The UK’s National Crime Agency has arrested a suspect linked to a ransomware attack that is causing widespread disruptions across European airports. […]
Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models
Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the system to artificial intelligence (AI) model tampering and supply chain risks.
The critical-rated vulnerabilities in question, discovered by Trend Micro, are listed below –
The critical-rated vulnerabilities in question, discovered by Trend Micro, are listed below –
CVE-2025-10643 (CVSS score: 9.1) – An authentication bypass vulnerability that
PyPI urges users to reset credentials after new phishing attacks
The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. […]
GitHub notifications abused to impersonate Y Combinator for crypto theft
A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y Combinator (YC) W2026 program. […]
GeoServer Flaw Exploited in US Federal Agency Hack
The hackers remained undetected for three weeks, deploying China Chopper, remote access scripts, and reconnaissance tools.
The post GeoServer Flaw Exploited in US Federal Agency Hack appeared first on SecurityWeek.
European Airport Cyberattack Linked to Obscure Ransomware, Suspect Arrested
Cybersecurity researchers believe the attack on Collins Aerospace involved a piece of ransomware known as HardBit.
The post European Airport Cyberattack Linked to Obscure Ransomware, Suspect Arrested appeared first on SecurityWeek.
How One Bad Password Ended a 158-Year-Old Business
Most businesses don’t make it past their fifth birthday – studies show that roughly 50% of small businesses fail within the first five years. So when KNP Logistics Group (formerly Knights of Old) celebrated more than a century and a half of operations, it had mastered the art of survival. For 158 years, KNP adapted and endured, building a transport business that operated 500 trucks
New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus
Cybersecurity researchers have disclosed details of a new malware family dubbed YiBackdoor that has been found to share “significant” source code overlaps with IcedID and Latrodectus.
“The exact connection to YiBackdoor is not yet clear, but it may be used in conjunction with Latrodectus and IcedID during attacks,” Zscaler ThreatLabz said in a Tuesday report. “YiBackdoor is able to execute
“The exact connection to YiBackdoor is not yet clear, but it may be used in conjunction with Latrodectus and IcedID during attacks,” Zscaler ThreatLabz said in a Tuesday report. “YiBackdoor is able to execute
iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks
Think payment iframes are secure by design? Think again. Sophisticated attackers have quietly evolved malicious overlay techniques to exploit checkout pages and steal credit card data by bypassing the very security policies designed to stop them.
Download the complete iframe security guide here.
TL;DR: iframe Security Exposed
Payment iframes are being actively exploited by attackers using
Download the complete iframe security guide here.
TL;DR: iframe Security Exposed
Payment iframes are being actively exploited by attackers using
GitHub Boosting Security in Response to NPM Supply Chain Attacks
GitHub will implement local publishing with mandatory 2FA, granular tokens that expire after seven days, and trusted publishing.
The post GitHub Boosting Security in Response to NPM Supply Chain Attacks appeared first on SecurityWeek.