Microsoft says some Windows users might be unable to log into their accounts via Windows Hello after installing the April 2025 security updates. […]
Phishing kits now vet victims in real-time before stealing credentials
Phishing actors are employing a new evasion tactic called ‘Precision-Validated Phishing’ that only shows fake login forms when a user enters an email address that the threat actors specifically targeted. […]
Police detains Smokeloader malware customers, seizes servers
In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet’s customers and detained at least five individuals. […]
Qevlar AI Raises $10 Million for Autonomous Investigation Platform
French cybersecurity startup Qevlar AI has raised $10 million in a funding round led by EQT Ventures and Forgepoint Capital International.
The post Qevlar AI Raises $10 Million for Autonomous Investigation Platform appeared first on SecurityWeek.
Treasury’s OCC Says Hackers Had Access to 150,000 Emails
The Office of the Comptroller of the Currency (OCC) has disclosed an email security incident in which 100 accounts were compromised for over a year.
The post Treasury’s OCC Says Hackers Had Access to 150,000 Emails appeared first on SecurityWeek.
New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner
A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware codenamed TCESB.
“Previously unseen in ToddyCat attacks, [TCESB] is designed to stealthily execute payloads in circumvention of protection and monitoring tools installed on the device,” Kaspersky said in an
“Previously unseen in ToddyCat attacks, [TCESB] is designed to stealthily execute payloads in circumvention of protection and monitoring tools installed on the device,” Kaspersky said in an
CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days
CISA has added fresh CentreStack and Windows CLFS vulnerabilities to the Known Exploited Vulnerabilities catalog.
The post CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days appeared first on SecurityWeek.
Vulnerabilities Patched by Ivanti, VMware, Zoom
Ivanti, VMware, and Zoom released fixes for dozens of vulnerabilities in their products on April 2025 Patch Tuesday.
The post Vulnerabilities Patched by Ivanti, VMware, Zoom appeared first on SecurityWeek.
Fortinet Patches Critical FortiSwitch Vulnerability
Fortinet fixes a critical-severity bug in FortiSwitch that could allow an attacker to modify administrative passwords.
The post Fortinet Patches Critical FortiSwitch Vulnerability appeared first on SecurityWeek.
Explosive Growth of Non-Human Identities Creating Massive Security Blind Spots
GitGuardian’s State of Secrets Sprawl report for 2025 reveals the alarming scale of secrets exposure in modern software environments. Driving this is the rapid growth of non-human identities (NHIs), which have been outnumbering human users for years. We need to get ahead of it and prepare security measures and governance for these machine identities as they continue to be deployed, creating an