Collins Aerospace is reportedly having difficulties recovering from the ransomware attack.
The post European Airport Disruptions Caused by Ransomware Attack appeared first on SecurityWeek.
⚡ Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More
The security landscape now moves at a pace no patch cycle can match. Attackers aren’t waiting for quarterly updates or monthly fixes—they adapt within hours, blending fresh techniques with old, forgotten flaws to create new openings. A vulnerability closed yesterday can become the blueprint for tomorrow’s breach.
This week’s recap explores the trends driving that constant churn: how threat
This week’s recap explores the trends driving that constant churn: how threat
HoundBytes Launches Automated Security Analyst
The Romania-based company has launched WorkHorse and is preparing for a funding round to accelerate growth.
The post HoundBytes Launches Automated Security Analyst appeared first on SecurityWeek.
How to Gain Control of AI Agents and Non-Human Identities
We hear this a lot:
“We’ve got hundreds of service accounts and AI agents running in the background. We didn’t create most of them. We don’t know who owns them. How are we supposed to secure them?”
Every enterprise today runs on more than users. Behind the scenes, thousands of non-human identities, from service accounts to API tokens to AI agents, access systems, move data, and execute tasks
“We’ve got hundreds of service accounts and AI agents running in the background. We didn’t create most of them. We don’t know who owns them. How are we supposed to secure them?”
Every enterprise today runs on more than users. Behind the scenes, thousands of non-human identities, from service accounts to API tokens to AI agents, access systems, move data, and execute tasks
Widespread Infostealer Campaign Targeting macOS Users
Threat actors rely on malicious GitHub repositories to infect LastPass’s macOS users with the Atomic infostealer.
The post Widespread Infostealer Campaign Targeting macOS Users appeared first on SecurityWeek.
FBI Warns of Spoofed IC3 Website
Threat actors likely spoofed the official government website for personal information theft and monetary fraudulent activity.
The post FBI Warns of Spoofed IC3 Website appeared first on SecurityWeek.
Verified Steam game steals streamer’s cancer treatment donations
A gamer seeking financial support for cancer treatment lost $32,000 after downloading from Steam a verified game named Block Blasters that drained his cryptocurrency wallet. […]
Fortra Patches Critical GoAnywhere MFT Vulnerability
Tracked as CVE-2025-10035 (CVSS score of 10), the critical deserialization vulnerability could be exploited for command injection.
The post Fortra Patches Critical GoAnywhere MFT Vulnerability appeared first on SecurityWeek.
Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants
A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including Global Administrators, across any tenant.
The vulnerability, tracked as CVE-2025-55241, has been assigned the maximum CVSS score of 10.0. It has been described by Microsoft as a privilege escalation flaw in Azure Entra. There is no
The vulnerability, tracked as CVE-2025-55241, has been assigned the maximum CVSS score of 10.0. It has been described by Microsoft as a privilege escalation flaw in Azure Entra. There is no
Microsoft Entra ID flaw allowed hijacking any company’s tenant
A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. […]