Holly Ventures announced the launch of its $33 million debut fund, a solo-led cybersecurity vehicle built around a simple idea that for early-stage cyber start-ups, access and value matter more than capital. Founded by John Brennan, formerly a Senior Partner…
AI-Driven Tools Uncover GhostPenguin Backdoor Attacking Linux Servers
A sophisticated Linux backdoor named GhostPenguin has been discovered by Trend Micro Research, evading detection for over four months after its initial submission to VirusTotal in July 2025. The threat represents a new breed of stealthy malware designed to maintain…
SAP Security Patch Day Fixes Critical Flaws in Solution Manager, NetWeaver & More
SAP has released its December 2025 Security Patch Day updates, addressing 14 new security notes that fix multiple critical and high‑severity vulnerabilities across key enterprise products. Administrators are strongly advised to review the latest security notes in the SAP Support…
Malicious VS Code on Microsoft Registry Steals WiFi Passwords and Captures Screens
Security researchers at Koi Security have uncovered a sophisticated malware campaign targeting developers through the Visual Studio Code Marketplace. The attack uses two seemingly innocent extensions a dark theme and an AI assistant to unleash a potent infostealer capable of…
New Vishing Attack Exploits Microsoft Teams and QuickAssist to Deploy .NET Malware
A sophisticated vishing campaign has emerged that combines social engineering with legitimate Microsoft tools to establish command execution chains leading to multi-stage .NET malware deployment. Security researchers have identified an attack flow that begins with impersonated IT personnel contacting victims…
Akira Group Targets Hyper-V and VMware ESXi with Ransomware Exploiting Vulnerabilities
Hypervisors the invisible backbone of modern corporate IT have become the new primary battleground for ransomware groups. According to new data from Huntress, attacks targeting hypervisors to deploy ransomware have skyrocketed in late 2025. While hypervisors like VMware ESXi and…
Microsoft Issues New ‘Critical’ Windows 11 Update Amid Broader Upgrade Push
The release targets the Windows Recovery Environment and plays a major role in how systems recover from boot failures. The post Microsoft Issues New ‘Critical’ Windows 11 Update Amid Broader Upgrade Push appeared first on TechRepublic. This article has been…
Microsoft Copilot Disruption in the UK: Users Face Access Issues and Degraded Features
Microsoft 365 services encountered a snag today, leaving users in the United Kingdom struggling to access Microsoft Copilot or experiencing reduced functionality in key features. The outage, flagged on the official Microsoft 365 Status X account, has raised concerns among businesses…
New Mirai Botnet Variant ‘Broadside’ Actively Attacking Users in the Wild
A sophisticated new variant of the Mirai botnet, named “Broadside,” has emerged as an active threat targeting maritime shipping companies and vessel operators. The malware exploits a critical vulnerability in TBK Digital Video Recorder (DVR) devices used for security monitoring…
Hackers Exploiting Vulnerabilities in Ivanti Connect Secure to Deploy MetaRAT Malware
A China-based attack group has launched a targeted campaign against Japanese shipping and transportation companies by exploiting critical vulnerabilities in Ivanti Connect Secure (ICS). The campaign, uncovered in April 2025, leverages two severe vulnerabilities to gain initial access to target…
GhostPenguin Backdoor With Zero-Detection Attacking Linux Servers Uncovered Using AI-Automated Tools
A previously undocumented Linux backdoor named GhostPenguin has been discovered evading detection for over four months. This multi-threaded C++ malware establishes remote shell access and file-system operations via encrypted UDP, making it exceptionally difficult to detect with traditional security tools.…
EU fines X $140m, tied to verification rules that make impostor scams easier
The core problem persists: anyone can still buy a ‘verified’ checkmark from X, so don’t take their authenticity for granted. This article has been indexed from Malwarebytes Read the original article: EU fines X $140m, tied to verification rules that…
UK to Europe: The time to counter Russia’s information war machine is now
Foreign secretary set to address senior diplomats later today The UK’s foreign secretary is calling for closer collaboration with Europe to combat the growing threat of information warfare as hybrid attacks target countries on the continent.… This article has been…
US Posts $10 Million Bounty for Iranian Hackers
The US seeks information on the leader of Emennet Pasargad, Mohammad Bagher Shirinkar, and long-time employee Fatemeh Sedighian Kashi. The post US Posts $10 Million Bounty for Iranian Hackers appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
AI vs. Human Drivers
Two competing arguments are making the rounds. The first is by a neurosurgeon in the New York Times. In an op-ed that honestly sounds like it was paid for by Waymo, the author calls driverless cars a “public health breakthrough”:…
Proofpoint Completes $1.8 Billion Acquisition of Hornetsecurity
Enterprise cybersecurity giant Proofpoint has completed the acquisition of Germany-based Microsoft 365 security solutions provider Hornetsecurity. Financial details were not officially disclosed when news of the transaction came to light, but it was reported that Proofpoint would be paying $1…
New Black Kite module offers product-level insight into software supply chain vulnerabilities
Black Kite released its new Product Analysis module, which allows security teams to evaluate the risks of third-party software products at a granular level. As the first TPRM platform to offer this capability, Black Kite provides a more detailed view…
Nudge Security expands platform with new AI governance capabilities
Nudge Security announced an expansion of its platform to address the need for organizations to mitigate AI data security risks while supporting workforce AI use. New capabilities include: AI conversation monitoring: Detect sensitive data shared via file uploads and conversations…
Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats
Google on Monday announced a set of new security features in Chrome, following the company’s addition of agentic artificial intelligence (AI) capabilities to the web browser. To that end, the tech giant said it has implemented layered defenses to make…
How to Streamline Zero Trust Using the Shared Signals Framework
Zero Trust helps organizations shrink their attack surface and respond to threats faster, but many still struggle to implement it because their security tools don’t share signals reliably. 88% of organizations admit they’ve suffered significant challenges in trying to implement…
Deepfakes, AI resumes, and the growing threat of fake applicants
Attackers are blending automation, impersonation, and social engineering to get inside organizations. Here’s how to spot the signs. This article has been indexed from Malwarebytes Read the original article: Deepfakes, AI resumes, and the growing threat of fake applicants
New ‘Broadside’ Botnet Poses Risk to Shipping Companies
The botnet attempts to steal credentials from infected TBK DVR devices, in addition to abusing them to launch DDoS attacks. The post New ‘Broadside’ Botnet Poses Risk to Shipping Companies appeared first on SecurityWeek. This article has been indexed from…
watchTowr Active Defense delivers automated protection from exposure to defense
watchTowr announced major capability enhancements, including the launch of Active Defense, a new capability that closes the gap between discovery and protection. Active Defense delivers automated, intelligence-driven protection the moment a validated exposure is identified, providing defenders with near-instant coverage…
New Black Kite module delivers product-level insight into software supply chain vulnerabilities
Black Kite released its new Product Analysis module, which allows security teams to evaluate the risks of third-party software products at a granular level. As the first TPRM platform to offer this capability, Black Kite provides a more detailed view…