The French cybersecurity startup tricks attackers into revealing stolen credentials so they can be neutralized.
The post MokN Raises $3 Million for Phish-Back Solution appeared first on SecurityWeek.
New “Cavalry Werewolf” Attack Hits Russian Agencies with FoalShell and StallionRAT
A threat actor that’s known to share overlaps with a hacking group called YoroTrooper has been observed targeting the Russian public sector with malware families such as FoalShell and StallionRAT.
Cybersecurity vendor BI.ZONE is tracking the activity under the moniker Cavalry Werewolf. It’s also assessed to have commonalities with clusters tracked as SturgeonPhisher, Silent Lynx, Comrade Saiga,
Cybersecurity vendor BI.ZONE is tracking the activity under the moniker Cavalry Werewolf. It’s also assessed to have commonalities with clusters tracked as SturgeonPhisher, Silent Lynx, Comrade Saiga,
Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks
The software giant’s investigation showed that vulnerabilities patched in July 2025 may be involved.
The post Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks appeared first on SecurityWeek.
Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities
High-severity flaws were patched in Chrome’s WebGPU and Video components, and in Firefox’s Graphics and JavaScript Engine components.
The post Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities appeared first on SecurityWeek.
CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, CVE-2025-4008 (CVSS score: 8.7), is a case of command injection in the Meteobridge web interface that could result in code execution.
“
The vulnerability, CVE-2025-4008 (CVSS score: 8.7), is a case of command injection in the Meteobridge web interface that could result in code execution.
“
Red Hat Confirms GitLab Instance Hack, Data Theft
Hackers claim to have stolen 28,000 private repositories, including data associated with major companies that use Red Hat services.
The post Red Hat Confirms GitLab Instance Hack, Data Theft appeared first on SecurityWeek.
Microsoft Outlook stops displaying inline SVG images used in attacks
Microsoft says Outlook for Web and the new Outlook for Windows will no longer display risky inline SVG images that are being used in attacks. […]
DrayTek warns of remote code execution bug in Vigor routers
Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform arbitrary code. […]
HackerOne paid $81 million in bug bounties over the past year
Bug bounty platform HackerOne announced that it paid out $81 million in rewards to white-hat hackers worldwide over the past 12 months. […]
Brave browser surpasses the 100 million active monthly users mark
Brave browser this September has reached 101 million monthly active users and 42 million daily active users, hitting a new record in the project’s history. […]