Internet services giant Cloudflare says it mitigated a record number of DDoS attacks in 2024, recording a massive 358% year-over-year jump and a 198% quarter-over-quarter increase. […]
4 Million Affected by VeriSource Data Breach
VeriSource Services says the personal information of 4 million people was compromised in a February 2024 cyberattack.
The post 4 Million Affected by VeriSource Data Breach appeared first on SecurityWeek.
⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More
What happens when cybercriminals no longer need deep skills to breach your defenses? Today’s attackers are armed with powerful tools that do the heavy lifting — from AI-powered phishing kits to large botnets ready to strike. And they’re not just after big corporations. Anyone can be a target when fake identities, hijacked infrastructure, and insider tricks are used to slip past security
Critical Vulnerabilities Found in Planet Technology Industrial Networking Products
Planet Technology industrial switches and network management products are affected by several critical vulnerabilities.
The post Critical Vulnerabilities Found in Planet Technology Industrial Networking Products appeared first on SecurityWeek.
How Breaches Start: Breaking Down 5 Real Vulns
Not every security vulnerability is high risk on its own – but in the hands of an advanced attacker, even small weaknesses can escalate into major breaches. These five real vulnerabilities, uncovered by Intruder’s bug-hunting team, reveal how attackers turn overlooked flaws into serious security incidents.
1. Stealing AWS Credentials with a Redirect
1. Stealing AWS Credentials with a Redirect
Server-Side Request Forgery (SSRF) is a
RSA Conference 2025 – Pre-Event Announcements Summary (Part 3)
Hundreds of companies are showcasing their products and services this week at the 2025 edition of the RSA Conference in San Francisco.
The post RSA Conference 2025 – Pre-Event Announcements Summary (Part 3) appeared first on SecurityWeek.
African Telecom Giant MTN Group Discloses Data Breach
MTN Group says the personal information of certain customers was compromised in a cybersecurity incident.
The post African Telecom Giant MTN Group Discloses Data Breach appeared first on SecurityWeek.
Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools
Government and telecommunications sectors in Southeast Asia have become the target of a “sophisticated” campaign undertaken by a new advanced persistent threat (APT) group called Earth Kurma since June 2024.
The attacks, per Trend Micro, have leveraged custom malware, rootkits, and cloud storage services for data exfiltration. The Philippines, Vietnam, Thailand, and Malaysia are among the
The attacks, per Trend Micro, have leveraged custom malware, rootkits, and cloud storage services for data exfiltration. The Philippines, Vietnam, Thailand, and Malaysia are among the
Oregon Agency Won’t Say If Hackers Stole Data in Cyberattack
Oregon’s environmental agency won’t say if a group of hackers stole data in a cyberattack that was first announced earlier this month.
The post Oregon Agency Won’t Say If Hackers Stole Data in Cyberattack appeared first on SecurityWeek.
WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors
Cybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a “critical patch” but deploy a backdoor instead.
WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running
WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running