The National Police in Spain have arrested a suspected 19-year-old hacker in Barcelona, for allegedly stealing and attempting to sell 64 million records obtained from breaches at nine companies. […]
Webinar Today: Inside the First 72 hours of a Cyber Event
Learn how GRC and SOC teams can turn shared threat intelligence into faster action, clearer communication, and stronger organizational resilience.
The post Webinar Today: Inside the First 72 hours of a Cyber Event appeared first on SecurityWeek.
Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure
Four distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader, strengthening the previous assessment that the tool is offered to other threat actors under a malware-as-a-service (MaaS) model.
The threat actor behind CastleLoader has been assigned the name GrayBravo by Recorded Future’s Insikt Group, which was previously tracking it as TAG-150.
The threat actor behind CastleLoader has been assigned the name GrayBravo by Recorded Future’s Insikt Group, which was previously tracking it as TAG-150.
North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks
A new malware implant called EtherRAT, deployed in a recent React2Shell attack, runs five separate Linux persistence mechanisms and leverages Ethereum smart contracts for communication with the attacker. […]
Ransomware IAB abuses EDR for stealthy malware execution
An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities to load malware, establish communication, and persistence in preparation for ransomware attacks. […]
React2Shell Attacks Linked to North Korean Hackers
North Korean threat actors are believed to be behind CVE-2025-55182 exploitation delivering EtherRAT.
The post React2Shell Attacks Linked to North Korean Hackers appeared first on SecurityWeek.
Identity Security Firm Saviynt Raises $700 Million at $3 Billion Valuation
The funding round was led by KKR, with participation from Sixth Street Growth, TenEleven, and Carrick Capital Partners.
The post Identity Security Firm Saviynt Raises $700 Million at $3 Billion Valuation appeared first on SecurityWeek.
Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading
The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks.
“These methods allow them to bypass defenses, infiltrate networks, maintain persistence, and operate undetected, raising serious concerns for
“These methods allow them to bypass defenses, infiltrate networks, maintain persistence, and operate undetected, raising serious concerns for
US Posts $10 Million Bounty for Iranian Hackers
The US seeks information on the leader of Emennet Pasargad, Mohammad Bagher Shirinkar, and long-time employee Fatemeh Sedighian Kashi.
The post US Posts $10 Million Bounty for Iranian Hackers appeared first on SecurityWeek.
Proofpoint Completes $1.8 Billion Acquisition of Hornetsecurity
Enterprise cybersecurity giant Proofpoint has completed the acquisition of Germany-based Microsoft 365 security solutions provider Hornetsecurity. Financial details were not officially disclosed when news of the transaction came to light, but it was reported that Proofpoint would be paying $1 billion for its European competitor. SecurityWeek learned at the time that the deal size well […]
The post Proofpoint Completes $1.8 Billion Acquisition of Hornetsecurity appeared first on SecurityWeek.