Google’s Threat Intelligence Group and Mandiant have shared findings on a recent BrickStorm campaign linked to UNC5221.
The post Chinese Spies Lurked in Networks for 393 Days, Hunted for Zero-Day Intel appeared first on SecurityWeek.
CSA Unveils SaaS Security Controls Framework to Ease Complexity
New framework from the Cloud Security Alliance helps SaaS customers navigate the shared responsibility model with confidence.
The post CSA Unveils SaaS Security Controls Framework to Ease Complexity appeared first on SecurityWeek.
Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds
The latest Gcore Radar report analyzing attack data from Q1–Q2 2025, reveals a 41% year-on-year increase in total attack volume. The largest attack peaked at 2.2 Tbps, surpassing the 2 Tbps record in late 2024. Attacks are growing not only in scale but in sophistication, with longer durations, multi-layered strategies, and a shift in target industries. Technology now overtakes gaming as the most
Volvo Group Employee Data Stolen in Ransomware Attack
The Miljödata data breach has impacted numerous organizations, education institutions, and Swedish municipalities.
The post Volvo Group Employee Data Stolen in Ransomware Attack appeared first on SecurityWeek.
Cisco Patches Zero-Day Flaw Affecting Routers and Switches
The security defect allows remote attackers with administrative privileges to execute arbitrary code as the root user.
The post Cisco Patches Zero-Day Flaw Affecting Routers and Switches appeared first on SecurityWeek.
Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed
Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and Ethereum wallet keys from source code.
The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased on May 25, 2025, amassing 8,424 downloads in total, according to software supply chain
The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased on May 25, 2025, amassing 8,424 downloads in total, according to software supply chain
Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software
Cisco has warned of a high-severity security flaw in IOS Software and IOS XE Software that could allow a remote attacker to execute arbitrary code or trigger a denial-of-service (DoS) condition under specific circumstances.
The company said the vulnerability, CVE-2025-20352 (CVSS score: 7.7), has been exploited in the wild, adding it became aware of it “after local Administrator credentials were
The company said the vulnerability, CVE-2025-20352 (CVSS score: 7.7), has been exploited in the wild, adding it became aware of it “after local Administrator credentials were
New Supermicro BMC flaws can create persistent backdoors
Two vulnerabilities affecting the firmware of Supermicro hardware, including Baseboard Management Controller (BMC) allow attackers to update systems with maliciously crafted images. […]
OpenAI is testing a new GPT-5-based AI agent “GPT-Alpha”
OpenAI is internally testing a new version of its AI agent, which uses a special version of GPT-5 dubbed “GPT-Alpha.” […]
Kali Linux 2025.3 released with 10 new tools, wifi enhancements
Kali Linux has released version 2025.3, the third version of 2025, featuring ten new tools, Nexmon support, and NetHunter improvements. […]