Akira was seen exploiting SonicWall vulnerabilities and encrypting Nutanix Acropolis Hypervisor (AHV) VM disk files this year.
The post Akira Ransomware Group Made $244 Million in Ransom Proceeds appeared first on SecurityWeek.
Google backpedals on new Android developer registration rules
Google is backpedaling on its decision to introduce new identity verification rules for all developers, stating that it will also introduce accounts for limited app distribution and will allow users to install apps from unverified devs. […]
Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign
A financially motivated threat actor automated the package publishing process in a coordinated tea.xyz token farming campaign.
The post Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign appeared first on SecurityWeek.
Ransomware’s Fragmentation Reaches a Breaking Point While LockBit Returns
Key Takeaways:
85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date.
1,590 victims disclosed across 85 leak sites, showing high, sustained activity despite law-enforcement pressure.
14 new ransomware brands launched this quarter, proving how quickly affiliates reconstitute after takedowns.
LockBit’s reappearance with
Chinese Hackers Use Anthropic’s AI to Launch Automated Cyber Espionage Campaign
State-sponsored threat actors from China used artificial intelligence (AI) technology developed by Anthropic to orchestrate automated cyber attacks as part of a “highly sophisticated espionage campaign” in mid-September 2025.
“The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves,” the AI upstart
“The attackers used AI’s ‘agentic’ capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves,” the AI upstart
ASUS warns of critical auth bypass flaw in DSL series routers
ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models. […]
Imunify360 Vulnerability Could Expose Millions of Sites to Hacking
A vulnerability in ImunifyAV can be exploited for arbitrary code execution by uploading a malicious file to shared servers.
The post Imunify360 Vulnerability Could Expose Millions of Sites to Hacking appeared first on SecurityWeek.
Fortinet FortiWeb Flaw Actively Exploited in the Wild Before Company’s Silent Patch
Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet Fortiweb WAF that could allow an attacker to take over admin accounts and completely compromise a device.
“The watchTowr team is seeing active, indiscriminate in-the-wild exploitation of what appears to be a silently patched vulnerability in Fortinet’s FortiWeb product,” Benjamin Harris,
“The watchTowr team is seeing active, indiscriminate in-the-wild exploitation of what appears to be a silently patched vulnerability in Fortinet’s FortiWeb product,” Benjamin Harris,
Anthropic Says Claude AI Powered 90% of Chinese Espionage Campaign
A state-sponsored threat actor manipulated Claude Code to execute cyberattacks on roughly 30 organizations worldwide.
The post Anthropic Says Claude AI Powered 90% of Chinese Espionage Campaign appeared first on SecurityWeek.
Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following Lawsuit
The cybercriminals informed customers that their cloud server was shut down due to complaints.
The post Google Says Chinese ‘Lighthouse’ Phishing Kit Disrupted Following Lawsuit appeared first on SecurityWeek.