EU Targets Russian Intelligence Officers Accused of Running a Yearslong Cyber Spying Campaign

The move targeted people and entities accused of links to an online spying network that the EU claims targeted governments and carried out sabotage operations against critical infrastructure.

The post EU Targets Russian Intelligence Officers Accused of Running a Yearslong Cyber Spying Campaign appeared first on SecurityWeek.

SecurityWeek – ​Read More

A Leak of San Francisco Police Drone Footage Exposes the New Reality of Urban Surveillance

The SFPD’s exposure of hours of videos from drone platform Skydio reveals how broadly it’s watching the city from above—and how the results can spill online.

Security Latest – ​Read More

Organizations Warned of Exploited Joomla Extension Vulnerabilities

Threat actors have been targeting Balbooa Forms and iCagenda Joomla extension flaws for remote code execution.

The post Organizations Warned of Exploited Joomla Extension Vulnerabilities appeared first on SecurityWeek.

SecurityWeek – ​Read More

Zimbra Patches Critical Code Execution Vulnerability

The flaw results in malicious code embedded in crafted emails being executed when the emails are opened.

The post Zimbra Patches Critical Code Execution Vulnerability appeared first on SecurityWeek.

SecurityWeek – ​Read More

Centers Laboratory Data Breach Affects 540,000 Individuals

The WorldLeaks extortion group claimed to have stolen 720 GB of data from the healthcare testing and laboratory services provider.

The post Centers Laboratory Data Breach Affects 540,000 Individuals appeared first on SecurityWeek.

SecurityWeek – ​Read More

Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365

An attacker running a live Microsoft 365 phishing operation left a Python web server listening on a public port with directory listing switched on. The command that did it: python3 -m http.server 8080, was still sitting in the readable .bash_history.

From that one lapse, French security firm Lexfo lifted the operator’s entire toolkit and pivoted through it to two more

The Hacker News – ​Read More

Progress Prompts ShareFile Storage Zone Controller Shutdown Amid Security Concerns

The company notified customers to manually shut down their servers while it is investigating a credible threat.

The post Progress Prompts ShareFile Storage Zone Controller Shutdown Amid Security Concerns appeared first on SecurityWeek.

SecurityWeek – ​Read More

iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa extensions for Joomla to its Known Exploited Vulnerabilities (KEV) catalog, following reports of zero-day exploitation in the wild.

The vulnerabilities, both rated 10.0 on the CVSS scoring system, are below –

CVE-2026-48939 – A vulnerability in the

The Hacker News – ​Read More

The best email hosting for small businesses in 2026: Expert tested

I tested Google Workspace, Proton Mail, Microsoft 365, Fastmail, and Spike to find the best email hosting for freelancers and remote teams in 2026.

Latest news – ​Read More

Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries a preinstall hook that drops and executes a native binary, one build each for Windows, macOS, and Linux.

Socket flagged the release six minutes after it was published. If you or one of your

The Hacker News – ​Read More