Russian Ransomware Gang Exploited Windows Zero-Day Before Patch

/in

Exploitation of Windows MMC zero-day is being pinned on a ransomware gang known as EncryptHub (an affiliate of RansomHub)

The post Russian Ransomware Gang Exploited Windows Zero-Day Before Patch appeared first on SecurityWeek.

SecurityWeek – ​Read More

Has GetReal cracked the code on AI deepfakes? $18M and an impressive client list says yes

/in

The proliferation of scarily realistic deepfakes is one of the more pernicious byproducts of the rise of AI, and falling victim to scams based on these deepfakes is already costing companies millions of dollars — not to mention the implications these could have on national security. A startup that’s built a toolset aimed at governments […]

Security News | TechCrunch – ​Read More

Next.js Middleware Flaw Lets Attackers Bypass Authorization

/in

Researchers have uncovered a critical vulnerability (CVE-2025-29927) in Next.js middleware, allowing authorization bypass. Learn about the exploit and fixes.

Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – ​Read More

AMTSO Releases Sandbox Evaluation Framework

/in

AMTSO has developed a Sandbox Evaluation Framework to standardize the testing of malware analysis solutions. 

The post AMTSO Releases Sandbox Evaluation Framework appeared first on SecurityWeek.

SecurityWeek – ​Read More

Groq and PlayAI just made voice AI sound way more human — here’s how

/in

Credit: VentureBeat made with Midjourney

Groq partners with PlayAI to deliver Dialog, an emotionally intelligent text-to-speech model that runs 10x faster than real-time speech, including the Middle East’s first Arabic voice AI model.Read More

Security News | VentureBeat – ​Read More

Island Banks $250M Series E for Enterprise Browser

/in

The late-stage startup said the round was led Coatue Management and brings Island’s total external funding to approximately $730 million.

The post Island Banks $250M Series E for Enterprise Browser appeared first on SecurityWeek.

SecurityWeek – ​Read More

Beyond STIX: Next-Level Cyber-Threat Intelligence

/in

While industry experts continue to analyze, interpret, and act on threat data, the complexity of cyber threats necessitates solutions that can quickly convert expert knowledge into machine-readable formats.

darkreading – ​Read More

RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment

/in

The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor’s tradecraft.
The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt.
RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating

The Hacker News – ​Read More

‘Lucid’ Phishing-as-a-Service Exploits Faults in iMessage, Android RCS

/in

Cybercriminals in China have figured out how to undermine the strengths of mobile messaging protocols.

darkreading – ​Read More

EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware

/in

The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC.
“In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious payload,

The Hacker News – ​Read More