Nike is investigating what it described as a “potential cyber security incident” after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen from the sportswear giant. […]
Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities
Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft.
The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025.
“While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT)
The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025.
“While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT)
Critical sandbox escape flaw discovered in popular vm2 NodeJS library
A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. […]
US charges 31 more suspects linked to ATM malware attacks
A Nebraska federal grand jury charged 31 additional defendants for their involvement in an ATM jackpotting operation allegedly orchestrated by members of the Venezuelan gang Tren de Aragua. […]
Memcyco Raises $37 Million for Anti-Impersonation Technology
The startup will use the investment to fuel global expansion of its agentless platform, including in Latin America.
The post Memcyco Raises $37 Million for Anti-Impersonation Technology appeared first on SecurityWeek.
From Cipher to Fear: The psychology behind modern ransomware extortion
Modern ransomware has shifted from encryption to psychological extortion that exploits fear, liability, and exposure. Flare shows how today’s ransomware groups weaponize stolen data and pressure tactics to force payment. […]
Over 100 Organizations Targeted in ShinyHunters Phishing Campaign
Domains set up by the threat actor suggest attacks aimed at Atlassian, Canva, Epic Games, HubSpot, Moderna, ZoomInfo, and WeWork.
The post Over 100 Organizations Targeted in ShinyHunters Phishing Campaign appeared first on SecurityWeek.
ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization (App-V) script to distribute an information stealer called Amatera.
“Instead of launching PowerShell directly, the attacker uses this script to control how execution begins and to avoid more common, easily recognized execution paths,”
“Instead of launching PowerShell directly, the attacker uses this script to control how execution begins and to avoid more common, easily recognized execution paths,”
Over 6,000 SmarterMail servers exposed to automated hijacking attacks
Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability. […]
‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks
The protections against NPM supply chain attacks could be bypassed, leading to arbitrary code execution.
The post ‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks appeared first on SecurityWeek.