99% of enterprise users have browser extensions but over half carry high-risk permissions. LayerX’s 2025 report reveals how everyday extensions expose sensitive data, and what security teams must do now. […]
Security Firm Andy Frain Says 100,000 People Impacted by Ransomware Attack
Andy Frain was targeted by the Black Basta ransomware group in 2024 and the hackers have stolen a wide range of information.
The post Security Firm Andy Frain Says 100,000 People Impacted by Ransomware Attack appeared first on SecurityWeek.
ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files
ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve remote code execution.
DriverHub is a tool that’s designed to automatically detect the motherboard model of a computer and display necessary driver updates for subsequent installation by communicating with a
DriverHub is a tool that’s designed to automatically detect the motherboard model of a computer and display necessary driver updates for subsequent installation by communicating with a
Google Agrees to $1.3 Billion Settlement in Texas Privacy Lawsuits
Google has agreed to a $1.375 billion settlement with Texas in lawsuits over location and private browsing tracking, and biometric data collection.
The post Google Agrees to $1.3 Billion Settlement in Texas Privacy Lawsuits appeared first on SecurityWeek.
⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams
What do a source code editor, a smart billboard, and a web server have in common? They’ve all become launchpads for attacks—because cybercriminals are rethinking what counts as “infrastructure.” Instead of chasing high-value targets directly, threat actors are now quietly taking over the overlooked: outdated software, unpatched IoT devices, and open-source packages. It’s not just clever—it’s
437,000 Impacted by Ascension Health Data Breach
Ascension Health has notified the HHS that more than 437,000 people were affected by a recently disclosed data breach.
The post 437,000 Impacted by Ascension Health Data Breach appeared first on SecurityWeek.
Asus DriverHub Vulnerabilities Expose Users to Remote Code Execution Attacks
Two vulnerabilities in ASUS’s pre-installed software DriverHub can be exploited for remote code execution.
The post Asus DriverHub Vulnerabilities Expose Users to Remote Code Execution Attacks appeared first on SecurityWeek.
US Deportation Airline GlobalX Confirms Hack
Global Crossing Airlines is investigating a cybersecurity incident after Anonymous hackers targeted its systems.
The post US Deportation Airline GlobalX Confirms Hack appeared first on SecurityWeek.
The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That
Detecting leaked credentials is only half the battle. The real challenge—and often the neglected half of the equation—is what happens after detection. New research from GitGuardian’s State of Secrets Sprawl 2025 report reveals a disturbing trend: the vast majority of exposed company secrets discovered in public repositories remain valid for years after detection, creating an expanding attack
German Authorities Take Down Crypto Swapping Service eXch
German authorities seized the servers of crypto-swapping service eXch for laundering approximately $1.9 billion in fraudulent assets.
The post German Authorities Take Down Crypto Swapping Service eXch appeared first on SecurityWeek.