The U.S. Department of Justice has charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his role as the administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations. […]
Adobe patches critical SessionReaper flaw in Magento eCommerce platform
Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of ” the most severe” flaws in the history of the product. […]
Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks
Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft’s Direct Send feature to form a “highly efficient attack pipeline” in recent phishing campaigns, according to new findings from ReliaQuest.
“Axios user agent activity surged 241% from June to August 2025, dwarfing the 85% growth of all other flagged user agents combined,” the cybersecurity company said in a
“Axios user agent activity surged 241% from June to August 2025, dwarfing the 85% growth of all other flagged user agents combined,” the cybersecurity company said in a
Exposed Docker APIs Likely Exploited to Build Botnet
Hackers mount the host’s file system into fresh containers, fetch malicious scripts over the Tor network, and block access to the Docker API.
The post Exposed Docker APIs Likely Exploited to Build Botnet appeared first on SecurityWeek.
How External Attack Surface Management helps enterprises manage cyber risk
Shadow assets don’t care about your perimeter. EASM finds every internet-facing asset, surfaces unknowns, and prioritizes real risks—so you can fix exposures before attackers do. See how Outpost24 makes it easy. […]
SAP Patches Critical NetWeaver Vulnerabilities
The critical-severity NetWeaver flaws could be exploited for remote code execution and privilege escalation.
The post SAP Patches Critical NetWeaver Vulnerabilities appeared first on SecurityWeek.
Microsoft: Anti-spam bug blocks links in Exchange Online, Teams
Microsoft is working to resolve a known issue that causes an anti-spam service to mistakenly block Exchange Online and Microsoft Teams users from opening URLs and quarantine some of their emails. […]
Ransomware Losses Climb as AI Pushes Phishing to New Heights
Based on real-world insurance claims, Resilience’s midyear report shows vendor risk is declining but costly, ransomware is evolving with triple extortion, and social engineering attacks are accelerating through AI.
The post Ransomware Losses Climb as AI Pushes Phishing to New Heights appeared first on SecurityWeek.
Ex-WhatsApp Security Chief Sues Meta Over Vulnerabilities, Retaliation
Attaullah Baig has filed a lawsuit against Meta and its executives, accusing them of retaliation over critical cybersecurity failures.
The post Ex-WhatsApp Security Chief Sues Meta Over Vulnerabilities, Retaliation appeared first on SecurityWeek.
SAP fixes maximum severity NetWeaver command execution flaw
SAP has addressed 21 new vulnerabilities affecting its products, including three critical severity issues impacting the NetWeaver software solution. […]