APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware

/in

An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India’s public sector postal system as part of a campaign designed to infect both Windows and Android users in the country.
Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which is also known as

The Hacker News – ​Read More

Defense Contractor MORSE to Pay $4.6M to Settle Cybersecurity Failure Allegations

/in

US defense contractor MORSE Corp has agreed to pay $4.6 million to settle allegations over its cybersecurity failures. 

The post Defense Contractor MORSE to Pay $4.6M to Settle Cybersecurity Failure Allegations appeared first on SecurityWeek.

SecurityWeek – ​Read More

Ransomware Groups Increasingly Adopting EDR Killer Tools

/in

ESET uncovers a link between RansomHub, Play, Medusa, and BianLian ransomware gangs as more groups adopt tools to disable EDR software.

The post Ransomware Groups Increasingly Adopting EDR Killer Tools appeared first on SecurityWeek.

SecurityWeek – ​Read More

New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It

/in

Whether it’s CRMs, project management tools, payment processors, or lead management tools – your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more.
A new report, Understanding SaaS Security Risks: Why

The Hacker News – ​Read More

T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit

/in

T-Mobile paid $33 million in a private arbitration process over a SIM swap attack leading to cryptocurrency theft.

The post T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit appeared first on SecurityWeek.

SecurityWeek – ​Read More

Aussie Fintech Vroom Exposes Thousands of Records After AWS Misconfiguration

/in

Cybersecurity researcher Jeremiah Fowler discovered a data exposure at Australian fintech Vroom by YouX, exposing 27,000 records, including driver’s licenses, bank statements, and more.

Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – ​Read More

AI Security Firm Straiker Emerges From Stealth With $21M in Funding

/in

Straiker has emerged from stealth mode with a solution designed to help enterprises secure AI agents and applications.

The post AI Security Firm Straiker Emerges From Stealth With $21M in Funding appeared first on SecurityWeek.

SecurityWeek – ​Read More

More Solar System Vulnerabilities Expose Power Grids to Hacking 

/in

Forescout has found dozens of vulnerabilities in solar power systems from Sungrow, Growatt and SMA.

The post More Solar System Vulnerabilities Expose Power Grids to Hacking  appeared first on SecurityWeek.

SecurityWeek – ​Read More

High-Severity Cloud Security Alerts Tripled in 2024

/in

Attackers aren’t just spending more time targeting the cloud — they’re ruthlessly stealing more sensitive data and accessing more critical systems than ever before.

darkreading – ​Read More

Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!

/in

Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim’s system.
Here are the top three Microsoft Office-based exploits still making the rounds this year and what you need to know to avoid them.
1.

The Hacker News – ​Read More