The SafePay ransomware gang is threatening to leak 3.5TB of data belonging to IT giant Ingram Micro, allegedly stolen from the company’s compromised systems earlier this month. […]
Hackers actively exploit critical RCE in WordPress Alone theme
Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme ‘Alone,’ to achieve remote code execution and perform a full site takeover. […]
Hackers plant 4G Raspberry Pi on bank network in failed ATM heist
The UNC2891 hacking group, also known as LightBasin, used a 4G-equipped Raspberry Pi hidden in a bank’s network to bypass security defenses in a newly discovered attack. […]
Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps
Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called JSCEAL that can capture data from credentials and wallets.
The activity leverages thousands of malicious advertisements posted on Facebook in an attempt to redirect unsuspecting victims to counterfeit sites that instruct
The activity leverages thousands of malicious advertisements posted on Facebook in an attempt to redirect unsuspecting victims to counterfeit sites that instruct
FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant
Cybersecurity experts have released a decryptor for a ransomware strain called FunkSec, allowing victims to recover access to their files for free.
“Because the ransomware is now considered dead, we released the decryptor for public download,” Gen Digital researcher Ladislav Zezula said.
FunkSec, which emerged towards the end of 2024, has claimed 172 victims, according to data from
“Because the ransomware is now considered dead, we released the decryptor for public download,” Gen Digital researcher Ladislav Zezula said.
FunkSec, which emerged towards the end of 2024, has claimed 172 victims, according to data from
Apple patches security flaw exploited in Chrome zero-day attacks
Apple has released security updates to address a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users. […]
New Lenovo UEFI firmware updates fix Secure Boot bypass flaws
Lenovo is warning about high-severity BIOS flaws that could allow attackers to potentially bypass Secure Boot in all-in-one desktop PC models that use customized Insyde UEFI (Unified Extensible Firmware Interface). […]
BlinkOps Raises $50 Million for Agentic Security Automation Platform
BlinkOps has announced a Series B funding round that brings the total raised by the company for its micro-agents builder to $90 million.
The post BlinkOps Raises $50 Million for Agentic Security Automation Platform appeared first on SecurityWeek.
Legion Emerges From Stealth With $38 Million in Funding
Legion has raised $38 million in seed and Series A funding for its browser-native AI Security Operations Center (SOC) platform.
The post Legion Emerges From Stealth With $38 Million in Funding appeared first on SecurityWeek.
Scattered Spider Activity Drops Following Arrests, but Others Adopting Group’s Tactics
Multiple financially motivated threat actors are targeting backup systems and employing Scattered Spider’s social engineering techniques.
The post Scattered Spider Activity Drops Following Arrests, but Others Adopting Group’s Tactics appeared first on SecurityWeek.