CISA confirmed on Wednesday that ransomware gangs have begun exploiting a high-severity VMware ESXi sandbox escape vulnerability that was previously used in zero-day attacks. […]
DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of “disciplined tradecraft and clever abuse of legitimate system features” to bypass traditional detection mechanisms and deploy a remote access trojan (RAT) known as AsyncRAT.
“The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memory
“The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memory
CISA warns of five-year-old GitLab flaw exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab vulnerability that is actively being exploited in attacks. […]
The Double-Edged Sword of Non-Human Identities
Leaked non-human identities like API keys and tokens are becoming a major breach driver in cloud environments. Flare shows how exposed machine credentials quietly grant attackers long-term access to enterprise systems. […]
Blockchain Intelligence Firm TRM Labs Raises $70 Million at $1 Billion Valuation
The Series C funding will enable the company to expand its AI capabilities for disrupting criminal networks.
The post Blockchain Intelligence Firm TRM Labs Raises $70 Million at $1 Billion Valuation appeared first on SecurityWeek.
EDR killer tool uses signed kernel driver from forensic software
Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them. […]
China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025.
Check Point Research is tracking the previously undocumented activity cluster under the moniker Amaranth-Dragon, which it said shares links to the APT 41 ecosystem. Targeted countries include Cambodia,
Check Point Research is tracking the previously undocumented activity cluster under the moniker Amaranth-Dragon, which it said shares links to the APT 41 ecosystem. Targeted countries include Cambodia,
New Amaranth Dragon cyberespionage group exploits WinRAR flaw
A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies. […]
Vulnerabilities Allowed Full Compromise of Google Looker Instances
The flaws dubbed LookOut can be exploited for remote code execution and data exfiltration.
The post Vulnerabilities Allowed Full Compromise of Google Looker Instances appeared first on SecurityWeek.
Cyber Insights 2026: Cyberwar and Rising Nation State Threats
While both cyberwar and cyberwarfare will increase through 2026, cyberwarfare is likely to increase more dramatically. We hope it will never boil over – but we should be aware of the possibility and its consequences.
The post Cyber Insights 2026: Cyberwar and Rising Nation State Threats appeared first on SecurityWeek.