A help desk phishing campaign targets an organization’s Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA) protections. […]
AMD fixes bug that lets hackers load malicious microcode patches
AMD has released mitigation and firmware updates to address a high-severity vulnerability that can be exploited to load malicious CPU microcode on unpatched devices. […]
CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks
The US Cybersecurity & Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies and large organizations to apply the available security updates as soon as possible. […]
How Agentic AI will be Weaponized for Social Engineering Attacks
With each passing year, social engineering attacks are becoming bigger and bolder thanks to rapid advancements in artificial intelligence.
The post How Agentic AI will be Weaponized for Social Engineering Attacks appeared first on SecurityWeek.
Spain arrests suspected hacker of US and Spanish military agencies
The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities. […]
Hacker Conversations: David Kennedy – an Atypical Typical Hacker
David Kennedy is a hacker. There is no doubt about that. He has qualities common among hackers, but also many differences.
The post Hacker Conversations: David Kennedy – an Atypical Typical Hacker appeared first on SecurityWeek.
How attackers abuse S3 Bucket Namesquatting — And How to Stop Them
AWS S3 bucket names are global with predictable names that can be exploited in “S3 bucket namesquatting” attacks to access or hijack S3 buckets. In this article, Varonis explains how these attacks work and how you can prevent them. […]
Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign
The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems.
According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of
According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of
Cyber Insights 2025: OT Security
Just as OT technology differs from IT technology, the threats, likely adversaries, and potential harm also differ.
The post Cyber Insights 2025: OT Security appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 45 Deals Announced in January 2025
A significant number of cybersecurity-related merger and acquisition (M&A) deals announced in January 2025.
The post Cybersecurity M&A Roundup: 45 Deals Announced in January 2025 appeared first on SecurityWeek.