U.S. prosecutors have charged an Illinois man with orchestrating a phishing operation that allowed him to hack the Snapchat accounts of nearly 600 women to steal private photos and sell them online. […]
CISA Closes 10 Emergency Directives as Vulnerability Catalog Takes Over
The Emergency Directives were retired because they achieved objectives or targeted vulnerabilities included in the KEV catalog.
The post CISA Closes 10 Emergency Directives as Vulnerability Catalog Takes Over appeared first on SecurityWeek.
‘ZombieAgent’ Attack Let Researchers Take Over ChatGPT
Radware bypassed ChatGPT’s protections to exfiltrate user data and implant a persistent logic into the agent’s long-term memory.
The post ‘ZombieAgent’ Attack Let Researchers Take Over ChatGPT appeared first on SecurityWeek.
377,000 Impacted by Data Breach at Texas Gas Station Firm
Gulshan Management Services has informed authorities about a recent data breach resulting from a ransomware attack.
The post 377,000 Impacted by Data Breach at Texas Gas Station Firm appeared first on SecurityWeek.
Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure
Fresh attacks targeted three VMware ESXi vulnerabilities that were disclosed in March 2025 as zero-days.
The post Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure appeared first on SecurityWeek.
Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can’t)
As organizations plan for 2026, cybersecurity predictions are everywhere. Yet many strategies are still shaped by headlines and speculation rather than evidence. The real challenge isn’t a lack of forecasts—it’s identifying which predictions reflect real, emerging risks and which can safely be ignored.
An upcoming webinar hosted by Bitdefender aims to cut through the noise with a data-driven
An upcoming webinar hosted by Bitdefender aims to cut through the noise with a data-driven
Trend Micro warns of critical Apex Central RCE vulnerability
Japanese cybersecurity software firm Trend Micro has patched a critical security flaw in Apex Central (on-premise) that could allow attackers to execute arbitrary code with SYSTEM privileges. […]
Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions
Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution.
The vulnerability, tracked as CVE-2025-69258, carries a CVSS score of 9.8 out of a maximum of 10.0. The vulnerability has been described as a case of remote code execution
The vulnerability, tracked as CVE-2025-69258, carries a CVSS score of 9.8 out of a maximum of 10.0. The vulnerability has been described as a case of remote code execution
CISA Retires 10 Emergency Cybersecurity Directives Issued Between 2019 and 2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday said it’s retiring 10 emergency directives (Eds) that were issued between 2019 and 2024.
The list of the directives now considered closed is as follows –
The list of the directives now considered closed is as follows –
ED 19-01: Mitigate DNS Infrastructure Tampering
ED 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday
ED 20-03: Mitigate Windows DNS Server
FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing
The U.S. Federal Bureau of Investigation (FBI) on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing campaigns targeting entities in the country.
“As of 2025, Kimsuky actors have targeted think tanks, academic institutions, and both U.S. and foreign government entities with embedded malicious Quick Response (QR)
“As of 2025, Kimsuky actors have targeted think tanks, academic institutions, and both U.S. and foreign government entities with embedded malicious Quick Response (QR)