A U.S. federal jury has ordered Israeli spyware vendor NSO Group to pay WhatsApp $167,254,000 in punitive damages and $444,719 in compensatory damages for a 2019 campaign that targeted 1,400 users of the communication app. […]
Doubling down: How Universal 2nd Factor (U2F) boosts online security
Passwords alone aren’t cutting it—31% of breaches involve stolen credentials. Learn from Specops Software about how Universal 2nd Factor (U2F) and strong password policies can work together to keep your organization secure. […]
Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks
Europol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks across the world.
In connection with the operation, Polish authorities have arrested four individuals and the United States has seized nine domains that are associated with the now-defunct platforms.
“The suspects are believed to be behind six separate
In connection with the operation, Polish authorities have arrested four individuals and the United States has seized nine domains that are associated with the now-defunct platforms.
“The suspects are believed to be behind six separate
OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws
A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82.
“This is due to the create_wp_connection() function missing a capability check and
The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82.
“This is due to the create_wp_connection() function missing a capability check and
Medical device maker Masimo warns of cyberattack, manufacturing delays
Medical device company Masimo Corporation warns that a cyberattack is impacting production operations and causing delays in fulfilling customers’ orders. […]
CISA warns of hackers targeting critical oil infrastructure
CISA warned critical infrastructure organizations of “unsophisticated” threat actors actively targeting the U.S. oil and natural gas sectors. […]
US Sanctions Myanmar Militia Involved in Cyber Scams
The US has sanctioned Myanmar warlord Saw Chit Thu and his militia for their roles in cyber scams causing billions in losses to American victims.
The post US Sanctions Myanmar Militia Involved in Cyber Scams appeared first on SecurityWeek.
SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version
Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges.
The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity (XXE) injections, which occur when an attacker is
The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity (XXE) injections, which occur when an attacker is
Spyware Maker NSO Ordered to Pay $167 Million Over WhatsApp Hack
Meta has won its WhatsApp hacking lawsuit against Israeli spyware company NSO Group in an “important step forward for privacy and security”.
The post Spyware Maker NSO Ordered to Pay $167 Million Over WhatsApp Hack appeared first on SecurityWeek.
Police takes down six DDoS-for-hire services, arrests admins
Polish authorities have detained four suspects linked to six DDoS-for-hire platforms, believed to have facilitated thousands of attacks targeting schools, government services, businesses, and gaming platforms worldwide since 2022. […]