A group of hackers linked to the Chinese government has been caught infiltrating a wide range of US organizations, from technology The post Google Warns of BRICKSTORM Malware first appeared on CyberMaterial. This article has been indexed from CyberMaterial Read…
Fake PyPI Login Site Steals Credentials
The Python Software Foundation (PSF) has issued a warning to developers about a sophisticated phishing campaign aimed at users of the Python The post Fake PyPI Login Site Steals Credentials first appeared on CyberMaterial. This article has been indexed from…
Jaguar Land Rover begins phased restoration of services following cyberattack
The luxury automaker is working diligently to clear payment backlogs and resume the shipment of parts. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Jaguar Land Rover begins phased restoration of services following…
From Defense to Offense: Why Ambitious CISOs Are Becoming Founders
Once seen primarily as a technical gatekeeper, today’s chief information security officer (CISO) is a strategic leader responsible for safeguarding systems and ensuring the trust and continuity of the business…. The post From Defense to Offense: Why Ambitious CISOs Are…
Phishing Campaign Targets PyPI Maintainers with Fake Login Site
Fake PyPI login site phishing campaign threatens developer credentials and the open-source supply chain. The post Phishing Campaign Targets PyPI Maintainers with Fake Login Site appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the…
Hackers exploit Fortra GoAnywhere flaw before public alert
watchTowr Labs says hackers exploited the Fortra GoAnywhere MFT flaw CVE-2025-10035 on Sept 10, 2025, a week before public disclosure. Cybersecurity firm watchTowr Labs revealed that it has ‘credible evidence’ that the critical Fortra GoAnywhere MFT flaw CVE-2025-10035 was actively…
GitLab High-Severity Vulnerabilities Let Attackers Crash Instances
GitLab has disclosed multiple high-severity Denial-of-Service (DoS) vulnerabilities that could allow unauthenticated attackers to crash self-managed GitLab instances. These flaws impact Community Edition (CE) and Enterprise Edition (EE) versions prior to 18.4.1, 18.3.3, and 18.2.7, and exploit both HTTP endpoints…
Postal Thief Arrested in Oregon
The case caught my eye with the headline in the Oregon Live trumpeting: “Mail theft suspect in Portland made daring 13th-floor balcony escape, later arrested” and saying that the suspect’s apartment contained ONE HUNDRED SEVENTY POSTAL KEYS! But Michael John…
‘An attacker’s playground:’ Crims exploit GoAnywhere perfect-10 bug
Researchers say tens of thousands of instances remain publicly reachable Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra’s GoAnywhere managed file transfer (MFT), and chastised the vendor for a lack of transparency.… This article…
Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035)
CVE-2025-10035, a perfect CVSS 10.0 vulnerability in the Fortra GoAnywhere managed file transfer solution, has apparently been exploited in zero-day attacks before the patch was released on September 15, 2025. Evidence of in-the-wild exploitation revealed On September 18, Fortra urged…
LockBit’s new variant is ‘most dangerous yet,’ hitting Windows, Linux and VMware ESXi
Operation Cronos didn’t kill LockBit – it just came back meaner Trend Micro has sounded the alarm over the new LockBit 5.0 ransomware strain, which it warns is “significantly more dangerous” than past versions due to its newfound ability to…
Vietnamese Hackers Exploit Fake Copyright Notices to Spread ‘Lone None’ Stealer
Vietnamese hackers use fake copyright notices and Telegram-based malware to steal data and crypto in a growing phishing campaign. The post Vietnamese Hackers Exploit Fake Copyright Notices to Spread ‘Lone None’ Stealer appeared first on eSecurity Planet. This article has…
Interpol Says 260 Suspects in Online Romance Scams Have Been Arrested in Africa
The operation took place in July and August and focused on scams in which perpetrators build online romantic relationships to extract money from targets or blackmail them with explicit images, Interpol said. The post Interpol Says 260 Suspects in Online…
Vietnamese Hackers Exploit Fake Copyright Notices to Spread “Lone None” Stealer
Vietnamese hackers use fake copyright notices and Telegram-based malware to steal data and crypto in a growing phishing campaign. The post Vietnamese Hackers Exploit Fake Copyright Notices to Spread “Lone None” Stealer appeared first on eSecurity Planet. This article has…
Google and Flo to pay $56 million after misusing users’ health data
Flo Health and Google agreed to pay $56 million to settle lawsuits alleging the period-tracking app shared sensitive health data for ads. This article has been indexed from Malwarebytes Read the original article: Google and Flo to pay $56 million…
OpenAI Patches ChatGPT Gmail Flaw Exploited by Hackers in Deep Research Attacks
OpenAI has fixed a security vulnerability that could have allowed hackers to manipulate ChatGPT into leaking sensitive data from a victim’s Gmail inbox. The flaw, uncovered by cybersecurity company Radware and reported by Bloomberg, involved ChatGPT’s “deep research” feature.…
Malicious MCP Server Discovered Stealing Sensitive Emails Using AI Agents
Enterprises everywhere are embracing MCP servers—tools that grant AI assistants “god-mode” permissions to send emails, run database queries, and automate tedious tasks. But no one ever stopped to ask: Who built these tools? Today, the first real-world malicious MCP server—postmark-mcp—has…
How to Defend Against Credential Attacks with a Hybrid Mesh Architecture
Introduction Credential-based attacks have reached epidemic levels. The 2025 Verizon Data Breach Investigations Report (DBIR) underscores the trend: 22% of breaches now start with compromised credentials, while Check Point External Risk Management found that leaked credential volumes surged 160% year-over-year.…
SVG Phishing hits Ukraine with Amatera Stealer, PureMiner
A phishing campaign in Ukraine uses malicious SVG files to drop Amatera Stealer and PureMiner, enabling data theft and cryptomining. Learn more. This article has been indexed from Fortinet Threat Research Blog Read the original article: SVG Phishing hits…
First-Ever Malicious MCP Server Found in the Wild Steals Emails via AI Agents
The first-ever malicious Model-Context-Prompt (MCP) server discovered in the wild, a trojanized npm package named postmark-mcp that has been secretly exfiltrating sensitive data from users’ emails. The package, downloaded approximately 1,500 times per week, contained a backdoor that copied every…
New Variant of The XCSSET Malware Attacking macOS App Developers
The macOS threat landscape has witnessed a significant escalation with the discovery of a new variant of the XCSSET malware targeting app developers. First observed in late September 2025, this variant builds upon earlier versions by introducing enhanced stealth techniques,…
Fortra GoAnywhere Vulnerability Exploited as 0-Day Before Patch
A critical, perfect 10.0 CVSS score vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) solution was actively exploited as a zero-day at least a week before the company released a patch. The vulnerability, tracked as CVE-2025-10035, is a command injection…
New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused Cyberattacks
The Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed to deliver two new “lightweight” malware families tracked as BAITSWITCH and SIMPLEFIX. Zscaler ThreatLabz, which detected the new multi-stage…
Singapore Threatens Meta With Fines Over Facebook Impersonation Scams
The Singapore police said Facebook is the top platform for online scams in the country This article has been indexed from www.infosecurity-magazine.com Read the original article: Singapore Threatens Meta With Fines Over Facebook Impersonation Scams