Exploited Vulnerabilities (KEV) catalog. Researchers linked VMware ESXi zero-day trio to single exploit toolkit Broadcom…
Category: EN
Data breach at govtech giant Conduent balloons, affecting millions more Americans
The ransomware attack at Conduent allowed hackers to steal a “significant number of individuals’ personal information” from the govtech giant’s systems. Conduent handles personal and health data of more than 100 million people across America. This article has been indexed…
Substack Discloses Security Incident After Hacker Leaks Data
The hacker claims to have stolen nearly 700,000 Substack user records, including email addresses and phone numbers. The post Substack Discloses Security Incident After Hacker Leaks Data appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Microsoft Unveils Backdoor Scanner for Open-Weight AI Models
Microsoft has introduced a new lightweight scanner designed to detect hidden backdoors in open‑weight large language models (LLMs), aiming to boost trust in artificial intelligence systems. The tool, built by the company’s AI Security team, focuses on subtle behavioral…
Makina Finance Loses $4M in ETH After Flash Loan Price Manipulation Exploit
One moment it was operating normally – then suddenly, price feeds went haywire. About 1,299 ETH vanished during what looked like routine activity. That sum now exceeds four million dollars in value. The trigger? A flash loan attack targeting…
OpenAI Frontier organizes AI agents under one system
OpenAI introduced Frontier, a platform designed to organize AI agents that perform business tasks within internal systems and workflows. The platform connects data from multiple internal systems including customer relationship management tools, ticketing platforms, and data warehouses. This integration creates…
Cyber Briefing: 2026.02.05
Zendesk abuse fuels spam, SolarWinds RCE exploited, AI and finance breaches mount, lawmakers target scam ads, and insider threats intensify. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.02.05
Common Crypto Scams and How to Protect Your Funds in 2026
Crypto scams are surging worldwide, from pig butchering to fake trading platforms and deepfakes, draining victims while fraud teams struggle to keep up. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the…
Godent Rolls Out Scanner-as-a-Service Model to Drive Digital Transformation in European Dentistry
Godent has announced the launch of its scanner-as-a-service program for European DSOs, combining free intraoral scanners with a fully integrated digital lab infrastructure to modernize dental workflows. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI…
n8n Flaw Puts Hundreds of Thousands of Enterprise AI Systems at Risk
A n8n sandbox escape flaw could allow any authenticated user to take over enterprise AI workflows at massive scale. The post n8n Flaw Puts Hundreds of Thousands of Enterprise AI Systems at Risk appeared first on eSecurity Planet. This article…
Substack confirms data breach affects users’ email addresses and phone numbers
Substack said that customer data was accessed in October 2025, but wasn’t discovered until early February. This article has been indexed from Security News | TechCrunch Read the original article: Substack confirms data breach affects users’ email addresses and phone…
Attackers allege 1.4TB data breach at Iron Mountain
The Everest ransomware group has claimed responsibility for the breach against the global information management and storage firm Iron Mountain, stating that it stole approximately 1.4 terabytes of the firm’s internal and customer data. The claims were made through the group’s posts on the…
Notepad++ Update Hijacked in Six-Month, State-Linked Supply-Chain Attack
Attackers have hijacked the update mechanism of Notepad++, one of the world’s most popular open-source text editors, delivering malware to targeted users over a period of six months. In an advisory, developer Don Ho discussed how bad actors weaponized his two-decade-old project between June and December last year. An…
Forescout’s 2025 Threat Roundup: 84% OT Surge Signals Expanding Cyber Chaos
In 2025, attackers didn’t only target traditional areas of vulnerability; they went after those with the least defense and the most rapid change. These include new AI technologies, web applications, and operational technology (OT) for industries such as healthcare, manufacturing, energy, government, and finance. In fact, attacks against OT protocol rose by…
Microsoft: Python-Powered Infostealers Are Now Targeting macOS at Scale
Microsoft has warned that information-stealing attacks are rapidly expanding beyond Windows to target Apple macOS environments using cross-platform languages such as Python. The software giant’s Defender Security Research Team has observed macOS-targeted infostealer campaigns using social engineering techniques like ClickFix since late 2025 to distribute disk…
Rethinking the Security Estate: Why IT Spend Isn’t the Same as Cybersecurity Readiness
Cybersecurity spend is projected to reach $183 billion by 2028, but that growth masks a dangerous misconception. Many midmarket organizations equate rising IT budgets with improved security, assuming that broad spending on technology automatically translates to better protection. However, this…
Critical n8n Vulnerability Enables System Command Execution Via Weaponized Workflows
A critical remote code execution (RCE) vulnerability in n8n, the popular workflow automation platform. This flaw allows authenticated attackers to execute arbitrary system commands on the host server by leveraging weaponized workflows. The vulnerability represents a significant regression and expansion…
WatchGuard VPN Client for Windows Vulnerability Enables Command Execution With SYSTEM Privileges
A security advisory addressing a significant privilege-escalation vulnerability affecting its Mobile VPN with an IPSec client for Windows. The flaw, identified as WGSA-2026-00002, allows local attackers to execute arbitrary commands with SYSTEM-level privileges, potentially granting them unrestricted access to the…
ShadowSyndicate Using Server Transition Technique in Ransomware Attacks
ShadowSyndicate, a malicious activity cluster first identified in 2022, has evolved its infrastructure management techniques by adopting a server transition method that allows the threat actor to rotate SSH keys across multiple servers. This new approach makes it harder for…
Operant AI’s Agent Protector Aims to Secure Rising Tide of Autonomous AI
As the enterprise world shifts from chatbots to autonomous systems, Operant AI on Thursday launched Agent Protector, a real-time security solution designed to govern and shield artificial intelligence (AI) agents. The launch comes at a critical inflection point for corporate…