Texas Attorney General Ken Paxton has filed a lawsuit against education software company PowerSchool, which suffered a massive data breach in December that exposed the personal information of 62 million students, including over 880,000 Texans. […]
GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam.
The attacks, per Slovak cybersecurity company ESET, led to the deployment of a passive C++ backdoor called Rungan and a native Internet Information Services (IIS) module
The attacks, per Slovak cybersecurity company ESET, led to the deployment of a passive C++ backdoor called Rungan and a native Internet Information Services (IIS) module
Chess.com discloses recent data breach via file transfer app
Chess.com has disclosed a data breach after threat actors gained unauthorized access to a third-party file transfer application used by the platform. […]
New TP-Link zero-day surfaces as CISA warns other flaws are exploited
TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as CISA warns that other router flaws have been exploited in attacks. […]
France slaps Google with €325M fine for violating cookie regulations
The French data protection authority has fined Google €325 million ($378 million) for violating cookie regulations and displaying ads between Gmail users’ emails without their consent. […]
Apple Seeks Researchers for 2026 iPhone Security Program
Security researchers interested in participating in the 2026 Apple Security Research Device program can apply until October 31.
The post Apple Seeks Researchers for 2026 iPhone Security Program appeared first on SecurityWeek.
6 browser-based attacks all security teams should be ready for in 2025
The browser is now the frontline for cyberattacks. From phishing kits and ClickFix lures to malicious OAuth apps and extensions, attackers are targeting the very place your employees access business-critical apps. Push Security explains how to defend where breaches begin. […]
Tire giant Bridgestone confirms cyberattack impacts manufacturing
Car tire giant Bridgestone confirms it is investigating a cyberattack that impacts the operation of some manufacturing facilities in North America. […]
AI Supply Chain Attack Method Demonstrated Against Google, Microsoft Products
An AI supply chain issue named Model Namespace Reuse can allow attackers to deploy malicious models and achieve code execution.
The post AI Supply Chain Attack Method Demonstrated Against Google, Microsoft Products appeared first on SecurityWeek.
US Offers $10 Million for Three Russian Energy Firm Hackers
Marat Tyukov, Mikhail Gavrilov, and Pavel Akulov targeted US critical infrastructure and over 500 energy companies in 135 countries.
The post US Offers $10 Million for Three Russian Energy Firm Hackers appeared first on SecurityWeek.