Palo Alto Networks has released patches for seven vulnerabilities and incorporated the latest Chrome fixes in its products.
The post Palo Alto Networks Patches Privilege Escalation Vulnerabilities appeared first on SecurityWeek.
Interpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims Notified
Interpol has announced a crackdown on infostealer malware in Asia as part of an effort called Operation Secure.
The post Interpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims Notified appeared first on SecurityWeek.
ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks
ConnectWise has disclosed that it’s planning to rotate the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management (RMM) executables due to security concerns.
The company said it’s doing so “due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions.
The company said it’s doing so “due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions.
Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool
Cybersecurity researchers have uncovered a new account takeover (ATO) campaign that leverages an open-source penetration testing framework called TeamFiltration to breach Microsoft Entra ID (formerly Azure Active Directory) user accounts.
The activity, codenamed UNK_SneakyStrike by Proofpoint, has affected over 80,000 targeted user accounts across hundreds of organizations’ cloud tenants since a
The activity, codenamed UNK_SneakyStrike by Proofpoint, has affected over 80,000 targeted user accounts across hundreds of organizations’ cloud tenants since a
With Retail Cyberattacks on the Rise, Customers Find Orders Blocked and Shelves Empty
Beyond potentially halting sales of physical goods, breaches can expose customers’ personal data to future phishing or fraud attempts.
The post With Retail Cyberattacks on the Rise, Customers Find Orders Blocked and Shelves Empty appeared first on SecurityWeek.
ChatGPT o3 API 80% price drop has no impact on performance
ChatGPT o3, which has been available via API, is now 80% cheaper for developers, and there’s no visible impact on performance. […]
SmartAttack uses smartwatches to steal data from air-gapped systems
A new attack dubbed ‘SmartAttack’ uses smartwatches as a covert ultrasonic signal receiver to exfiltrate data from physically isolated (air-gapped) systems. […]
Erie Insurance confirms cyberattack behind business disruptions
Erie Insurance and Erie Indemnity Company have disclosed that a weekend cyberattack is behind the recent business disruptions and platform outages on its website. […]
Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot
A new attack dubbed ‘EchoLeak’ is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user’s context without interaction. […]
Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks
Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access to target networks.
“Recently, attackers have introduced Python script execution alongside these techniques, using cURL requests to fetch and deploy malicious payloads,” ReliaQuest said in a report
“Recently, attackers have introduced Python script execution alongside these techniques, using cURL requests to fetch and deploy malicious payloads,” ReliaQuest said in a report