Oracle has denied that Cloud systems have been breached after a hacker claimed to have stolen millions of records.
The post Oracle Denies Cloud Breach After Hacker Offers to Sell Data appeared first on SecurityWeek.
Russian Firm Offers $4 Million for Telegram Exploits
A Russian exploit acquisition firm says it is willing to pay up to $4 million for full-chain exploits targeting the popular messaging service Telegram. The firm, Operation Zero, is known for selling zero-day exploits exclusively to Russian government and private organizations. On March 20, the exploit broker announced on X that it was offering up […]
The post Russian Firm Offers $4 Million for Telegram Exploits appeared first on SecurityWeek.
VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics
A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025.
“The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit. Affiliates keep 80% of the ransom payments, while the core operators earn 20%,” Check Point said in a report published over the weekend
“The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit. Affiliates keep 80% of the ransom payments, while the core operators earn 20%,” Check Point said in a report published over the weekend
Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks
Acronis Threat Research found 2M+ malicious URLs & 5,000+ malware instances in Microsoft 365 backup data—demonstrating how built-in security isn’t always enough. Don’t let threats persist in your cloud data. Strengthen your defenses. […]
Webinar Tomorrow: Which Security Testing Approach is Right for You?
Understand whether BAS, Automated Penetration Testing, or the combined approach of Adversarial Exposure Validation (AEV) aligns best with your organization’s unique security needs.
The post Webinar Tomorrow: Which Security Testing Approach is Right for You? appeared first on SecurityWeek.
US Lifts Sanctions Against Crypto Mixer Tornado Cash
The US Department of the Treasury has removed sanctions against the fully decentralized cryptocurrency mixer service Tornado Cash.
The post US Lifts Sanctions Against Crypto Mixer Tornado Cash appeared first on SecurityWeek.
FCC Probes Whether Banned Chinese Telecom Providers Still Operating in US
The FCC is investigating whether Chinese firms such as Huawei, ZTE and China Telecom are still operating in the US.
The post FCC Probes Whether Banned Chinese Telecom Providers Still Operating in US appeared first on SecurityWeek.
Medusa Ransomware Uses Malicious Driver to Disable Security Tools
The Medusa ransomware relies on a malicious Windows driver to disable the security tools running on the infected systems.
The post Medusa Ransomware Uses Malicious Driver to Disable Security Tools appeared first on SecurityWeek.
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects.
That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad
That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad
VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware
Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that’s under development to its users.
The extensions, named “ahban.shiba” and “ahban.cychelloworld,” have since been taken down by the marketplace maintainers.
Both the extensions, per ReversingLabs, incorporate code that’s designed to invoke a
The extensions, named “ahban.shiba” and “ahban.cychelloworld,” have since been taken down by the marketplace maintainers.
Both the extensions, per ReversingLabs, incorporate code that’s designed to invoke a