The Washington Post is notifying nearly 10,000 employees and contractors that some of their personal and financial data has been exposed in the Oracle data theft attack. […]
ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure
A researcher found a way to exploit an SSRF vulnerability related to custom GPTs to obtain an Azure access token.
The post ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure appeared first on SecurityWeek.
1,000+ Servers Hit in Law Enforcement Takedown of Rhadamanthys, VenomRAT, Elysium
An individual believed to have been involved in the operation of VenomRAT was arrested recently in Greece.
The post 1,000+ Servers Hit in Law Enforcement Takedown of Rhadamanthys, VenomRAT, Elysium appeared first on SecurityWeek.
CISA Updates Guidance on Patching Cisco Devices Targeted in China-Linked Attacks
Federal agencies have reported as ‘patched’ ASA or FTD devices running software versions vulnerable to attacks.
The post CISA Updates Guidance on Patching Cisco Devices Targeted in China-Linked Attacks appeared first on SecurityWeek.
Kerberoasting in 2025: How to protect your service accounts
Kerberoasting attacks let hackers steal service account passwords and escalate to domain admin, often without triggering alerts. Specops Software shares how auditing AD passwords, enforcing long unique credentials, and using AES encryption can shut these attacks down early. […]
Webinar Today: The Future of Industrial Network Security
Join us as speakers from Cisco outline important steps industrial organizations can take to safeguard operations, achieve compliance, and enable sustainable growth.
The post Webinar Today: The Future of Industrial Network Security appeared first on SecurityWeek.
Microsoft rolls out screen capture prevention for Teams users
Microsoft is rolling out a new Teams feature for Premium customers that will automatically block screenshots and recordings during meetings. […]
Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm
The spam campaign is likely orchestrated by an Indonesian threat actor, based on code comments and the packages’ random names.
The post Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm appeared first on SecurityWeek.
Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain
Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to exfiltrate users’ seed phrases.
The name of the extension is “Safery: Ethereum Wallet,” with the threat actor describing it as a “secure wallet for managing Ethereum cryptocurrency with flexible settings.” It was uploaded to the Chrome Web Store on
The name of the extension is “Safery: Ethereum Wallet,” with the threat actor describing it as a “secure wallet for managing Ethereum cryptocurrency with flexible settings.” It was uploaded to the Chrome Web Store on
Popular Android-based photo frames download malware on boot
Uhale Android-based digital picture frames come with multiple critical security vulnerabilities and some of them download and execute malware at boot time. […]