Your weekly dose of the most urgent cyber threats is here. Adam Pilton distilled it all into five critical stories and five things you should actually do about them. Let’s get into it. Ingram Micro Ransomware Attack Disrupts Global IT…
Category: EN
Ruckus network management solutions riddled with unpatched vulnerabilities
Claroty researcher Noam Moshe has discovered serious vulnerabilities in two Ruckus Networks (formerly Ruckus Wireless) products that may allow attackers to compromise the environments managed by the affected software, Carnegie Mellon University’s CERT Coordination Center (CERT/CC) has warned. The vulnerabilities…
Critical Bluetooth Protocol Vulnerabilities Expose Devices to RCE Attacks
Security researchers have disclosed a critical set of Bluetooth vulnerabilities dubbed “PerfektBlue” that affect millions of vehicles and other devices using OpenSynergy’s BlueSDK framework. The vulnerabilities can be chained together to achieve remote code execution (RCE) with minimal user interaction,…
CISA Warns ValveLink Products May Expose Sensitive System Information
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security advisory warning that multiple vulnerabilities in Emerson ValveLink Products could allow attackers to access sensitive system information and execute unauthorized code. The alert, designated ICSA-25-189-01 and released on…
Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
The U.K. National Crime Agency (NCA) on Thursday announced that four people have been arrested in connection with cyber attacks targeting major retailers Marks & Spencer, Co-op, and Harrods. The arrested individuals include two men aged 19, a third aged…
New Opossum Attack Allows Hackers to Compromise Secure TLS Channels with Malicious Messages
The new Opossum attack is a sophisticated cross-protocol application layer desynchronization vulnerability that compromises TLS-based communications. This attack exploits fundamental differences between implicit and opportunistic TLS implementations, affecting critical protocols including HTTP, FTP, POP3, SMTP, LMTP, and NNTP. By leveraging…
New Scraper Botnet with 3,600+ Unique Devices Attacking Targets in US and UK
Cybersecurity researchers have uncovered a sophisticated scraper botnet comprising more than 3,600 unique devices that has been systematically targeting systems across the United States and United Kingdom since April 2025. The malware campaign represents a significant escalation in automated web…
Critical Vulnerabilities in Bluetooth Protocol Stack Expose Millions of Devices to Remote Code Execution Attacks
A new and critical security threat, PerfektBlue, has emerged, targeting OpenSynergy’s BlueSDK Bluetooth framework and posing an unprecedented risk to the automotive industry. This sophisticated attack vector enables remote code execution (RCE) on millions of devices across automotive and other…
Sigma360 AI Investigator Agent reduces manual reviews
Sigma360 launched AI Investigator Agent, an autonomous GenAI agent that transforms how compliance teams handle risk alerts. This innovation leverages advanced AI and entity resolution models to clear easily identifiable false positives, reducing manual match reviews by up to 90%…
NCA arrests four in connection with UK retail ransomware attacks
Crimefighting agency cagey on details, probes into intrusions at M&S, Harrods, and Co-op continue The UK’s National Crime Agency (NCA) arrested four individuals suspected of being involved with the big three cyberattacks on UK retail businesses in recent weeks.… This…
Booz Allen Invests in Machine Identity Firm Corsha
‘Machine identities’, often used interchangeably with ‘non-human identities’ (NHIs), have been increasing rapidly since the start of digital transformation. The post Booz Allen Invests in Machine Identity Firm Corsha appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs
Semiconductor company AMD is warning of a new set of vulnerabilities affecting a broad range of chipsets that could lead to information disclosure. The attacks, called Transient Scheduler Attacks (TSA), manifests in the form of a speculative side channel in…
New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App
Cybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via trojanized versions of legitimate software. SentinelOne, in a new report shared with The Hacker News, said the malware has been…
What Security Leaders Need to Know About AI Governance for SaaS
Generative AI is not arriving with a bang, it’s slowly creeping into the software that companies already use on a daily basis. Whether it is video conferencing or CRM, vendors are scrambling to integrate AI copilots and assistants into their…
Nippon Steel IT Subsidiary Hit by “Zero-Day Attack,” Causing Data Breach
Personal data of Nippon Steel Solutions’ customers, partners and employees may be compromised This article has been indexed from www.infosecurity-magazine.com Read the original article: Nippon Steel IT Subsidiary Hit by “Zero-Day Attack,” Causing Data Breach
Rhadamanthys Infostealer Uses ClickFix Technique to Steal Login Credentials
The Rhadamanthys Stealer, a highly modular information-stealing virus that was first discovered in 2022, has made a comeback with a clever and dishonest delivery method called ClickFix Captcha. This is a terrifying development for cybersecurity experts. This technique disguises malicious…
Brave Browser For Android via F‑Droid: Now Fully Available
Brave has taken a significant step toward empowering privacy-conscious Android users by making its browser fully available through its own F-Droid repository, providing an alternative distribution method that bypasses Google Play Store entirely. According to the recent report, this strategic…
Most Cryptocurrency Stocks Are Rising. Join ALR MINER And Earn $8,700 In BTC Every Day
Now, many global cryptocurrency investors view Bitcoin as a financial product for long-term investment rather than a simple speculative product. At the same time, the continued rise in Bitcoin prices reflects the shift in market sentiment and the recent important…
Code highlighting with Cursor AI for $500,000
Kaspersky GReAT experts uncover malicious extensions for Cursor AI that download the Quasar backdoor and a crypto stealer. This article has been indexed from Securelist Read the original article: Code highlighting with Cursor AI for $500,000
Using Signal Groups for Activism
Good tutorial by Micah Lee. It includes some nonobvious use cases. This article has been indexed from Schneier on Security Read the original article: Using Signal Groups for Activism