Cybersecurity firm Trellix disclosed a data breach after attackers gained access to “a portion” of its source code repository. […]
⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
This week, the shadows moved faster than the patches.
While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems.
The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted commits, and scaling
While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems.
The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted commits, and scaling
They don’t hack, they borrow: How fraudsters target credit unions
Fraudsters aren’t hacking credit unions, they are exploiting normal business processes. Flare reveals how structured loan fraud methods use stolen identities to pass verification and secure funds. […]
Cybersecurity M&A Roundup: 33 Deals Announced in April 2026
Significant cybersecurity M&A deals announced by Airbus, Cyera, Fortra, Palo Alto Networks, Silverfort, and Socket.
The post Cybersecurity M&A Roundup: 33 Deals Announced in April 2026 appeared first on SecurityWeek.
DigiCert Revokes Certificates After Support Portal Hack
Hackers delivered malware via a customer chat channel, infected an analyst’s system, and accessed the internal support portal.
The post DigiCert Revokes Certificates After Support Portal Hack appeared first on SecurityWeek.
Progress warns of critical MOVEit Automation auth bypass flaw
Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. […]
Webinar: Why MSPs must rethink security and backup strategies
Security breaches don’t just test your defenses—they test your recovery. Join Kaseya in our upcoming webinar to learn how MSPs strengthen resilience with SaaS backups and BCDR to stay operational after attacks. […]
2026: The Year of AI-Assisted Attacks
On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan’s largest internet cafe chain. When asked, the young man shared his motivation for the hack: he wanted to buy Pokémon cards.
In a sense, this is a fairly conventional story.
In a sense, this is a fairly conventional story.
Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia
The China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor.
The activity involved using phishing emails that mimic correspondence from the Income Tax Department of India in December 2025, followed by a similar campaign aimed at Russian entities.
“Both waves followed a nearly identical
The activity involved using phishing emails that mimic correspondence from the Income Tax Department of India in December 2025, followed by a similar campaign aimed at Russian entities.
“Both waves followed a nearly identical
CISA says ‘Copy Fail’ flaw now exploited to root Linux systems
CISA has warned that threat actors have started exploiting the “Copy Fail” Linux security vulnerability in the wild, one day after Theori researchers disclosed it and shared a proof-of-concept (PoC) exploit. […]