Blog – Page 466 – Cyber Mike

Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments

Virtualization and networking infrastructure have been targeted by a threat actor codenamed Fire Ant as part of a prolonged cyber espionage campaign.
The activity, observed this year, is primarily designed Now to infiltrate organizations’ VMware ESXi and vCenter environments as well as network appliances, Sygnia said in a new report published today.
“The threat actor leveraged combinations of

Hacker sneaks infostealer malware into early access Steam game

A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title. […]

Mitel warns of critical MiVoice MX-ONE authentication bypass flaw

Mitel Networks has released security updates to patch a critical-severity authentication bypass vulnerability impacting its MiVoice MX-ONE enterprise communications platform. […]

CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing

Cybersecurity researchers have shed light on a new versatile malware loader called CastleLoader that has been put to use in campaigns distributing various information stealers and remote access trojans (RATs).
The activity employs Cloudflare-themed ClickFix phishing attacks and fake GitHub repositories opened under the names of legitimate applications, Swiss cybersecurity company PRODAFT said in

Sophos and SonicWall Patch Critical RCE Flaws Affecting Firewalls and SMA 100 Devices

Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances that could be exploited to achieve remote code execution.
The two vulnerabilities impacting Sophos Firewall are listed below –

CVE-2025-6704 (CVSS score: 9.8) – An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature can lead

HeroDevs Raises $125 Million to Secure Deprecated OSS

HeroDevs has received a $125 million strategic growth investment from PSG to secure enterprise security stacks.

The post HeroDevs Raises $125 Million to Secure Deprecated OSS appeared first on SecurityWeek.

Hackers breach Toptal GitHub account, publish malicious npm packages

Hackers compromised Toptal’s GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index. […]

New York Seeking Public Opinion on Water Systems Cyber Regulations

The proposed cyber regulations include the implementation of incident reporting, response plans, and cybersecurity controls, training, and certification of compliance.

The post New York Seeking Public Opinion on Water Systems Cyber Regulations appeared first on SecurityWeek.

GRC Firm Vanta Raises $150 Million at $4.15 Billion Valuation

Risk management and compliance solutions provider Vanta has raised more than $500 million since 2021.

The post GRC Firm Vanta Raises $150 Million at $4.15 Billion Valuation appeared first on SecurityWeek.

Clorox Sues Cognizant for $380 Million Over 2023 Hack

Clorox is blaming Congnizat for the 2023 cyberattack, claiming that the IT provided handed over passwords to the hackers.

The post Clorox Sues Cognizant for $380 Million Over 2023 Hack appeared first on SecurityWeek.

Cyber News