China-linked cyber-espionage actors tracked as ‘Bronze Butler’ (Tick) exploited a Motex Lanscope Endpoint Manager vulnerability as a zero-day to deploy an updated version of their Gokcpdoor malware. […]
ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability
The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY.
The activity, per the intelligence agency, involves the exploitation of CVE-2023-20198 (CVSS score: 10.0), a critical vulnerability that allows a remote, unauthenticated attacker to create an
The activity, per the intelligence agency, involves the exploitation of CVE-2023-20198 (CVSS score: 10.0), a critical vulnerability that allows a remote, unauthenticated attacker to create an
Windows 11 tests shared Bluetooth audio support, but only for AI PCs
If you have two headphones, speakers, earbuds, or any other Bluetooth hardware, you can now use both simultaneously on a Copilot+ PC. […]
Offensive ‘We got hacked’ emails sent in Penn security incident
The University of Pennsylvania suffered a cybersecurity incident on Friday, where students and alumni received a series of offensive emails from various University email addresses, including those from Penn’s Graduate School of Education (GSE). […]
OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically
OpenAI has announced the launch of an “agentic security researcher” that’s powered by its GPT-5 large language model (LLM) and is programmed to emulate a human expert capable of scanning, understanding, and patching code.
Called Aardvark, the artificial intelligence (AI) company said the autonomous agent is designed to help developers and security teams flag and fix security vulnerabilities at
Called Aardvark, the artificial intelligence (AI) company said the autonomous agent is designed to help developers and security teams flag and fix security vulnerabilities at
Microsoft Edge gets scareware sensor for faster scam detection
Microsoft is introducing a new scareware sensor for the Microsoft Edge web browser, which helps detect scam pages more quickly and ensures that Defender SmartScreen blocks them faster. […]
Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack
A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack.
Palo Alto Networks Unit 42 said it’s tracking the cluster under the moniker CL-STA-1009, where “CL” stands for cluster and “STA” refers to state-backed motivation.
“Airstalk misuses the AirWatch API for mobile device management (MDM), which is now
Palo Alto Networks Unit 42 said it’s tracking the cluster under the moniker CL-STA-1009, where “CL” stands for cluster and “STA” refers to state-backed motivation.
“Airstalk misuses the AirWatch API for mobile device management (MDM), which is now
Australia warns of BadCandy infections on unpatched Cisco devices
The Australian government is warning about ongoing cyberattacks against unpatched Cisco IOS XE devices in the country to infect routers with the BadCandy webshell. […]
In Other News: WhatsApp Passkey-Encrypted Backups, Russia Targets Meduza Malware, New Mastercard Solution
Other noteworthy stories that might have slipped under the radar: several interesting Android malware families, UN cybercrime treaty, criminal complaint against Clearview AI in Europe.
The post In Other News: WhatsApp Passkey-Encrypted Backups, Russia Targets Meduza Malware, New Mastercard Solution appeared first on SecurityWeek.
Why password controls still matter in cybersecurity
Passwords still matter — and weak policies leave the door wide open. Specops Software explains how longer passphrases, smarter banned-password lists, and adaptive rotation strategies can strengthen security without frustrating users. […]