VMware Workstation users report that the software’s automatic update functionality is broken after Broadcom redirected the download URL to its generic support page, triggering certificate errors. […]
OpenAI says Deep Research is coming to ChatGPT free “very soon”
OpenAI has confirmed that its powerful AI agent “Deep Research” will begin rolling out to free users “very soon.” At the moment, Deep Research is available only for Plus and Enterprise customers. […]
Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders
Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. […]
Phishing platform ‘Lucid’ behind wave of iOS, Android SMS attacks
A phishing-as-a-service (PhaaS) platform named ‘Lucid’ has been targeting 169 entities in 88 countries using well-crafted messages sent on iMessage (iOS) and RCS (Android). […]
Hackers abuse WordPress MU-Plugins to hide malicious code
Hackers are utilizing the WordPress mu-plugins (“Must-Use Plugins”) directory to stealthily run malicious code on every page while evading detection. […]
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp.
The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208.
“The threat actor deploys payloads primarily by means of
The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208.
“The threat actor deploys payloads primarily by means of
North Korean hackers adopt ClickFix attacks to target crypto firms
The notorious North Korean Lazarus hacking group has reportedly adopted ‘ClickFix’ tactics to deploy malware targeting job seekers in the cryptocurrency industry, particularly centralized finance (CeFi). […]
Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory
Sucuri has discovered multiple malware families deployed in the WordPress mu-plugins directory to evade routine security checks.
The post Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory appeared first on SecurityWeek.
Zero to Hero – A “Measured” Approach to Building a World-Class Offensive Security Program
A strong security program will sometimes require substantial organizational and cultural changes around security practices, and inevitably, a higher cost.
The post Zero to Hero – A “Measured” Approach to Building a World-Class Offensive Security Program appeared first on SecurityWeek.
Hacker Leaks Samsung Customer Data
Hacker leaks 270,000 customer tickets allegedly stolen from Samsung Germany using long-compromised credentials.
The post Hacker Leaks Samsung Customer Data appeared first on SecurityWeek.