The European Space Agency (ESA) confirmed that attackers recently breached servers outside its corporate network, which contained what it described as “unclassified” information on collaborative engineering activities. […]
Zoom Stealer browser extensions harvest corporate meeting intelligence
A newly discovered campaign, which researchers call Zoom Stealer, is affecting 2.2 million Chrome, Firefox, and Microsoft Edge users through 18 extensions that collect online meeting-related data like URLs, IDs, topics, descriptions, and embedded passwords. […]
US cybersecurity experts plead guilty to BlackCat ransomware attacks
Two former employees of cybersecurity incident response companies Sygnia and DigitalMint have pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023. […]
CISA orders feds to patch MongoBleed flaw exploited in attacks
CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, API keys, and other sensitive data. […]
8 Cybersecurity Acquisitions Surpassed $1 Billion Mark in 2025
The total disclosed value for all the cybersecurity M&A deals announced in 2025 exceeded $84 billion.
The post 8 Cybersecurity Acquisitions Surpassed $1 Billion Mark in 2025 appeared first on SecurityWeek.
Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware
The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos 4.0).
“This sophisticated attack leverages a complex kill chain involving DLL hijacking and the modular Valley RAT to ensure persistence,” CloudSEK researchers Prajwal Awasthi and Koushik Pal said in an
“This sophisticated attack leverages a complex kill chain involving DLL hijacking and the modular Valley RAT to ensure persistence,” CloudSEK researchers Prajwal Awasthi and Koushik Pal said in an
Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit
The threat actor uses a signed driver file containing two user-mode shellcodes to execute its ToneShell backdoor.
The post Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit appeared first on SecurityWeek.
How to Integrate AI into Modern SOC Workflows
Artificial intelligence (AI) is making its way into security operations quickly, but many practitioners are still struggling to turn early experimentation into consistent operational value. This is because SOCs are adopting AI without an intentional approach to operational integration. Some teams treat it as a shortcut for broken processes. Others attempt to apply machine learning to problems
Korean Air Data Compromised in Oracle EBS Hack
Roughly 30,000 Korean Air employees had their data stolen by hackers in a breach at former subsidiary KC&D.
The post Korean Air Data Compromised in Oracle EBS Hack appeared first on SecurityWeek.
Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor
The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected in mid-2025 targeting an unspecified entity in Asia.
The findings come from Kaspersky, which observed the new backdoor variant in cyber espionage campaigns mounted by the hacking group targeting
The findings come from Kaspersky, which observed the new backdoor variant in cyber espionage campaigns mounted by the hacking group targeting