Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices. […]
Education giant Pearson hit by cyberattack exposing customer data
Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. […]
Supply chain attack hits npm package with 45,000 weekly downloads
An npm package named ‘rand-user-agent’ has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user’s system. […]
Malicious PyPi package hides RAT malware, targets Discord devs since 2022
A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years. […]
Kickidler employee monitoring software abused in ransomware attacks
Ransomware operations are using legitimate Kickidler employee monitoring software for reconnaissance, tracking their victims’ activity, and harvesting credentials after breaching their networks. […]
38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
Cybersecurity researchers have exposed what they say is an “industrial-scale, global cryptocurrency phishing operation” engineered to steal digital assets from cryptocurrency wallets for several years.
The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin.
“FreeDrain uses SEO manipulation, free-tier web services (like gitbook.io, webflow.io, and github.io
The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin.
“FreeDrain uses SEO manipulation, free-tier web services (like gitbook.io, webflow.io, and github.io
VC giant Insight Partners confirms investor data stolen in breach
Venture capital firm Insight Partners has confirmed that sensitive data for employees and limited partners was stolen in a January 2025 cyberattack. […]
Valarian Bags $20M Seed Capital for ‘Isolation-First’ Infrastructure Tech
British startup exits stealth with $20 million in seed-stage financing led by US investors Scout Ventures and Artis Ventures.
The post Valarian Bags $20M Seed Capital for ‘Isolation-First’ Infrastructure Tech appeared first on SecurityWeek.
SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root
SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code execution.
The vulnerabilities are listed below –
The vulnerabilities are listed below –
CVE-2025-32819 (CVSS score: 8.8) – A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user privileges to bypass the path traversal checks and delete an
Europol Announces More DDoS Service Takedowns, Arrests
Four people have been arrested in Poland and several websites associated with DDoS-for-hire services have been shut down.
The post Europol Announces More DDoS Service Takedowns, Arrests appeared first on SecurityWeek.