Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

/in

A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers’ systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network tunneling.
“QLNX targets developers and DevOps credentials across the software supply chain,”

The Hacker News – ​Read More

Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants

/in

The hackers gained the ability to modify equipment operational parameters, creating a direct risk to the public water supply.

The post Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants appeared first on SecurityWeek.

SecurityWeek – ​Read More

AI Firm Braintrust Prompts API Key Rotation After Data Breach

/in

Hackers accessed one of the company’s AWS accounts and compromised AI provider secrets stored in Braintrust.

The post AI Firm Braintrust Prompts API Key Rotation After Data Breach appeared first on SecurityWeek.

SecurityWeek – ​Read More

One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk

/in

The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report investigating more than 25 million security alerts, including informational and low-severity, across live enterprise environments. 
The dataset behind these findings includes 10 million monitored

The Hacker News – ​Read More

New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

/in

Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that’s being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called “darkworm.”
The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exploitation toolkit that enables persistent SSH access by means of a magic password and specific TCP port combination.

The Hacker News – ​Read More

Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom

/in

A system that thousands of schools and universities use went offline due to a cyberattack, creating chaos as students tried to study for finals.

The post Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom appeared first on SecurityWeek.

SecurityWeek – ​Read More

Ransomware Group Takes Credit for Trellix Hack

/in

RansomHouse has published several screenshots to demonstrate access to internal Trellix services.

The post Ransomware Group Takes Credit for Trellix Hack appeared first on SecurityWeek.

SecurityWeek – ​Read More

‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials

/in

The malware framework targets web applications and cloud environments, including AWS, Docker, Kubernetes, and more.

The post ‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials appeared first on SecurityWeek.

SecurityWeek – ​Read More

Meet Rassvet, Russia’s Answer to Starlink

/in

With the launch of the first 16 satellites, Russia begins construction of a network for satellite internet that aims to cover the entire country by 2030. But getting there won’t be easy.

Security Latest – ​Read More

Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

/in

CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code.

The post Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek.

SecurityWeek – ​Read More