The Medusa ransomware relies on a malicious Windows driver to disable the security tools running on the infected systems.
The post Medusa Ransomware Uses Malicious Driver to Disable Security Tools appeared first on SecurityWeek.
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects.
That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad
That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad
VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware
Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that’s under development to its users.
The extensions, named “ahban.shiba” and “ahban.cychelloworld,” have since been taken down by the marketplace maintainers.
Both the extensions, per ReversingLabs, incorporate code that’s designed to invoke a
The extensions, named “ahban.shiba” and “ahban.cychelloworld,” have since been taken down by the marketplace maintainers.
Both the extensions, per ReversingLabs, incorporate code that’s designed to invoke a
How to Balance Password Security Against User Experience
If given the choice, most users are likely to favor a seamless experience over complex security measures, as they don’t prioritize strong password security. However, balancing security and usability doesn’t have to be a zero-sum game. By implementing the right best practices and tools, you can strike a balance between robust password security and a frictionless user experience (UX).
This article
This article
NetSfere Launches Quantum-Resilient Messaging Platform for Enterprise and Government Use
NetSfere Integrates ML-KEM and AES into its text, voice and video messaging platform to meet 2027 NSA Quantum Security mandates.
The post NetSfere Launches Quantum-Resilient Messaging Platform for Enterprise and Government Use appeared first on SecurityWeek.
Albabat Ransomware Expands Targets, Abuses GitHub
New versions of the Albabat ransomware target Windows, Linux, and macOS, and retrieve configuration files from GitHub.
The post Albabat Ransomware Expands Targets, Abuses GitHub appeared first on SecurityWeek.
Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions.
The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0.
“Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops,” Next.js said in an
The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0.
“Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops,” Next.js said in an
Encrypted Messaging Apps Promise Privacy. Government Transparency Is Often the Price
Public officials and private citizens are consistently warned about hacking and data leaks, but technologies designed to increase privacy often decrease government transparency.
The post Encrypted Messaging Apps Promise Privacy. Government Transparency Is Often the Price appeared first on SecurityWeek.
Google Gemini’s Astra (screen sharing) rolls out on Android for some users
At MWC 2025, Google confirmed it was working on screen and video share capabilities for Gemini Live, codenamed “Project Astra”. At that time, Google promised that the feature would begin rolling out soon, and now some users have spotted it in the wild. […]
FBI warnings are true—fake file converters do push malware
The FBI is warning that fake online document converters are being used to steal people’s information and, in worst-case scenarios, lead to ransomware attacks. […]