brangberg – Page 393

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday.
The vulnerability in question is CVE-2025-11001 (CVSS score: 7.0), which allows remote attackers to execute arbitrary code. It has been addressed in 7-Zip version 25.00 released in July 2025.
“The specific flaw exists

Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named Eternidade Stealer as part of attacks targeting users in Brazil.
“It uses Internet Message Access Protocol (IMAP) to dynamically retrieve command-and-control (C2) addresses, allowing the threat actor to

Watch Now: Protecting What WAFs and Gateways Can’t See – Register

Learn why legacy approaches fail to stop modern API threats and show how dedicated API security delivers the visibility, protection, and automation needed to defend against today’s evolving risks.

The post Watch Now: Protecting What WAFs and Gateways Can’t See – Register appeared first on SecurityWeek.

New WrtHug campaign hijacks thousands of end-of-life ASUS routers

Thousands of ASUS WRT routers, mostly end-of-life or outdated devices, have been hijacked in a global campaign called Operation WrtHug that exploits six vulnerabilities. […]

The hidden risks in your DevOps stack data—and how to address them

DevOps repos on GitHub, GitLab, Bitbucket, and Azure DevOps face risks from weak access controls, misconfigurations, outages, and accidental deletions. GitProtect provides automated, immutable backups and fast recovery to secure your DevOps data. […]

Mate Emerges From Stealth Mode With $15.5 Million in Seed Funding

The cybersecurity startup will use the funds to expand its engineering team, extend collaborations, and get ready for enterprise rollout.

The post Mate Emerges From Stealth Mode With $15.5 Million in Seed Funding appeared first on SecurityWeek.

CISA gives govt agencies 7 days to patch new Fortinet flaw

CISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet’s FortiWeb web application firewall, which was exploited in zero-day attacks. […]

Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign

Threat actors are exploiting a two-year-old vulnerability in the Ray AI framework in a fresh campaign that hit numerous clusters, Oligo reports. Maintained by Anyscale, Ray is an open source framework for scaling Python-based AI and ML applications. Ray clusters can be deployed into the cloud to scale workloads, and should be secured and isolated […]

The post Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign appeared first on SecurityWeek.

Meet ShinySp1d3r: New Ransomware-as-a-Service created by ShinyHunters

An in-development build of the upcoming ShinySp1d3r ransomware-as-a-service platform has surfaced, offering a preview of the upcoming extortion operation. […]

WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide

A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, predominantly in Taiwan, the U.S., and Russia, to rope them into a massive network.
The router hijacking activity has been codenamed Operation WrtHug by SecurityScorecard’s STRIKE team. Southeast Asia and European countries are some of the other regions where infections have

Author: brangberg