Microsoft announced today that the Windows 11 Notepad application is getting a text formatting feature supporting Markdown-style input. […]
Police takes down AVCheck site used by cybercriminals to scan malware
An international law enforcement operation has taken down AVCheck, a service used by cybercriminals to test whether their malware is detected by commercial antivirus software before deploying it in the wild. […]
Germany doxxes Conti ransomware and TrickBot ring leader
The Federal Criminal Police Office of Germany (Bundeskriminalamt or BKA) claims that Stern, the leader of the Trickbot and Conti cybercrime gangs, is a 36-year-old Russian named Vitaly Nikolaevich Kovalev. […]
Firebase, Google Apps Script Abused in Fresh Phishing Campaigns
Security researchers flag two phishing campaigns abusing Firebase and Google Apps Script to host malware and fake login pages.
The post Firebase, Google Apps Script Abused in Fresh Phishing Campaigns appeared first on SecurityWeek.
US Sanctions Philippine Company for Supporting Crypto Scams
The US Treasury Department US has slapped sanctions on Funnull Technology for providing support to cryptocurrency investment scams.
The post US Sanctions Philippine Company for Supporting Crypto Scams appeared first on SecurityWeek.
New EDDIESTEALER Malware Bypasses Chrome’s App-Bound Encryption to Steal Browser Data
A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages.
“This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as
“This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as
Getting Exposure Management Right: Insights from 500 CISOs
Pentesting isn’t just about finding flaws — it’s about knowing which ones matter. Pentera’s 2025 State of Pentesting report uncovers which assets attackers target most, where security teams are making progress, and which exposures still fly under the radar. Focus on reducing breach impact, not just breach count. […]
Watch Now: Why Context is a Secret Weapon in Application Security Posture Management
Join the live webinar to understand why data in itself is not enough to make informed decisions for prioritization.
The post Watch Now: Why Context is a Secret Weapon in Application Security Posture Management appeared first on SecurityWeek.
China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil
The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023.
“The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations,” Trend
“The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations,” Trend
Chinese Hacking Group APT41 Exploits Google Calendar to Target Governments
China-linked hackers used a compromised government site to target other government entities with the ToughProgress malware that uses an attacker-controlled Google Calendar for C&C.
The post Chinese Hacking Group APT41 Exploits Google Calendar to Target Governments appeared first on SecurityWeek.