A fake torrent for Leonardo DiCaprio’s ‘One Battle After Another’ hides malicious PowerShell malware loaders inside subtitle files that ultimately infect devices with the Agent Tesla RAT malware. […]
In Other News: PromptPwnd Attack, Small macOS Bounties, Chinese Hackers Trained in Cisco Academy
Other noteworthy stories that might have slipped under the radar: Pentagon orders accelerated move to PQC, US shuts down scheme to smuggle GPUs to China, DroidLock Android ransomware.
The post In Other News: PromptPwnd Attack, Small macOS Bounties, Chinese Hackers Trained in Cisco Academy appeared first on SecurityWeek.
Kali Linux 2025.4 released with 3 new tools, desktop updates
Kali Linux has released version 2025.4, its final update of the year, introducing three new tools, desktop environment improvements, and enhanced Wayland support. […]
Shadow spreadsheets: The security gap your tools can’t see
When official systems can’t support everyday workflows, employees turn to spreadsheets — creating “shadow spreadsheets” that circulate unchecked. Grist shows how these spreadsheets expose sensitive data, create version sprawl, and remove the audit trails security teams depend on. […]
New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale
Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at scale.
BlackForce, first detected in August 2025, is designed to steal credentials and perform Man-in-the-Browser (MitB) attacks to capture one-time passwords (OTPs) and bypass multi-factor authentication (MFA). The kit
BlackForce, first detected in August 2025, is designed to steal credentials and perform Man-in-the-Browser (MitB) attacks to capture one-time passwords (OTPs) and bypass multi-factor authentication (MFA). The kit
Gladinet CentreStack Flaw Exploited to Hack Organizations
Threat actors have hacked at least nine organizations by exploiting the recently patched Gladinet CentreStack flaw.
The post Gladinet CentreStack Flaw Exploited to Hack Organizations appeared first on SecurityWeek.
Fieldtex Data Breach Impacts 238,000
The Akira ransomware group took credit for the Fieldtex Products hack in November, claiming to have stolen 14 Gb of data.
The post Fieldtex Data Breach Impacts 238,000 appeared first on SecurityWeek.
Recent GeoServer Vulnerability Exploited in Attacks
Because user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request.
The post Recent GeoServer Vulnerability Exploited in Attacks appeared first on SecurityWeek.
MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities
XSS remains the top software weakness, followed by SQL injection and CSRF. Buffer overflow issues and improper access control make it to top 25.
The post MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities appeared first on SecurityWeek.
New Windows RasMan zero-day flaw gets free, unofficial patches
Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service. […]