Cybersecurity company F5 has released security updates to address BIG-IP vulnerabilities stolen in a breach detected on August 9, 2025. […]
Chinese Threat Group ‘Jewelbug’ Quietly Infiltrated Russian IT Network for Months
A threat actor with ties to China has been attributed to a five-month-long intrusion targeting a Russian IT service provider, marking the hacking group’s expansion to the country beyond Southeast Asia and South America.
The activity, which took place from January to May 2025, has been attributed by Broadcom-owned Symantec to a threat actor it tracks as Jewelbug, which it said overlaps with
The activity, which took place from January to May 2025, has been attributed by Broadcom-owned Symantec to a threat actor it tracks as Jewelbug, which it said overlaps with
SecurityWeek to Host 2025 ICS Cybersecurity Conference October 27-30 in Atlanta
Premier industrial cybersecurity conference Offers 70+ sessions, five training courses, and and ICS Village CTF competition.
The post SecurityWeek to Host 2025 ICS Cybersecurity Conference October 27-30 in Atlanta appeared first on SecurityWeek.
F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion
U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP’s source code and information related to undisclosed vulnerabilities in the product.
It attributed the activity to a “highly sophisticated nation-state threat actor,” adding the adversary maintained long-term, persistent access to its network. The
It attributed the activity to a “highly sophisticated nation-state threat actor,” adding the adversary maintained long-term, persistent access to its network. The
Microsoft: Sept Windows Server updates cause Active Directory issues
Microsoft has confirmed that the September 2025 security updates are causing Active Directory issues on Windows Server 2025 systems. […]
Clothing giant MANGO discloses data breach exposing customer info
Spanish fashion retailer MANGO is sending notices of a data breach to its customers, warning that its marketing vendor suffered a compromise exposing personal data. […]
F5 Blames Nation-State Hackers for Theft of Source Code and Vulnerability Data
F5 has not shared too much information on the threat actor, but the attack profile seems to point to China.
The post F5 Blames Nation-State Hackers for Theft of Source Code and Vulnerability Data appeared first on SecurityWeek.
Webinar Today: Fact vs. Fiction – The Truth About API Security
Get practical guidance to protect APIs against the threats attackers are using right now.
The post Webinar Today: Fact vs. Fiction – The Truth About API Security appeared first on SecurityWeek.
Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks
New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk.
“A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension update across the entire install base,”
“A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension update across the entire install base,”
How to spot dark web threats on your network using NDR
Dark web activity can hide in plain sight within everyday network traffic. Corelight’s NDR platform brings deep visibility, AI-driven detection, and behavioral analytics to uncover hidden threats across your network. […]