Entertainment venue management firm Legends International warns it suffered a data breach in November 2024, which has impacted employees and people who visited venues under its management. […]
Windows NTLM hash leak flaw exploited in phishing attacks on governments
A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. […]
Chrome extensions with 6 million installs have hidden tracking code
A set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky capabilities, such as monitoring browsing behavior, accessing cookies for domains, and potentially executing remote scripts. […]
Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects
Minh Phuong Ngoc Vong pleaded guilty to defrauding US companies of roughly $1 million in a fake IT worker scheme.
The post Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects appeared first on SecurityWeek.
Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware.
This includes updated versions of a known backdoor called TONESHELL, as well as a new lateral movement
This includes updated versions of a known backdoor called TONESHELL, as well as a new lateral movement
Ahold Delhaize confirms data theft after INC ransomware claims attack
Food retail giant Ahold Delhaize confirms that data was stolen from its U.S. business systems during a November 2024 cyberattack. […]
CTM360 Tracks Global Surge in SMS-Based Reward and Toll Scams
Thousands tricked by fake reward & toll scam texts. CTM360 exposes PointyPhish & TollShark—SMS phishing campaigns powered by the Darcula PhaaS platform, with 5K+ domains stealing payment info worldwide. […]
Microsoft: Office 2016 and Office 2019 reach end of support in October
Microsoft has reminded customers that Office 2016 and Office 2019 will reach the end of extended support six months from now, on October 14, 2025. […]
Demystifying Security Posture Management
While the Security Posture Management buzz is real, its long-term viability depends on whether it can deliver measurable outcomes without adding more complexity.
The post Demystifying Security Posture Management appeared first on SecurityWeek.
Vulnerabilities Patched in Atlassian, Cisco Products
Atlassian and Cisco have released patches for multiple high-severity vulnerabilities, including remote code execution bugs.
The post Vulnerabilities Patched in Atlassian, Cisco Products appeared first on SecurityWeek.