AWS S3 bucket names are global with predictable names that can be exploited in “S3 bucket namesquatting” attacks to access or hijack S3 buckets. In this article, Varonis explains how these attacks work and how you can prevent them. […]
Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign
The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems.
According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of
According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of
Cyber Insights 2025: OT Security
Just as OT technology differs from IT technology, the threats, likely adversaries, and potential harm also differ.
The post Cyber Insights 2025: OT Security appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 45 Deals Announced in January 2025
A significant number of cybersecurity-related merger and acquisition (M&A) deals announced in January 2025.
The post Cybersecurity M&A Roundup: 45 Deals Announced in January 2025 appeared first on SecurityWeek.
Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts
Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover (ATO) attacks on Microsoft 365 environments.
Enterprise security company Proofpoint said it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP responses from web servers with the goal of conducting ATO attacks.
“Originally sourced from public
Enterprise security company Proofpoint said it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP responses from web servers with the goal of conducting ATO attacks.
“Originally sourced from public
Riot Raises $30 Million for Employee Cybersecurity Solution
Riot has raised $30 million in Series B funding for a platform that helps employees improve their cybersecurity posture.
The post Riot Raises $30 Million for Employee Cybersecurity Solution appeared first on SecurityWeek.
Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks
A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan.
“This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector,” Seqrite Labs researcher Subhajeet Singha said in a technical report
“This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector,” Seqrite Labs researcher Subhajeet Singha said in a technical report
Abandoned Amazon S3 Buckets Enabled Attacks Against Governments, Big Firms
150 abandoned Amazon S3 buckets could have been leveraged to deliver malware or backdoors to governments and Fortune companies.
The post Abandoned Amazon S3 Buckets Enabled Attacks Against Governments, Big Firms appeared first on SecurityWeek.
New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack
Veeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems.
The vulnerability, tracked as CVE-2025-23114, carries a CVSS score of 9.0 out of 10.0.
“A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code
The vulnerability, tracked as CVE-2025-23114, carries a CVSS score of 9.0 out of 10.0.
“A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code
Russian Hackers Exploited 7-Zip Zero-Day Against Ukraine
Russian threat groups have been observed exploiting a zero-day vulnerability in 7-Zip against Ukrainian entities.
The post Russian Hackers Exploited 7-Zip Zero-Day Against Ukraine appeared first on SecurityWeek.