Category: securityweek

Critical React Native Vulnerability Exploited in the Wild

Albeit mainly considered a theoretical risk, the flaw has been exploited to disable protections and deliver malware. The post Critical React Native Vulnerability Exploited in the Wild appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…

Hackers Leak 5.1 Million Panera Bread Records

ShinyHunters has claimed the theft of 14 million records from the US bakery-cafe chain’s systems. The post Hackers Leak 5.1 Million Panera Bread Records appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Hackers…

Kasada Raises $20 Million for Anti-Bot Expansion

The company will invest in market expansion and accelerating product capabilities. The post Kasada Raises $20 Million for Anti-Bot Expansion appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Kasada Raises $20 Million for…

ShinyHunters-Branded Extortion Activity Expands, Escalates

Hackers rely on evolved vishing and login harvesting to compromise SSO credentials for unauthorized MFA enrollment. The post ShinyHunters-Branded Extortion Activity Expands, Escalates appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: ShinyHunters-Branded Extortion…

Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack

A hacker published malicious versions of four established VS Code extensions to distribute a GlassWorm malware loader. The post Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…

Microsoft Moves Closer to Disabling NTLM

The next major Windows Server and Windows releases will have the deprecated authentication protocol disabled by default. The post Microsoft Moves Closer to Disabling NTLM appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…

Over 1,400 MongoDB Databases Ransacked by Threat Actor

Of 3,100 unprotected MongoDB instances, half remain compromised, most of them by a single threat actor. The post Over 1,400 MongoDB Databases Ransacked by Threat Actor appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…

Cyber Insights 2026: Malware and Cyberattacks in the Age of AI

Security leaders share how artificial intelligence is changing malware, ransomware, and identity-led intrusions, and how defenses must evolve. The post Cyber Insights 2026: Malware and Cyberattacks in the Age of AI appeared first on SecurityWeek. This article has been indexed…

eScan Antivirus Delivers Malware in Supply Chain Attack

Hackers compromised a MicroWorld Technologies update server and fed a malicious file to eScan customers. The post eScan Antivirus Delivers Malware in Supply Chain Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…

175,000 Exposed Ollama Hosts Could Enable LLM Abuse

Among them, 23,000 hosts were persistently responsible for the majority of activity observed over 293 days of scanning. The post 175,000 Exposed Ollama Hosts Could Enable LLM Abuse appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…

White House Scraps ‘Burdensome’ Software Security Rules

Two Biden-era memorandums have been revoked, but some of the resources they provide can still be used by government organizations.  The post White House Scraps ‘Burdensome’ Software Security Rules  appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Hugging Face Abused to Deploy Android RAT

Android users were lured to applications that served a malicious payload hosted in a Hugging Face repository. The post Hugging Face Abused to Deploy Android RAT appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…

Ivanti Patches Exploited EPMM Zero-Days

The critical-severity vulnerabilities could allow unauthenticated attackers to execute arbitrary code remotely. The post Ivanti Patches Exploited EPMM Zero-Days appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Ivanti Patches Exploited EPMM Zero-Days