The ‘Crimson Collective’ threat group has been targeting AWS (Amazon Web Services) cloud environments for the past weeks, to steal data and extort companies. […]
Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks
Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites.
“Site visitors get injected content that was drive-by malware like fake Cloudflare verification,” Sucuri researcher Puja Srivastava said in an analysis published last week.
The website security company
“Site visitors get injected content that was drive-by malware like fake Cloudflare verification,” Sucuri researcher Puja Srivastava said in an analysis published last week.
The website security company
AI Takes Center Stage at DataTribe’s Cyber Innovation Day
From defending AI agents to teaching robots to move safely, finalists at this year’s DataTribe Challenge are charting the next frontier in cybersecurity innovation.
The post AI Takes Center Stage at DataTribe’s Cyber Innovation Day appeared first on SecurityWeek.
Will AI-SPM Become the Standard Security Layer for Safe AI Adoption?
How security posture management for AI can protect against model poisoning, excessive agency, jailbreaking and other LLM risks.
The post Will AI-SPM Become the Standard Security Layer for Safe AI Adoption? appeared first on SecurityWeek.
Hackers exploit auth bypass in Service Finder WordPress theme
Threat actors are actively exploiting a critical vulnerability in the Service Finder WordPress theme that allows them to bypass authentication and log in as administrators. […]
London police arrests suspects linked to nursery breach, child doxing
The UK Metropolitan Police has arrested two suspects following an investigation into the doxing of children online after a ransomware attack on a chain of London-based nurseries. […]
Virtual Event Today: Zero Trust & Identity Strategies Summit
Join the virtual event we dive into the world of digital identity management and the role of zero-trust principles and associated technologies.
The post Virtual Event Today: Zero Trust & Identity Strategies Summit appeared first on SecurityWeek.
Defend the Target, Not Just the Door: A Modern Plan for Google Workspace
The Salesloft Drift breach shows attackers don’t need to “hack Google” — they just need to breach a trusted integration. Learn from Material Security how to secure OAuth, detect risky behavior, and protect data in Google Workspace. […]
Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave
Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to targets.
The activity, observed by cybersecurity company Huntress in August 2025, is characterized by the use of an unusual technique called log poisoning (aka log injection) to plant a web shell on a web
The activity, observed by cybersecurity company Huntress in August 2025, is characterized by the use of an unusual technique called log poisoning (aka log injection) to plant a web shell on a web
Google DeepMind’s New AI Agent Finds and Fixes Vulnerabilities
The new product is called CodeMender and it can rewrite vulnerable code to prevent future exploits.
The post Google DeepMind’s New AI Agent Finds and Fixes Vulnerabilities appeared first on SecurityWeek.