OpenSSH has released security updates addressing two vulnerabilities, a machine-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago. […]
Juniper patches critical auth bypass in Session Smart routers
Juniper Networks has patched a critical vulnerability that allows attackers to bypass authentication and take over Session Smart Router (SSR) devices. […]
MirrorTab Raises $8.5M Seed Round to Take on Browser-Based Attacks
San Francisco startup secures $8.5 million in seed funding led by Valley Capital Partners to tackle browser-based malware attacks.
The post MirrorTab Raises $8.5M Seed Round to Take on Browser-Based Attacks appeared first on SecurityWeek.
Compliance Isn’t Security: Why a Checklist Won’t Stop Cyberattacks
Think you’re safe because you’re compliant? Think again. Recent studies continue to highlight the concerning trend that compliance with major security frameworks does not necessarily prevent data breaches. Learn more from Pentera on how automated security validation bridges the security gaps. […]
New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now
Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions.
The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below –
The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below –
CVE-2025-26465 – The OpenSSH client
Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks
The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems.
This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor’s malicious payload into an external process, waitfor.exe,
This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor’s malicious payload into an external process, waitfor.exe,
Finastra Starts Notifying People Impacted by Recent Data Breach
Financial software firm Finastra is notifying individuals whose personal information was stolen in a recent data breach.
The post Finastra Starts Notifying People Impacted by Recent Data Breach appeared first on SecurityWeek.
Critical Vulnerability Patched in Juniper Session Smart Router
A critical vulnerability tracked as CVE-2025-21589 has been patched in Juniper Networks’ Session Smart Router.
The post Critical Vulnerability Patched in Juniper Session Smart Router appeared first on SecurityWeek.
New FrigidStealer Malware Targets macOS Users via Fake Browser Updates
Cybersecurity researchers are alerting to a new campaign that leverages web injects to deliver a new Apple macOS malware known as FrigidStealer.
The activity has been attributed to a previously undocumented threat actor known as TA2727, with the information stealers for other platforms such as Windows (Lumma Stealer or DeerStealer) and Android (Marcher).
TA2727 is a “threat actor that uses fake
The activity has been attributed to a previously undocumented threat actor known as TA2727, with the information stealers for other platforms such as Windows (Lumma Stealer or DeerStealer) and Android (Marcher).
TA2727 is a “threat actor that uses fake
Singulr Launches With $10M in Funding for AI Security and Governance Platform
Singulr AI announced its launch with $10 million in seed funding raised for an enterprise AI security and governance platform.
The post Singulr Launches With $10M in Funding for AI Security and Governance Platform appeared first on SecurityWeek.