A Chinese threat actor exploited the video conferencing platform to perform reconnaissance, escalate privileges, and execute additional payloads.
The post TrueConf Zero-Day Exploited in Asian Government Attacks appeared first on SecurityWeek.
Category Added in a WPeMatico Campaign
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Other noteworthy stories that might have slipped under the radar: Symantec vulnerability, anti-ClickFix mechanism added to macOS, FBI hack classified as major incident.
The post In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware appeared first on SecurityWeek.
Critical ShareFile Flaws Lead to Unauthenticated RCE
The vulnerabilities can be chained together to bypass authentication and upload arbitrary files to the server.
The post Critical ShareFile Flaws Lead to Unauthenticated RCE appeared first on SecurityWeek.
Mobile Attack Surface Expands as Enterprises Lose Control
Shadow AI embedded in everyday apps, combined with outdated mobile devices and zero-click exploits, is creating a new and largely unseen mobile risk.
The post Mobile Attack Surface Expands as Enterprises Lose Control appeared first on SecurityWeek.
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
Using automated scanning and the Nexus Listener collection framework, the hackers compromised over 750 systems.
The post React2Shell Exploited in Large-Scale Credential Harvesting Campaign appeared first on SecurityWeek.
T-Mobile Sets the Record Straight on Latest Data Breach Filing
The cybersecurity incident involved an insider and had a limited impact, the telecoms giant told SecurityWeek.
The post T-Mobile Sets the Record Straight on Latest Data Breach Filing appeared first on SecurityWeek.
North Korean Hackers Drain $285 Million From Drift in 10 Seconds
The attackers prepared infrastructure and multiple nonce-based transactions, took over an admin key, and drained five vaults.
The post North Korean Hackers Drain $285 Million From Drift in 10 Seconds appeared first on SecurityWeek.
Critical Vulnerability in Claude Code Emerges Days After Source Leak
Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found by Adversa AI.
The post Critical Vulnerability in Claude Code Emerges Days After Source Leak appeared first on SecurityWeek.
Apple Rolls Out DarkSword Exploit Protection to More Devices
The DarkSword exploit kit has been used by both state-sponsored hackers and commercial spyware vendors.
The post Apple Rolls Out DarkSword Exploit Protection to More Devices appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 38 Deals Announced in March 2026
Significant cybersecurity M&A deals announced by Airbus, Cellebrite, Databricks, Quantum eMotion, Rapid7, and OpenAI.
The post Cybersecurity M&A Roundup: 38 Deals Announced in March 2026 appeared first on SecurityWeek.