Security researchers collected $792,750 in cash after exploiting 56 unique zero-day vulnerabilities during the second day of the Pwn2Own Ireland 2025 hacking competition. […]
Hackers exploiting critical “SessionReaper” flaw in Adobe Magento
Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded. […]
TARmageddon flaw in abandoned Rust library enables RCE attacks
A high-severity vulnerability in the now-abandoned async-tar Rust library and its forks can be exploited to gain remote code execution on systems running unpatched software. […]
Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign
The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to various organizations across the Middle East and North Africa (MENA) region, including over 100 government entities.
The end goal of the campaign is to infiltrate high-value targets and facilitate intelligence gathering
The end goal of the campaign is to infiltrate high-value targets and facilitate intelligence gathering
Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files
Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting organizations associated with Ukraine’s war relief efforts to deliver a remote access trojan that uses a WebSocket for command-and-control (C2).
The activity, which took place on October 8, 2025, targeted individual members of the International Red Cross, Norwegian Refugee
The activity, which took place on October 8, 2025, targeted individual members of the International Red Cross, Norwegian Refugee
Meta launches new anti-scam tools for WhatsApp and Messenger
Meta has announced new tools to help WhatsApp and Messenger users protect themselves from potential scams and secure their accounts. […]
TARmageddon Flaw in Popular Rust Library Leads to RCE
The vulnerability impacts multiple Rust tar parsers, allowing attackers to smuggle additional archive entries.
The post TARmageddon Flaw in Popular Rust Library Leads to RCE appeared first on SecurityWeek.
Critical Vulnerabilities Patched in TP-Link’s Omada Gateways
One of the flaws can be exploited by remote unauthenticated attackers for arbitrary command execution.
The post Critical Vulnerabilities Patched in TP-Link’s Omada Gateways appeared first on SecurityWeek.
PhantomCaptcha ClickFix attack targets Ukraine war relief orgs
A spearphishing attack that lasted a single day targeted members of the Ukrainian regional government administration and organizations critical for the war relief effort in Ukraine, including the International Committee of the Red Cross, UNICEF, and various NGOs. […]
Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft’s July Patch
Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched in July 2025.
Also targeted were government departments in an African country, as well as government agencies in South America, a university in the U.S., as well as likely a state technology
Also targeted were government departments in an African country, as well as government agencies in South America, a university in the U.S., as well as likely a state technology