brangberg – Page 170

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, according to reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout.
According to GTIG, multiple commercial surveillance vendors and suspected state-sponsored actors have utilized the full-chain exploit kit, codenamed DarkSword

Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks

Amazon found evidence that the FMC software vulnerability has been exploited since late January, and found links to Russia.

The post Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks appeared first on SecurityWeek.

CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild.
The vulnerabilities in question are as follows –

CVE-2025-66376 (CVSS score: 7.2) – A stored cross-site scripting

Aura confirms data breach exposing 900,000 marketing contacts

Identity protection company Aura has confirmed that an authorized party gained access to nearly 900,000 customer records containing names and email addresses. […]

CISA orders feds to patch Zimbra XSS flaw exploited in attacks

CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS). […]

The Collapse of Predictive Security in the Age of Machine-Speed Attacks

With exploitation of vulnerabilities taking just days, preemptive security must be the new model for defenders.

The post The Collapse of Predictive Security in the Age of Machine-Speed Attacks appeared first on SecurityWeek.

ConnectWise patches new flaw allowing ScreenConnect hijacking

ConnectWise is warning ScreenConnect customers of a cryptographic signature verification vulnerability that could lead to unauthorized access and privilege escalation. […]

Autonomous Offensive Security Firm XBOW Raises $120M at $1B+ Valuation

The company has developed an AI-powered platform that autonomously discovers and validates software vulnerabilities.

The post Autonomous Offensive Security Firm XBOW Raises $120M at $1B+ Valuation appeared first on SecurityWeek.

OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities for their involvement in the Democratic People’s Republic of Korea (DPRK) information technology (IT) worker scheme with an aim to defraud U.S. businesses and generate illicit revenue for the regime to fund its weapons of mass destruction (WMD) programs.
“The North Korean

Ransomware gang exploits Cisco flaw in zero-day attacks since January

The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco’s Secure Firewall Management Center (FMC) software in zero-day attacks since late January. […]

Author: brangberg