Not every “critical” vulnerability is a critical risk. Picus Exposure Validation cuts through the noise by testing what’s actually exploitable in your environment — so you can patch what matters. […]
Ongoing Campaign Uses 60 NPM Packages to Steal Data
Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information.
The post Ongoing Campaign Uses 60 NPM Packages to Steal Data appeared first on SecurityWeek.
Dutch Intelligence Agencies Say Russian Hackers Stole Police Data in Cyberattack
The agencies said that the group, which they called Laundry Bear, is actively trying to steal sensitive data from EU and NATO countries and is “extremely likely Russian state supported.”
The post Dutch Intelligence Agencies Say Russian Hackers Stole Police Data in Cyberattack appeared first on SecurityWeek.
MATLAB dev confirms ransomware attack behind service outage
MathWorks, a leading developer of mathematical computing and simulation software, has revealed that a recent ransomware attack is behind an ongoing service outage. […]
Inside the $111 Billion Cloud Security Market: Acquisition, Expansion, and Where to Aim Next
As cloud security spending surges to $111 billion, new data highlights Microsoft’s dominance, the U.S. market’s outsized role, and Google’s strategic acquisition of Wiz.
The post Inside the $111 Billion Cloud Security Market: Acquisition, Expansion, and Where to Aim Next appeared first on SecurityWeek.
Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages
Microsoft has shed light on a previously undocumented cluster of threat activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry Bear) that it said is attributed to “worldwide cloud abuse.”
Active since at least April 2024, the hacking group is linked to espionage operations mainly targeting organizations that are important to Russian government objectives,
Active since at least April 2024, the hacking group is linked to espionage operations mainly targeting organizations that are important to Russian government objectives,
Russian Void Blizzard cyberspies linked to Dutch police breach
A previously unknown Russian-backed cyberespionage group now tracked as Void Blizzard has been linked to a September 2024 Dutch police security breach. […]
AI Agents and the Non‑Human Identity Crisis: How to Deploy AI More Securely at Scale
Artificial intelligence is driving a massive shift in enterprise productivity, from GitHub Copilot’s code completions to chatbots that mine internal knowledge bases for instant answers. Each new agent must authenticate to other services, quietly swelling the population of non‑human identities (NHIs) across corporate clouds.
That population is already overwhelming the enterprise: many companies
That population is already overwhelming the enterprise: many companies
Law Firms Warned of Silent Ransom Group Attacks
The FBI warns US law firms that the Silent Ransom Group (SRG) has been constantly targeting the legal industry.
The post Law Firms Warned of Silent Ransom Group Attacks appeared first on SecurityWeek.
Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers
Threat hunters have exposed a novel campaign that makes use of search engine optimization (SEO) poisoning techniques to target employee mobile devices and facilitate payroll fraud.
The activity, first detected by ReliaQuest in May 2025 targeting an unnamed customer in the manufacturing sector, is characterized by the use of fake login pages to access the employee payroll portal and redirect
The activity, first detected by ReliaQuest in May 2025 targeting an unnamed customer in the manufacturing sector, is characterized by the use of fake login pages to access the employee payroll portal and redirect