Intel has filed a federal lawsuit against a former employee accused of downloading thousands of classified documents shortly after being terminated, raising serious concerns about corporate data security and insider threats. Jinfeng Luo, a software developer who has worked at…
Tag: EN
Crypto-less Crypto Investment Scams: A California Case
My readers will know by now that I am addicted to PACER – the Public Access to Court Electronic Records. When I see headlines like this one, I am compelled to dive in and read every publicly released document related…
Two New Web Application Risk Categories Added to OWASP Top 10
OWASP has added two new categories to the revised version of its Top 10 list of the most critical risks to web applications. The post Two New Web Application Risk Categories Added to OWASP Top 10 appeared first on SecurityWeek.…
MAD-CAT “Meow” Tool Sparks Real-World Data Corruption Attacks
The infamous Meow attack, which devastated unsecured databases since 2020, has resurfaced with renewed force through MAD-CAT (Meow Attack Data Corruption Automation Tool). This custom-built adversarial simulation tool demonstrates how easily attackers can corrupt data across multiple database platforms simultaneously, highlighting a…
GlassWorm Malware Returns to Open VSX, Emerges on GitHub
Three more VS Code extensions were infected last week and the malware has emerged in GitHub repositories as well. The post GlassWorm Malware Returns to Open VSX, Emerges on GitHub appeared first on SecurityWeek. This article has been indexed from…
New Browser Security Report Reveals Emerging Threats for Enterprises
According to the new Browser Security Report 2025, security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user’s browser. Yet traditional controls like DLP, EDR, and SSE still operate one layer too…
⚡ Weekly Recap: Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More
Cyber threats didn’t slow down last week—and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild. But that’s just the surface. From sleeper logic…
Popular npm Library Used in AI and NLP Projects Exposes Systems to RCE
A critical remote code execution vulnerability has been discovered in the widely used JavaScript library expr-eval, affecting thousands of projects that rely on it for mathematical expression evaluation and natural language processing. The vulnerability, tracked as CVE-2025-12735, poses significant risks…
Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting
With a 4M cybersecurity worker shortage, agentic AI helps SOCs move beyond triage, enabling proactive security once thought impossible. With a deficit of 4 million cybersecurity workers worldwide, it’s no surprise that most SOCs are still stuck in triage mode.…
VTPRACTITIONERS{ACRONIS}: Tracking FileFix, Shadow Vector, and SideWinder
Introduction We have recently started a new blog series called #VTPRACTITIONERS. This series aims to share with the community what other practitioners are able to research using VirusTotal from a technical point of view. Our first blog saw our colleagues…
Watch out for Walmart gift card scams
The only thing you’re winning here is a spot on marketing lists you never asked to join. This article has been indexed from Malwarebytes Read the original article: Watch out for Walmart gift card scams
Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site
The Cl0p website lists major organizations such as Logitech, The Washington Post, Cox Enterprises, Pan American Silver, LKQ Corporation, and Copeland. The post Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site appeared first on SecurityWeek.…
Threat Actors Attacking Outlook and Google Bypassing Traditional Email Defenses
Threat actors are systematically compromising Outlook and Google mailboxes with alarming success, leveraging sophisticated techniques that sidestep traditional email defenses entirely. According to VIPRE’s Q3 2025 Email Threat Report, over 90% of phishing attacks specifically target these two dominant email…
10 Popular Black Friday Scams – How to Detect the Red Flags and Protect your wallet and Data
Black Friday 2025 represents the most dangerous shopping season in cybercrime history, with fraudsters leveraging artificial intelligence, deepfake technology, and sophisticated social engineering tactics to target millions of consumers globally. Recent cybersecurity research indicates that scam websites surged 89% year-over-year,…
Elastic Defend for Windows Vulnerability Let Attackers Escalate Privileges
Elastic has disclosed a significant security vulnerability in Elastic Defend for Windows that could allow attackers to escalate their privileges on affected systems. Tracked as CVE-2025-37735 and designated as ESA-2025-23, the flaw stems from improper permission preservation within the Defend…
Google’s Gemini Deep Research Tool Gains Access to Gmail, Chat, and Drive Data
Google has expanded its Gemini AI model’s Deep Research feature to pull data directly from users’ Gmail, Google Drive, and Google Chat accounts. Announced today, this update allows the tool to integrate personal emails, documents, spreadsheets, slides, PDFs, and chat…
Monsta FTP Vulnerability Exposed Thousands of Servers to Full Takeover
Monsta FTP users must update now! A critical pre-authentication flaw (CVE-2025-34299) allows hackers to fully take over web servers. Patch to version 2.11.3 immediately. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and…
Australia Sanctions Hackers Supporting North Korea’s Weapons Program
Australia mirrored the US’s recent sanctions against bankers, financial institutions, and others allegedly involved in laundering funds for North Korea. The post Australia Sanctions Hackers Supporting North Korea’s Weapons Program appeared first on SecurityWeek. This article has been indexed from…
QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland
Multiple vulnerabilities across QNAP’s portfolio could lead to remote code execution, information disclosure, and denial-of-service (DoS) conditions. The post QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
HackGPT Launches as AI-Driven Penetration Testing Suite Using GPT-4 and Other Models
HackGPT Enterprise has officially launched as a production-ready, cloud-native AI-powered penetration testing platform designed specifically for enterprise security teams. Created by Yashab Alam, Founder and CEO of ZehraSec, the platform represents a significant advancement in automated security assessments by integrating…