brangberg – Page 207

New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale

Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at scale.
BlackForce, first detected in August 2025, is designed to steal credentials and perform Man-in-the-Browser (MitB) attacks to capture one-time passwords (OTPs) and bypass multi-factor authentication (MFA). The kit

Gladinet CentreStack Flaw Exploited to Hack Organizations

Threat actors have hacked at least nine organizations by exploiting the recently patched Gladinet CentreStack flaw.

The post Gladinet CentreStack Flaw Exploited to Hack Organizations appeared first on SecurityWeek.

Fieldtex Data Breach Impacts 238,000

The Akira ransomware group took credit for the Fieldtex Products hack in November, claiming to have stolen 14 Gb of data.

The post Fieldtex Data Breach Impacts 238,000 appeared first on SecurityWeek.

Recent GeoServer Vulnerability Exploited in Attacks

Because user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request.

The post Recent GeoServer Vulnerability Exploited in Attacks appeared first on SecurityWeek.

MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities

XSS remains the top software weakness, followed by SQL injection and CSRF. Buffer overflow issues and improper access control make it to top 25.

The post MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities appeared first on SecurityWeek.

New Windows RasMan zero-day flaw gets free, unofficial patches

Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service. […]

Microsoft Bug Bounty Program Expanded to Third-Party Code

All critical vulnerabilities in Microsoft, third-party, and open source code are eligible for rewards if they impact Microsoft services.

The post Microsoft Bug Bounty Program Expanded to Third-Party Code appeared first on SecurityWeek.

Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking

Notepad++ found a vulnerability in the way the software updater authenticates update files.

The post Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking appeared first on SecurityWeek.

Securing GenAI in the Browser: Policy, Isolation, and Data Controls That Actually Work

The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT Atlas. Employees are leveraging the power of GenAI to draft emails, summarize documents, work on code, and analyze data, often by copying/pasting sensitive information directly into prompts or uploading files.
Traditional

CISA orders feds to patch actively exploited Geoserver flaw

CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. […]

Author: brangberg