Blockchain investigation firm TRM Labs says ongoing cryptocurrency thefts have been traced to the 2022 LastPass breach, with attackers draining wallets years after encrypted vaults were stolen and laundering the crypto through Russian exchanges. […]
Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass
Over 10,000 Internet-exposed Fortinet firewalls are still vulnerable to attacks exploiting a five-year-old two-factor authentication (2FA) bypass vulnerability. […]
Google is testing a new image AI and it’s going to be its fastest model
Google is testing a new image AI model called “Nano Banana 2 Flash,” and it’s going to be as good as the Gemini 3 Pro Nano Banana, but it’ll be cheaper. […]
Trust Wallet links $8.5 million crypto theft to Shai-Hulud NPM attack
Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is likely related to an “industry-wide” Sha1-Hulud attack in November. […]
Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia
The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts.
“The campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF document
“The campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF document
Two US Cybersecurity Pros Plead Guilty Over Ransomware Attacks
Ryan Goldberg and Kevin Martin have admitted being affiliates of the BlackCat/Alphv ransomware group.
The post Two US Cybersecurity Pros Plead Guilty Over Ransomware Attacks appeared first on SecurityWeek.
The ROI Problem in Attack Surface Management
Attack Surface Management (ASM) tools promise reduced risk. What they usually deliver is more information.
Security teams deploy ASM, asset inventories grow, alerts start flowing, and dashboards fill up. There is visible activity and measurable output. But when leadership asks a simple question, “Is this reducing incidents?” the answer is often unclear.
This gap between effort and
Security teams deploy ASM, asset inventories grow, alerts start flowing, and dashboards fill up. There is visible activity and measurable output. But when leadership asks a simple question, “Is this reducing incidents?” the answer is often unclear.
This gap between effort and
RondoDox Botnet Exploiting React2Shell Vulnerability
In December, the botnet’s operators focused on weaponizing the flaw to compromise vulnerable Next.js servers.
The post RondoDox Botnet Exploiting React2Shell Vulnerability appeared first on SecurityWeek.
Covenant Health Data Breach Impacts 478,000 Individuals
The Qilin ransomware group hacked the healthcare organization and stole data from its systems in May 2025.
The post Covenant Health Data Breach Impacts 478,000 Individuals appeared first on SecurityWeek.
Adobe ColdFusion Servers Targeted in Coordinated Campaign
GreyNoise has observed thousands of requests targeting a dozen vulnerabilities in Adobe ColdFusion during the Christmas 2025 holiday.
The post Adobe ColdFusion Servers Targeted in Coordinated Campaign appeared first on SecurityWeek.