The state-sponsored group’s campaign has targeted government, higher education, financial, and legal entities, as well as think tanks.
The post Russian APT Star Blizzard Adopts DarkSword iOS Exploit Kit appeared first on SecurityWeek.
The State of Secrets Sprawl 2026: 9 Takeaways for CISOs
Secrets sprawl isn’t slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian’s State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase year over year and the largest single-year jump ever recorded.
This year’s findings reveal three core trends: AI has
This year’s findings reveal three core trends: AI has
European Commission Reports Cyber Intrusion and Data Theft
The ShinyHunters hacker group claimed to have stolen over 350GB of information from European Commission cloud systems.
The post European Commission Reports Cyber Intrusion and Data Theft appeared first on SecurityWeek.
Hacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in Warfare
Iran-linked hacking groups are turning to high-volume, low-impact cyberattacks, and AI is providing a boost.
The post Hacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in Warfare appeared first on SecurityWeek.
Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now
F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on unpatched devices. […]
Telnyx Targeted in Growing TeamPCP Supply Chain Attack
Two malicious versions of the popular SDK were uploaded to the PyPI registry, targeting Windows, macOS, and Linux.
The post Telnyx Targeted in Growing TeamPCP Supply Chain Attack appeared first on SecurityWeek.
Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that’s distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders.
The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables” to facilitate credential phishing, keylogging, Remote Desktop Protocol (RDP) hijacking, and reverse tunneling
The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables” to facilitate credential phishing, keylogging, Remote Desktop Protocol (RDP) hijacking, and reverse tunneling
Microsoft pulls KB5079391 Windows update over install issues
Microsoft has pulled a buggy Windows 11 non-security preview update to investigate a known issue that triggers 0x80073712 errors during installation. […]
Exploitation of Fresh Citrix NetScaler Vulnerability Begins
The critical-severity flaw leaks application memory and can be exploited to obtain authenticated administrative session IDs.
The post Exploitation of Fresh Citrix NetScaler Vulnerability Begins appeared first on SecurityWeek.
FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers
The agency said Iranian hackers targeted the director’s personal email account and noted that the compromised information is old.
The post FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers appeared first on SecurityWeek.