Blog – Page 262 – Cyber Mike

CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability in question is CVE-2025-9242 (CVSS score: 9.3), an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including

Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases

Google and Mozilla have released fresh Chrome and Firefox updates that address multiple high-severity security defects.

The post Firefox 145 and Chrome 142 Patch High-Severity Flaws in Latest Releases appeared first on SecurityWeek.

Over 46,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort.
“The packages were systematically published over an extended period, flooding the npm registry with junk packages that survived in the ecosystem for almost two years,” Endor Labs

Google sues to dismantle Chinese phishing platform behind US toll scams

Google has filed a lawsuit to dismantle the “Lighthouse” phishing-as-a-service platform used by cybercriminals worldwide to steal credit card information through SMS phishing attacks impersonating the U.S. Postal Service and E-ZPass toll systems. […]

Google sues to dismantle Chinese platform behind global toll scams

Windows 11 now supports 3rd-party apps for native passkey management

Microsoft announced that passwordless authentication is now easier on Windows 11 through native support for third-party passkey managers, the first ones supported being 1Password and Bitwarden. […]

DanaBot malware is back to infecting Windows after 6-month break

The DanaBot malware has returned with a new version observed in attacks, six-months after law enforcement’s Operation Endgame disrupted its activity in May. […]

China’s Cyber Silence is More Worrying Than Russia’s Noise, Chief Cybersecurity Strategist Says

NTT’s chief cybersecurity strategist Mihoko Matsubara on the new geopolitics of hacking, the “chicken and egg” problem of 5G, and the AGI threat to society.

The post China’s Cyber Silence is More Worrying Than Russia’s Noise, Chief Cybersecurity Strategist Says appeared first on SecurityWeek.

Google Sues China-Based Hackers Behind $1 Billion Lighthouse Phishing Platform

Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York (SDNY) against China-based hackers who are behind a massive Phishing-as-a-Service (PhaaS) platform called Lighthouse that has ensnared over 1 million users across 120 countries.
The PhaaS kit is used to conduct large-scale SMS phishing attacks that exploit trusted brands like E-ZPass and USPS to

How TTP-based Defenses Outperform Traditional IoC Hunting

Behavioral detection allows defenders to recognize activity patterns like privilege escalation, credential theft, and lateral movement—often ahead of encryption or data exfiltration.

The post How TTP-based Defenses Outperform Traditional IoC Hunting appeared first on SecurityWeek.

Cyber News