CISA and the FBI said attackers deploying Ghost ransomware have breached victims from multiple industry sectors across over 70 countries, including critical infrastructure organizations. […]
Phishing attack hides JavaScript using invisible Unicode trick
A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary values is being actively abused in phishing attacks targeting affiliates of an American political action committee (PAC). […]
New FrigidStealer infostealer infects Macs via fake browser updates
The FakeUpdate malware campaigns are increasingly becoming muddled, with two additional cybercrime groups tracked as TA2726 and TA2727, running campaigns that push a new macOS infostealer malware called FrigidStealer. […]
Australian fertility services giant Genea hit by security breach
​Genea, one of Australia’s largest fertility services providers, disclosed that unknown attackers breached its network and accessed data stored on compromised systems. […]
Hackers Exploit Signal’s Linked Devices Feature to Hijack Accounts via Malicious QR Codes
Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts.
“The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app’s legitimate ‘linked devices’ feature that enables Signal to be used on multiple
“The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app’s legitimate ‘linked devices’ feature that enables Signal to be used on multiple
Palo Alto Networks tags new firewall bug as exploited in attacks
Palo Alto Networks warns that hackers are actively exploiting a critical authentication bypass flaw (CVE-2025-0108) in PAN-OS firewalls, chaining it with two other vulnerabilities to breach devices in active attacks. […]
The Browser Blind Spot: Why Your Browser is the Next Cybersecurity Battleground
For years, defensive security strategies have focused on three core areas: network, endpoint, and email. Meanwhile, the browser, sits across all of them. This article examines three key areas where attackers focus their efforts and how browser-based attacks are evolving. […]
How Hackers Manipulate Agentic AI with Prompt Engineering
Organizations adopting the transformative nature of agentic AI are urged to take heed of prompt engineering tactics being practiced by threat actors.
The post How Hackers Manipulate Agentic AI with Prompt Engineering appeared first on SecurityWeek.
CISO Conversations: Kevin Winter at Deloitte and Richard Marcus at AuditBoard
SecurityWeek speaks with Kevin Winter, Global CISO at Deloitte, and Richard Marcus, CISO at AuditBoard.
The post CISO Conversations: Kevin Winter at Deloitte and Richard Marcus at AuditBoard appeared first on SecurityWeek.
Blockaid Raises $50 Million to Secure Blockchain Applications
Blockaid raises $50 million in Series B funding to scale operations to meet demand for its blockchain application security platform.
The post Blockaid Raises $50 Million to Secure Blockchain Applications appeared first on SecurityWeek.