The startup takes an agentic approach to preventing vulnerability exploitation by uncovering exposure across assets.
The post Dux Emerges From Stealth Mode With $9 Million in Funding appeared first on SecurityWeek.
Cellik Android malware builds malicious versions from Google Play apps
A new Android malware-as-a-service (MaaS) named Cellik is being advertised on underground cybercrime forums offering a robust set of capabilities that include the option to embed it in any app available on the Google Play Store. […]
GhostPoster attacks hide malicious JavaScript in Firefox addon logos
A new campaign dubbed ‘GhostPoster’ is hiding JavaScript code in the image logo of malicious Firefox extensions counting more than 50,000 downloads, to monitor browser activity and plant a backdoor. […]
Amazon disrupts Russian GRU hackers attacking edge network devices
The Amazon Threat Intelligence team has disrupted active operations attributed to hackers working for the Russian foreign military intelligence agency, the GRU, who targeted customers’ cloud infrastructure. […]
From Open Source to OpenAI: The Evolution of Third-Party Risk
From open source libraries to AI-powered coding assistants, speed-driven development is introducing new third-party risks that threat actors are increasingly exploiting.
The post From Open Source to OpenAI: The Evolution of Third-Party Risk appeared first on SecurityWeek.
Texas sues TV makers for taking screenshots of what people watch
The Texas Attorney General sued five major television manufacturers, accusing them of illegally collecting their users’ data by secretly recording what they watch using Automated Content Recognition (ACR) technology. […]
Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign
An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management (IAM) credentials to enable cryptocurrency mining.
The activity, first detected by Amazon’s GuardDuty managed threat detection service and its automated security monitoring systems on November 2, 2025, employs never-before-seen persistence techniques to hamper
The activity, first detected by Amazon’s GuardDuty managed threat detection service and its automated security monitoring systems on November 2, 2025, employs never-before-seen persistence techniques to hamper
Hackers exploit newly patched Fortinet auth bypass flaws
Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to admin accounts and steal system configuration files. […]
Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data
Cybersecurity researchers have discovered a new malicious NuGet package that typosquats and impersonates the popular .NET tracing library and its author to sneak in a cryptocurrency wallet stealer.
The malicious package, named “Tracer.Fody.NLog,” remained on the repository for nearly six years. It was published by a user named “csnemess” on February 26, 2020. It masquerades as “Tracer.Fody,”
The malicious package, named “Tracer.Fody.NLog,” remained on the repository for nearly six years. It was published by a user named “csnemess” on February 26, 2020. It masquerades as “Tracer.Fody,”
Cyberattack disrupts Venezuelan oil giant PDVSA’s operations
Petróleos de Venezuela (PDVSA), Venezuela’s state-owned oil company, was hit by a cyberattack over the weekend that disrupted its export operations. […]