Researchers see dozens of fake DeepSeek websites used for credential phishing, cryptocurrency theft, and scams.
The post Fake DeepSeek Sites Used for Credential Phishing, Crypto Theft, Scams appeared first on SecurityWeek.
North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials
The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC).
The attacks commence with phishing emails containing a Windows shortcut (LNK) file that’s disguised as a Microsoft Office or PDF document.
The attacks commence with phishing emails containing a Windows shortcut (LNK) file that’s disguised as a Microsoft Office or PDF document.
Top 3 Ransomware Threats Active in 2025
You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: “Pay $2 million in Bitcoin within 48 hours or lose everything.”
And the worst part is that even after paying, there’s no guarantee you’ll get your data back. Many victims hand over the money, only to receive nothing in return, or worse, get
And the worst part is that even after paying, there’s no guarantee you’ll get your data back. Many victims hand over the money, only to receive nothing in return, or worse, get
7AI Raises $36 Million in Seed Funding for Agentic Security Platform
7AI has launched an agentic security platform, which uses AI agents to handle repetitive tasks, and raised $36 million in seed funding.
The post 7AI Raises $36 Million in Seed Funding for Agentic Security Platform appeared first on SecurityWeek.
Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices.
The vulnerabilities are listed below –
The vulnerabilities are listed below –
CVE-2025-20124 (CVSS score: 9.9) – An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote
Microsoft script updates bootable media for BlackLotus bootkit fixes
Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new “Windows UEFI CA 2023” certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year. […]
New Microsoft script updates Windows media with bootkit malware fixes
Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new “Windows UEFI CA 2023” certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year. […]
Semgrep Raises $100M for AI-Powered Code Security Platform
San Francisco application security startup raises $100 million in a Series D funding round led by Menlo Ventures.
The post Semgrep Raises $100M for AI-Powered Code Security Platform appeared first on SecurityWeek.
Researchers Link DeepSeek’s Blockbuster Chatbot to Chinese Telecom Banned From Doing Business in US
DeepSeek has computer code that could send some user login information to China Mobile.
The post Researchers Link DeepSeek’s Blockbuster Chatbot to Chinese Telecom Banned From Doing Business in US appeared first on SecurityWeek.
Robocallers posing as FCC fraud prevention team call FCC staff
The FCC has proposed a $4,492,500 fine against VoIP service provider Telnyx for allegedly allowing customers to make robocalls posing as fictitious FCC “Fraud Prevention Team,” by failing to comply with Know Your Customer (KYC) rules. However, Telnyx says the FCC is mistaken and denies the accusations. […]