brangberg – Page 930

Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks

Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer.
“The campaign is global, with Netskope Threat Labs tracking victims targeted in Argentina, Colombia, the United States, the Philippines, and other countries around the world,” Leandro Fróes, senior threat research engineer at

Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads

An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads.
The findings come from SentinelOne, which analyzed artifacts uploaded to the VirusTotal malware scanning platform by the same submitter towards the end of December 2024.
“These two payload samples are

Axoflow Raises $7 Million for Security Data Curation Platform

Security data pipeline management startup Axoflow has raised $7 million in a seed funding round led by EBRD Venture Capital.

The post Axoflow Raises $7 Million for Security Data Curation Platform appeared first on SecurityWeek.

Homebrew macOS Users Targeted With Information Stealer Malware

A malicious campaign has been redirecting macOS users to a fake Homebrew website, infecting them with information stealer malware.

The post Homebrew macOS Users Targeted With Information Stealer Malware appeared first on SecurityWeek.

Tesla Charger Exploits Earn Hackers $129,000 at Pwn2Own

Hackers earned more than $700,000 on the first two days of Pwn2Own Automotive 2025 for EV charger and infotainment exploits.

The post Tesla Charger Exploits Earn Hackers $129,000 at Pwn2Own appeared first on SecurityWeek.

Cisco Patches Critical Vulnerability in Meeting Management

Cisco has released patches for three vulnerabilities, including a critical privilege escalation bug and a DoS flaw for which exploit code exists.

The post Cisco Patches Critical Vulnerability in Meeting Management appeared first on SecurityWeek.

SonicWall Learns From Microsoft About Potentially Exploited Zero-Day

SonicWall has credited Microsoft for reporting CVE-2025-23006, a critical remote command execution vulnerability possibly exploited in the wild.

The post SonicWall Learns From Microsoft About Potentially Exploited Zero-Day appeared first on SecurityWeek.

How to Eliminate Identity-Based Threats

Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based attacks continue to dominate as the leading cause of security incidents, the common approach to identity security threats is still threat reduction, implementing layers of

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day.
The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system.
“Pre-authentication deserialization of untrusted data vulnerability has been identified in the

New Research: The State of Web Exposure 2025

Are your websites leaking sensitive data? New research reveals that 45% of third-party apps access user info without proper authorization, and 53% of risk exposures in Retail are due to the excessive use of tracking tools. Learn how to uncover and mitigate these hidden threats and risks—download the full report here.
New research by web exposure management specialist Reflectiz reveals several

Author: brangberg