Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today. […]
Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack
A hacker published malicious versions of four established VS Code extensions to distribute a GlassWorm malware loader.
The post Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack appeared first on SecurityWeek.
Default ICS Credentials Exploited in Destructive Attack on Polish Energy Facilities
Poland’s CERT has published a report on the recent attack, providing new details on targeted ICS and attribution.
The post Default ICS Credentials Exploited in Destructive Attack on Polish Energy Facilities appeared first on SecurityWeek.
Panera Bread breach impacts 5.1 million accounts, not 14 million customers
The data breach notification service Have I Been Pwned says that a data breach at the U.S. food chain Panera Bread affected 5.1 million accounts, not 14 million customers as previously reported. […]
Cyber Insights 2026: Malware and Cyberattacks in the Age of AI
Security leaders share how artificial intelligence is changing malware, ransomware, and identity-led intrusions, and how defenses must evolve.
The post Cyber Insights 2026: Malware and Cyberattacks in the Age of AI appeared first on SecurityWeek.
⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats
Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage.
Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident shows how defenders adapt — and how fast attackers try to stay ahead.
This week’s recap brings you the
Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident shows how defenders adapt — and how fast attackers try to stay ahead.
This week’s recap brings you the
Over 1,400 MongoDB Databases Ransacked by Threat Actor
Of 3,100 unprotected MongoDB instances, half remain compromised, most of them by a single threat actor.
The post Over 1,400 MongoDB Databases Ransacked by Threat Actor appeared first on SecurityWeek.
Securing the Mid-Market Across the Complete Threat Lifecycle
For mid-market organizations, cybersecurity is a constant balancing act. Proactive, preventative security measures are essential to protect an expanding attack surface. Combined with effective protection that blocks threats, they play a critical role in stopping cyberattacks before damage is done.
The challenge is that many security tools add complexity and cost that most mid-market businesses
The challenge is that many security tools add complexity and cost that most mid-market businesses
Microsoft fixes bug causing password sign-in option to disappear
Microsoft has fixed a known issue that was causing the password sign-in option to disappear from the lock screen options after installing Windows 11 updates released since August 2025. […]
Microsoft Moves Closer to Disabling NTLM
The next major Windows Server and Windows releases will have the deprecated authentication protocol disabled by default.
The post Microsoft Moves Closer to Disabling NTLM appeared first on SecurityWeek.