TeamFiltration Abused in Entra ID Account Takeover Campaign

/in

Threat actors have abused the TeamFiltration pentesting framework to target over 80,000 Entra ID user accounts.

The post TeamFiltration Abused in Entra ID Account Takeover Campaign appeared first on SecurityWeek.

SecurityWeek – ​Read More

Cyberattacks on Humanitarian Orgs Jump Worldwide

/in

These groups suffered three times the cyberattacks as the year previous, with DDoS attacks dominating and vulnerability scans and SQL injection also more common.

darkreading – ​Read More

Red team AI now to build safer, smarter models tomorrow

/in

AI Red Teaming and Adversarial Testing: Stress-Testing AI Security Defenses

AI models are under attack. Traditional defenses are failing. Discover why red teaming is crucial for thwarting adversarial threats.Read More

Security News | VentureBeat – ​Read More

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

/in

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of an unnamed utility billing software provider.
“This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp

The Hacker News – ​Read More

Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday

/in

Industry professionals comment on the Trump administration’s new executive order on cybersecurity. 

The post Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday appeared first on SecurityWeek.

SecurityWeek – ​Read More

SimpleHelp Vulnerability Exploited Against Utility Billing Software Users

/in

CISA warns that vulnerable SimpleHelp RMM instances have been exploited against a utility billing software provider’s customers.

The post SimpleHelp Vulnerability Exploited Against Utility Billing Software Users appeared first on SecurityWeek.

SecurityWeek – ​Read More

Fog Ransomware Attack Employs Unusual Tools

/in

Multiple legitimate, unusual tools were used in a Fog ransomware attack, including one employed by Chinese hacking group APT41.

The post Fog Ransomware Attack Employs Unusual Tools appeared first on SecurityWeek.

SecurityWeek – ​Read More

Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking

/in

Mitel has announced patches for a MiCollab path traversal vulnerability that can be exploited remotely without authentication.

The post Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking appeared first on SecurityWeek.

SecurityWeek – ​Read More

Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware

/in

Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks.
The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1,

The Hacker News – ​Read More

Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption

/in

Trend Micro patches critical-severity Apex Central and Endpoint Encryption PolicyServer flaws leading to remote code execution.

The post Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption appeared first on SecurityWeek.

SecurityWeek – ​Read More