Ransomware operators are hosting and delivering malicious payloads at scale by abusing virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider. […]
Microsoft to shut down Exchange Online EWS in April 2027
Microsoft announced today that the Exchange Web Services (EWS) API for Exchange Online will be shut down in April 2027, after nearly 20 years. […]
AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack
The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds.
Cloudflare, which automatically detected and mitigated the activity, said it’s part of a growing number of hyper-volumetric HTTP DDoS attacks mounted by the botnet in the fourth quarter of 2025. The
Cloudflare, which automatically detected and mitigated the activity, said it’s part of a growing number of hyper-volumetric HTTP DDoS attacks mounted by the botnet in the fourth quarter of 2025. The
Italian university La Sapienza goes offline after cyberattack
Rome’s “La Sapienza” university has been targeted by a cyberattack that impacted its IT systems and caused widespread operational disruptions at the educational institute. […]
Romanian oil pipeline operator Conpet discloses cyberattack
Conpet, Romania’s national oil pipeline operator, has disclosed that a cyberattack disrupted its business systems and took down the company’s website on Tuesday. […]
Substack Discloses Security Incident After Hacker Leaks Data
The hacker claims to have stolen nearly 700,000 Substack user records, including email addresses and phone numbers.
The post Substack Discloses Security Incident After Hacker Leaks Data appeared first on SecurityWeek.
When cloud logs fall short, the network tells the truth
Cloud logs can be inconsistent or incomplete, creating blind spots as environments scale and change. Corelight shows how network-level telemetry provides reliable visibility when cloud logs fall short. […]
Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign
Criminals are using AI to clone professional websites at an industrial scale. A new report shows how one AI-powered network grew to 150+ domains by hiding behind Cloudflare and rotating IP ranges.
The post Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign appeared first on SecurityWeek.
VS Code Configs Expose GitHub Codespaces to Attacks
VS Code-integrated configuration files are automatically executed in Codespaces when the user opens a repository or pull request.
The post VS Code Configs Expose GitHub Codespaces to Attacks appeared first on SecurityWeek.
Nullify Secures $12.5 Million in Seed Funding for Cybersecurity AI Workforce
This latest infusion, led by SYN Ventures, brings the company’s total funding to $16.9 million.
The post Nullify Secures $12.5 Million in Seed Funding for Cybersecurity AI Workforce appeared first on SecurityWeek.