In 2024, as the Russia-Ukraine war prolongs and military and economic cooperation between North Korea and Russia deepens, cyberspace has become a central battleground for international conflict. Russia is leveraging cyber-attacks to alleviate economic pressure from international sanctions and to…
GitHub Introduces npm Security with Stronger Authentication and Trusted Publishing
Open source software powers much of today’s technology, enabling developers around the world to build and share tools, libraries, and applications. However, the same openness that drives innovation also presents serious security challenges. Attackers regularly target package registries like npm…
Scattered Spider Suspect Arrested in US
The juvenile suspect surrendered on September 17 and was booked on computer intrusion, extortion, and identity theft charges. The post Scattered Spider Suspect Arrested in US appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Car Giant Stellantis Confims Third-Party Breach
Stellantis confirmed that customers’ personal information was potentially exposed This article has been indexed from www.infosecurity-magazine.com Read the original article: Car Giant Stellantis Confims Third-Party Breach
Massive 22.2 Tbps DDoS Attack Sets New World Record
Cloudflare announced today that it has successfully mitigated the largest distributed denial-of-service (DDoS) attack ever recorded. The hyper-volumetric assault peaked at a staggering 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps), shattering the previous record of…
Automotive Titan Stellantis Discloses Data Breach
The company says customer contact information was stolen from a third-party service provider’s platform. The post Automotive Titan Stellantis Discloses Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Automotive Titan Stellantis…
Back to School Means Back to Breaches
Cybercriminals are increasingly targeting schools and universities. Learn how students, parents, and educators can strengthen cybersecurity defenses. The post Back to School Means Back to Breaches appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read…
Why Strong Search Engine and AI Visibility Depends on Strong Security
SEO and cybersecurity are now inseparable. Learn how site performance, trust signals, and attack surface management impact rankings and digital trust. The post Why Strong Search Engine and AI Visibility Depends on Strong Security appeared first on Security Boulevard. This…
BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells
Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken by a Chinese-speaking threat actor using a malware called BadIIS in attacks targeting East and Southeast Asia, particularly with a focus on Vietnam. The activity,…
Jaguar Land Rover Extends Production Pause Again
UK carmaker Jaguar Land Rover has said production will remain shuttered until October 1 This article has been indexed from www.infosecurity-magazine.com Read the original article: Jaguar Land Rover Extends Production Pause Again
Lectora Desktop and Online XSS Vulnerability Enables JavaScript Injection
A critical cross-site scripting (XSS) vulnerability affecting both Lectora Desktop and Lectora Online has been disclosed, enabling attackers to inject JavaScript through crafted URL parameters. Discovered by security researcher Mohammad Jassim and documented by the CERT® Coordination Center on September…
Nimbus Manticore Targets Defense and Telecom Industries with New Malware Attack
Check Point Research has identified a long-running campaign by the Iranian-aligned threat actor Nimbus Manticore—also known as UNC1549, Smoke Sandstorm, and the “Iranian Dream Job” operation—targeting defense manufacturers, telecommunications, and aviation entities aligned with IRGC priorities. Recent activity demonstrates a…
Canada’s RCMP closes TradeOgre, seizes $40M in country’s largest crypto bust
RCMP shuts down TradeOgre, seizing $40M from crime, the first crypto exchange closure and largest asset seizure in Canada’s history. The Royal Canadian Mounted Police shut down the crypto exchange TradeOgre and seized $40M worth of crypto assets. This is…
European Airport Disruptions Caused by Sophisticated Ransomware Attack
Over the weekend, a sophisticated ransomware attack compromised Collins Aerospace’s Muse check-in and boarding systems, forcing key hubs including Heathrow, Brussels, and Berlin to return to manual processes. Airlines reported hundreds of delayed and cancelled flights as security teams raced…
Libraesva ESG Vulnerability Let Attackers Inject Malicious Commands
A critical security flaw in Libraesva ESG email security gateways has been identified and patched, allowing threat actors to execute arbitrary commands through specially crafted email attachments. The vulnerability, tracked as CVE-2025-59689, affects multiple versions of the popular email security…
European Airport Operations Disrupted by Ransomware
Passengers across Europe are facing another day of flight delays after a cyber-attack struck the company behind the check-in and boarding software used at many airports. London Heathrow, Brussels, Dublin and Berlin have been worst hit since Friday, when the…
EDR-Freeze, DeepMind persuasion, vendors exit ATT&CK
EDR-Freeze tool suspends security software DeepMind updates Frontier Safety Framework Major vendors withdraw from MITRE EDR Evaluations Huge thanks to our sponsor, Conveyor Security reviews don’t have to feel like a hurricane. Most teams are buried in back-and-forth emails and…
Apple Disables AirPods Live Translation In EU
Apple says it will not allow Live Translation to work for EU users as it criticises regulatory efforts forcing it to open up ecosystem This article has been indexed from Silicon UK Read the original article: Apple Disables AirPods Live…
Hackers Using SVG Files to Deliver Malicious Payloads
A recent malware campaign making the rounds in Latin America offers a stark example of how cybercriminals are evolving and finetuning their playbooks. Victims receive emails dressed up to look as though they come from trusted institutions, warning of lawsuits…
22.2 Tbps DDoS Attack Breaks Internet With New World Record
Cloudflare announced it had autonomously mitigated the largest distributed denial-of-service (DDoS) attack ever recorded. The hyper-volumetric attack peaked at an unprecedented 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps), setting a new and alarming benchmark for…
Libraesva ESG Vulnerability Allows Attackers to Execute Malicious Commands
A critical command injection vulnerability in Libraesva ESG email security gateways has been discovered, allowing attackers to execute arbitrary commands through specially crafted compressed email attachments. The vulnerability, designated CVE-2025-59689, affects versions starting from 4.5 and has already been exploited…
Hackers Exploit GitHub Notifications to Launch Phishing Attacks
Cybersecurity researchers have uncovered a new phishing campaign that exploits GitHub’s official notification system to deliver malicious links and credential-stealing payloads. By capitalizing on the trust that open-source contributors place in GitHub’s communication channels, cybercriminals are able to bypass traditional…
EV charging biz zaps customers with data leak scare
Names, emails unplugged in DCS support snafu – but ‘billing is safe’ An electric vehicle charging point provider is telling users that their data may be compromised, following a recent security “incident” at a service provider.… This article has been…
Cybercriminals are going after law firms’ sensitive client data
Regardless of their size, all law firms hold valuable data, including client communications, financial records, and confidential legal strategies. That data has never been more at risk. Cybercriminals are targeting law firms by exploiting vulnerabilities, weak passwords, outdated systems, and…