The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems within three days against a maximum-severity Dell vulnerability that has been under active exploitation since mid-2024. […]
How infostealers turn stolen credentials into real identities
Infostealer dumps increasingly tie stolen credentials to real identities, linking usernames, cookies, and behavior across personal and enterprise accounts. Specops explains how analyzing 90,000 dumps shows reuse fuels enterprise risk and how continuous AD scanning disrupts that cycle. […]
French Government Says 1.2 Million Bank Accounts Exposed in Breach
The Ministry of Economy reported discovering unauthorized access to the national bank account registry FICOBA.
The post French Government Says 1.2 Million Bank Accounts Exposed in Breach appeared first on SecurityWeek.
ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories
The cyber threat space doesn’t pause, and this week makes that clear. New risks, new tactics, and new security gaps are showing up across platforms, tools, and industries — often all at the same time.
Some developments are headline-level. Others sit in the background but carry long-term impact. Together, they shape how defenders need to think about exposure, response, and preparedness right now
Some developments are headline-level. Others sit in the background but carry long-term impact. Together, they shape how defenders need to think about exposure, response, and preparedness right now
Nigerian man gets eight years in prison for hacking tax firms
A Nigerian national was sentenced to eight years in prison for hacking multiple tax preparation firms in Massachusetts and filing fraudulent tax returns seeking over $8.1 million in refunds. […]
Nearly 1 Million User Records Compromised in Figure Data Breach
The blockchain-based lender has confirmed a data breach after ShinyHunters leaked over 2GB of data allegedly stolen from the company.
The post Nearly 1 Million User Records Compromised in Figure Data Breach appeared first on SecurityWeek.
Texas sues TP-Link over Chinese hacking risks, user deception
Texas sued networking giant TP-Link Systems, accusing the company of deceptively marketing its routers as secure while allowing Chinese state-backed hackers to exploit firmware vulnerabilities and access users’ devices. […]
Hackers target Microsoft Entra accounts in device code vishing attacks
Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts. […]
Venice Security Emerges From Stealth With $33M Funding for Privileged Access Management
Formerly named Valkyrie, the company’s funding includes $25 million raised in a Series A round.
The post Venice Security Emerges From Stealth With $33M Funding for Privileged Access Management appeared first on SecurityWeek.
Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025
Security researchers have seen the vulnerabilities being exploited to deliver shells, conduct reconnaissance, and download malware.
The post Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025 appeared first on SecurityWeek.