A backbone of our economy, Fortune 500 companies employ more than 31 million people worldwide. According to data analyzed by the Enzoic research team, over the past three years of 2022, 2023, and 2024, more than three million employee-linked accounts…
Category: EN
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently…
Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)
A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web pages they should no have access to (e.g., the web app’s admin panel). Vercel –…
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently…
Key Cybersecurity Themes for 2025
Cyber threats are evolving faster than ever, and security leaders can’t afford to fall behind. That’s why we created the 2025 Fortra State of Cybersecurity Survey—to provide valuable insights that help SOCs,… The post Key Cybersecurity Themes for 2025 appeared first on…
CleanStack: Dual-Stack Solution to Defend Against Memory Corruption Attacks
CleanStack is a novel stack protection mechanism designed to combat memory corruption attacks, which have long been a significant threat to software systems. These attacks exploit vulnerabilities in low-level languages like C/C++ to execute arbitrary code or manipulate memory operations.…
Operation Red Card: Authorities Arrest 300+ Linked to Cyber Attacks
An INTERPOL-led operation, dubbed “Operation Red Card,” has resulted in the arrest of over 306 individuals suspected of involvement in various cyber crimes across seven African countries. This operation, conducted from November 2024 to February 2025, targeted mobile banking, investment,…
Getting to Know Julio Lemus
Julio, can you tell us a bit about yourself? My name is Julio Lemus and I’m from Guatemala, but am currently living in Panamá. I’m part of the Check Point team for LATAM, covering the territory of Panamá, Venezuela, and…
Critical Chrome Vulnerability Let Attackers Execute Arbitrary Code
Google has confirmed a critical security flaw in Chrome that affects billions of users across Windows, Mac, Linux, and Android platforms. The vulnerability, which could allow attackers to execute arbitrary code through specially crafted web pages, prompted an urgent update…
CleanStack – A Dual-Stack for Defending Against Memory Corruption Attacks
Memory corruption vulnerabilities remain a persistent threat to software systems, particularly those built using low-level languages like C/C++. These vulnerabilities can lead to devastating attacks, allowing malicious actors to execute arbitrary code or manipulate critical program data. Traditional protection mechanisms…
US Lifts Sanctions Against Crypto Mixer Tornado Cash
The US Department of the Treasury has removed sanctions against the fully decentralized cryptocurrency mixer service Tornado Cash. The post US Lifts Sanctions Against Crypto Mixer Tornado Cash appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently…
VanHelsingRaaS Emerges, Targeting Linux, BSD, ARM, and ESXi Systems
VanHelsingRaaS, a newly launched ransomware-as-a-service (RaaS) program, has quickly gained traction in the cybercrime ecosystem. Introduced on March 7, 2025, this RaaS platform offers affiliates a cross-platform ransomware tool capable of targeting diverse systems, including Linux, BSD, ARM architectures, and…
FCC Investigates Chinese Entities on US Government’s Prohibited List
The Federal Communications Commission (FCC) has initiated a new investigation into Chinese entities previously identified as national security risks to ensure these companies are not circumventing U.S. regulations. FCC Chairman Brendan Carr announced the move today as the first major…
Chinese ‘Web Shell Whisperer’ Leverages Shells and Tunnels to Establish Stealthy Persistence
A recent cyber espionage operation by a China-nexus threat actor, dubbed “Weaver Ant,” has been uncovered by Sygnia, a cybersecurity firm. This sophisticated threat actor targeted a major telecommunications company in Asia, utilizing web shells and tunneling techniques to maintain…
23andMe faces an uncertain future — so does your genetic data
As 23andMe’s bankruptcy looms, privacy experts warn customers to delete their DNA data. This article has been indexed from Security News | TechCrunch Read the original article: 23andMe faces an uncertain future — so does your genetic data
Attackers can bypass middleware auth checks by exploiting critical Next.js flaw
A critical flaw in the Next.js React framework could be exploited to bypass authorization checks under certain conditions. Maintainers of Next.js React framework addressed a critical vulnerability tracked as CVE-2025-29927 (CVSS score of 9.1) with the release of versions versions 12.3.5,…
FCC Probes Whether Banned Chinese Telecom Providers Still Operating in US
The FCC is investigating whether Chinese firms such as Huawei, ZTE and China Telecom are still operating in the US. The post FCC Probes Whether Banned Chinese Telecom Providers Still Operating in US appeared first on SecurityWeek. This article has…
Prevent, Detect, Contain: A Guide Against Black Basta Affiliates’ Attacks
Guidance to help organizations reduce their attack surface, implement a stronger defense-in-depth security model, as well as more quickly detect and contain an intrusion by this ever-prevalent threat. The post Prevent, Detect, Contain: A Guide Against Black Basta Affiliates’ Attacks …
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently…