CVE-2025-24016, a critical remote code execution vulnerability affecting Wazuh servers, has been exploited by Mirai botnets.
The post Mirai Botnets Exploiting Wazuh Security Platform Vulnerability appeared first on SecurityWeek.
React Native Aria Packages Backdoored in Supply Chain Attack
A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.
The post React Native Aria Packages Backdoored in Supply Chain Attack appeared first on SecurityWeek.
Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems
Two malicious NPM packages contain code that would delete production systems when triggered with the right credentials.
The post Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems appeared first on SecurityWeek.
Grocery wholesale giant United Natural Foods hit by cyberattack
United Natural Foods (UNFI), North America’s largest publicly traded wholesale distributor, was forced to shut down some systems following a recent cyberattack. […]
iMessage Zero-Click Attacks Suspected in Targeting of High-Value EU, US Individuals
iVerify links iPhone crashes to sophisticated zero-click attacks via iMessage targeting individuals involved in politics in the EU and US.
The post iMessage Zero-Click Attacks Suspected in Targeting of High-Value EU, US Individuals appeared first on SecurityWeek.
⚡ Weekly Recap: Chrome 0-Day, Data Wipers, Misused Tools and Zero-Click iPhone Attacks
Behind every security alert is a bigger story. Sometimes it’s a system being tested. Sometimes it’s trust being lost in quiet ways—through delays, odd behavior, or subtle gaps in control.
This week, we’re looking beyond the surface to spot what really matters. Whether it’s poor design, hidden access, or silent misuse, knowing where to look can make all the difference.
If you’re responsible for
This week, we’re looking beyond the surface to spot what really matters. Whether it’s poor design, hidden access, or silent misuse, knowing where to look can make all the difference.
If you’re responsible for
Think Your IdP or CASB Covers Shadow IT? These 5 Risks Prove Otherwise
You don’t need a rogue employee to suffer a breach.
All it takes is a free trial that someone forgot to cancel. An AI-powered note-taker quietly syncing with your Google Drive. A personal Gmail account tied to a business-critical tool. That’s shadow IT. And today, it’s not just about unsanctioned apps, but also dormant accounts, unmanaged identities, over-permissioned SaaS
All it takes is a free trial that someone forgot to cancel. An AI-powered note-taker quietly syncing with your Google Drive. A personal Gmail account tied to a business-critical tool. That’s shadow IT. And today, it’s not just about unsanctioned apps, but also dormant accounts, unmanaged identities, over-permissioned SaaS
US Seeks Forfeiture of $7.74M in Cryptocurrency Tied to North Korean IT Workers
The US is seeking the forfeiture of $7.74 million in cryptocurrency in frozen wallets tied to North Korean fake IT workers schemes.
The post US Seeks Forfeiture of $7.74M in Cryptocurrency Tied to North Korean IT Workers appeared first on SecurityWeek.
Nigerian Involved in Hacking US Tax Preparation Firms Sentenced to Prison
Kingsley Uchelue Utulu has been sentenced to more than 5 years in prison for his role in a scheme that involved hacking, fraud and identity theft.
The post Nigerian Involved in Hacking US Tax Preparation Firms Sentenced to Prison appeared first on SecurityWeek.
Trump Cybersecurity Executive Order Targets Digital Identity, Sanctions Policies
President Trump says his new cybersecurity executive order amends problematic elements of Biden- and Obama-era executive orders.
The post Trump Cybersecurity Executive Order Targets Digital Identity, Sanctions Policies appeared first on SecurityWeek.