A critical Samlify authentication bypass vulnerability has been discovered that allows attackers to impersonate admin users by injecting unsigned malicious assertions into legitimately signed SAML responses. […]
Russian hackers breach orgs to track aid routes to Ukraine
A Russian state-sponsored cyberespionage campaign attributed to APT28 (Fancy Bear/Forest Blizzard) hackers has been targeting and compromising international organizations since 2022 to disrupt aid efforts to Ukraine. […]
CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine
Russian military intelligence hackers intensify targeting of Western logistics and technology companies moving supplies into Ukraine.
The post CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine appeared first on SecurityWeek.
Russia to enforce location tracking app on all foreigners in Moscow
The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. […]
Microsoft Sinkholes Domains, Disrupts Notorious ‘Lumma Stealer’ Malware Operation
Redmond’s threat hunters found 394,000 Windows systems talking to Lumma controllers, a victim pool included global manufacturers.
The post Microsoft Sinkholes Domains, Disrupts Notorious ‘Lumma Stealer’ Malware Operation appeared first on SecurityWeek.
Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics
Russian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022.
The activity has been assessed to be orchestrated by APT28 (aka BlueDelta, Fancy Bear, or Forest Blizzard), which is linked to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, Military Unit 26165.
The activity has been assessed to be orchestrated by APT28 (aka BlueDelta, Fancy Bear, or Forest Blizzard), which is linked to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, Military Unit 26165.
3AM ransomware uses spoofed IT calls, email bombing to breach networks
A 3AM ransomware affiliate is conducting highly targeted attacks using email bombing and spoofed IT support calls to socially engineer employees into giving credentials for remote access to corporate systems. […]
Lumma infostealer malware operation disrupted, 2,300 domains seized
Earlier this month, a coordinated disruption action targeting the Lumma malware-as-a-service (MaaS) information stealer operation seized thousands of domains, part of its infrastructure backbone worldwide. […]
Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway
More than 100 AutomationDirect MB-Gateway devices may be vulnerable to attacks from the internet due to CVE-2025-36535.
The post Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway appeared first on SecurityWeek.
Now Live: Threat Detection & Incident Response (TDIR) Summit
SecurityWeek’s 2025 Threat Detection & Incident Response (TDIR) Summit takes place as a virtual summit on Wednesday, May 21st.
The post Now Live: Threat Detection & Incident Response (TDIR) Summit appeared first on SecurityWeek.