LastPass is warning customers of a phishing campaign sending emails with an access request to the password vault as part of a legacy inheritance process. […]
Critical Windows Server WSUS Vulnerability Exploited in the Wild
CVE-2025-59287 allows a remote, unauthenticated attacker to execute arbitrary code and a PoC exploit is available.
The post Critical Windows Server WSUS Vulnerability Exploited in the Wild appeared first on SecurityWeek.
How to reduce costs with self-service password resets
Password resets account for nearly 40% of IT help desk calls, costing orgs time and money. Specops Software’s uReset lets users securely reset passwords with flexible MFA options like Duo, Okta, and Yubikey while enforcing identity verification to stop misuse. […]
APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign
A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT.
The activity, observed in August and September 2025 by Sekoia, has been attributed to Transparent Tribe (aka APT36), a state-sponsored hacking group known to be active since at least 2013. It also builds upon a prior
The activity, observed in August and September 2025 by Sekoia, has been attributed to Transparent Tribe (aka APT36), a state-sponsored hacking group known to be active since at least 2013. It also builds upon a prior
Hackers Target Perplexity Comet Browser Users
Shortly after the browser was launched, numerous fraudulent domains and fake applications were discovered.
The post Hackers Target Perplexity Comet Browser Users appeared first on SecurityWeek.
North Korean Hackers Aim at European Drone Companies
Lazarus has used fake job offers in attacks targeting companies developing UAV technology, for information theft.
The post North Korean Hackers Aim at European Drone Companies appeared first on SecurityWeek.
Mozilla: New Firefox extensions must disclose data collection practices
Starting next month, Mozilla will require Firefox extension developers to disclose whether their add-ons collect or share user data with third parties. […]
In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to Russia
Other noteworthy stories that might have slipped under the radar: Everest group takes credit for Collins Aerospace hack, Maryland launches VDP, gamers targeted with red teaming tool and RAT.
The post In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to Russia appeared first on SecurityWeek.
Toys ‘R’ Us Canada Customer Information Leaked Online
The customer information published on the dark web includes names, addresses, phone numbers, and email addresses.
The post Toys ‘R’ Us Canada Customer Information Leaked Online appeared first on SecurityWeek.
The Cybersecurity Perception Gap: Why Executives and Practitioners See Risk Differently
Does your organization suffer from a cybersecurity perception gap? Findings from the Bitdefender 2025 Cybersecurity Assessment suggest the answer is probably “yes” — and many leaders may not even realize it.
This disconnect matters. Small differences in perception today can evolve into major blind spots tomorrow. After all, perception influences what organizations prioritize, where they
This disconnect matters. Small differences in perception today can evolve into major blind spots tomorrow. After all, perception influences what organizations prioritize, where they