The bug has been exploited in the wild as a zero-day and the US cybersecurity agency CISA has added it to its KEV catalog.
The post Lanscope Endpoint Manager Zero-Day Exploited in the Wild appeared first on SecurityWeek.
Mobile Security: Verizon Says Attacks Soar, AI-Powered Threats Raise Alarm
Verizon’s 2025 Mobile Security Index shows that 85% of organizations believe mobile device attacks are on the rise.
The post Mobile Security: Verizon Says Attacks Soar, AI-Powered Threats Raise Alarm appeared first on SecurityWeek.
“Jingle Thief” Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards
Cybersecurity researchers have shed light on a cybercriminal group called Jingle Thief that has been observed targeting cloud environments associated with organizations in the retail and consumer services sectors for gift card fraud.
“Jingle Thief attackers use phishing and smishing to steal credentials, to compromise organizations that issue gift cards,” Palo Alto Networks Unit 42 researchers
“Jingle Thief attackers use phishing and smishing to steal credentials, to compromise organizations that issue gift cards,” Palo Alto Networks Unit 42 researchers
Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw
E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source platforms, with more than 250 attack attempts recorded against multiple stores over the past 24 hours.
The vulnerability in question is CVE-2025-54236 (CVSS score: 9.1), a critical improper input validation flaw that could be
The vulnerability in question is CVE-2025-54236 (CVSS score: 9.1), a critical improper input validation flaw that could be
Critical Lanscope Endpoint Manager Bug Exploited in Ongoing Cyberattacks, CISA Confirms
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild.
The vulnerability, CVE-2025-61932 (CVSS v4 score: 9.3), impacts on-premises versions of Lanscope Endpoint Manager, specifically Client
The vulnerability, CVE-2025-61932 (CVSS v4 score: 9.3), impacts on-premises versions of Lanscope Endpoint Manager, specifically Client
Iranian hackers targeted over 100 govt orgs with Phoenix backdoor
State-sponsored Iranian hacker group MuddyWater has targeted more than 100 government entities in attacks that deployed version 4 of the Phoenix backdoor. […]
Pwn2Own Day 2: Hackers exploit 56 zero-days for $790,000
Security researchers collected $792,750 in cash after exploiting 56 unique zero-day vulnerabilities during the second day of the Pwn2Own Ireland 2025 hacking competition. […]
Hackers exploiting critical “SessionReaper” flaw in Adobe Magento
Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded. […]
TARmageddon flaw in abandoned Rust library enables RCE attacks
A high-severity vulnerability in the now-abandoned async-tar Rust library and its forks can be exploited to gain remote code execution on systems running unpatched software. […]
Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign
The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to various organizations across the Middle East and North Africa (MENA) region, including over 100 government entities.
The end goal of the campaign is to infiltrate high-value targets and facilitate intelligence gathering
The end goal of the campaign is to infiltrate high-value targets and facilitate intelligence gathering