A large-scale phishing campaign targets WooCommerce users with a fake security alert urging them to download a “critical patch” that adds a WordPress backdoor to the site. […]
Cynomi Raises $37 Million Series B to Expand Its vCISO Platform
Cynomi announced a new $37 million Series B funding to grow its AI-powered vCISO platform for MSPs and MSSPs.
The post Cynomi Raises $37 Million Series B to Expand Its vCISO Platform appeared first on SecurityWeek.
ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion
Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS.
The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN).
“LAGTOY can be
The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN).
“LAGTOY can be
Browser Security Firm SquareX Raises $20 Million
SquareX offers what it has dubbed a “Browser Detection and Response (BDR)” solution.
The post Browser Security Firm SquareX Raises $20 Million appeared first on SecurityWeek.
Windows 11’s Recall AI is now rolling out on Copilot+ PCs
Microsoft has confirmed that Windows Recall is rolling out to everyone with Windows 11 KB5055627 on Copilot+ PCs. […]
Windows 11 KB5055627 update released with 30 new changes, fixes
Microsoft has released the KB5055627 preview cumulative update for Windows 11 24H2 with many new features gradually rolling out, and some new bug fixes for everyone. […]
Craft CMS RCE exploit chain used in zero-day attacks to steal data
Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. […]
Marks & Spencer pauses online orders after cyberattack
British retailer giant Marks & Spencer (M&S) has suspended online orders while working to recover from a recently disclosed cyberattack. […]
Mobile provider MTN says cyberattack compromised customer data
African mobile giant MTN Group announced that a cybersecurity incident has compromised the personal information of some of its subscribers in certain countries. […]
Windows “inetpub” security fix can be abused to block future updates
A recent Windows security update that creates an ‘inetpub’ folder has introduced a new weakness allowing attackers to prevent the installation of future updates. […]