A large-scale ad fraud operation called ‘Scallywag’ is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests. […]
Kenzo Security Raises $4.5 Million for Agentic AI Security Operations Platform
Kenzo Security has emerged from stealth mode after 18 months of developing its agentic AI security platform.
The post Kenzo Security Raises $4.5 Million for Agentic AI Security Operations Platform appeared first on SecurityWeek.
Bot Traffic Surpasses Humans Online—Driven by AI and Criminal Innovation
With 51% of internet traffic now bot-driven and a growing share of it malicious, organizations must prepare for an era of more evasive, AI-assisted automation.
The post Bot Traffic Surpasses Humans Online—Driven by AI and Criminal Innovation appeared first on SecurityWeek.
5 Reasons Device Management Isn’t Device Trust
The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.
The solution is more complex. For this article, we’ll focus on the device threat vector. The risk they pose is significant, which is why device
Countries Shore Up Their Digital Defenses as Global Tensions Raise the Threat of Cyberwarfare
Countries around the world are preparing for greater digital conflict as increasing global tensions and a looming trade war have raised the stakes.
The post Countries Shore Up Their Digital Defenses as Global Tensions Raise the Threat of Cyberwarfare appeared first on SecurityWeek.
⚡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More
Can a harmless click really lead to a full-blown cyberattack?
Surprisingly, yes — and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps — like a misconfigured pipeline, a trusted browser feature,
Surprisingly, yes — and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps — like a misconfigured pipeline, a trusted browser feature,
Lantronix Device Used in Critical Infrastructure Exposes Systems to Remote Hacking
Lantronix’s XPort device is affected by a critical vulnerability that can be used for takeover and disruption, including in the energy sector.
The post Lantronix Device Used in Critical Infrastructure Exposes Systems to Remote Hacking appeared first on SecurityWeek.
Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
Cybersecurity researchers have disclosed a surge in “mass scanning, credential brute-forcing, and exploitation attempts” originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66.
The activity, detected since January 8, 2025, targeted organizations worldwide, according to a two-part analysis published by Trustwave SpiderLabs last week.
“Net
The activity, detected since January 8, 2025, targeted organizations worldwide, according to a two-part analysis published by Trustwave SpiderLabs last week.
“Net
Phishers abuse Google OAuth to spoof Google in DKIM replay attack
In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google’s systems, passing all verifications but pointing to a fraudulent page that collected logins. […]
State-sponsored hackers embrace ClickFix social engineering tactic
ClickFix attacks are being increasingly adopted by threat actors of all levels, with researchers now seeing multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia utilizing the tactic to breach networks. […]