Webinar: Learn How ASPM Transforms Application Security from Reactive to Proactive

/in

Are you tired of dealing with outdated security tools that never seem to give you the full picture? You’re not alone.
Many organizations struggle with piecing together scattered information, leaving your apps vulnerable to modern threats. That’s why we’re excited to introduce a smarter, unified approach: Application Security Posture Management (ASPM).
ASPM brings together the best of both

The Hacker News – ​Read More

18,000 Organizations Impacted by NTT Com Data Breach

/in

NTT Communications Corporation has disclosed a data breach impacting the information of nearly 18,000 customer organizations.

The post 18,000 Organizations Impacted by NTT Com Data Breach appeared first on SecurityWeek.

SecurityWeek – ​Read More

FBI says scammers are targeting US executives with fake BianLian ransom notes

/in

The FBI is warning that scammers are impersonating the BianLian ransomware gang using fake ransom notes sent to U.S. corporate executives. The fake ransom notes, first reported by U.S. cybersecurity company GuidePoint Security, claim that hackers have gained access to an organization’s network to steal sensitive data, and threaten to publish the stolen data unless […]

© 2024 TechCrunch. All rights reserved. For personal use only.

Security News | TechCrunch – ​Read More

U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website

/in

A coalition of international law enforcement agencies has seized the website associated with the cryptocurrency exchange Garantex (“garantex[.]org”), nearly three years after the service was sanctioned by the U.S. Treasury Department in April 2022.
“The domain for Garantex has been seized by the United States Secret Service pursuant to a seizure warrant obtained by the United States Attorney’s

The Hacker News – ​Read More

Medusa Ransomware Attacks Increase

/in

The number of Medusa ransomware attacks observed in the first two months of 2025 doubled compared to the same period last year.

The post Medusa Ransomware Attacks Increase appeared first on SecurityWeek.

SecurityWeek – ​Read More

This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions

/in

Cybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI) repository that’s equipped to steal a victim’s Ethereum private keys by impersonating popular libraries.
The package in question is set-utils, which has received 1,077 downloads to date. It’s no longer available for download from the official registry.
“Disguised as a simple utility for Python

The Hacker News – ​Read More

Edimax Camera Zero-Day Disclosed by CISA Exploited by Botnets

/in

Multiple Mirai-based botnets are exploiting CVE-2025-1316, an Edimax IP camera vulnerability that allows remote command execution.

The post Edimax Camera Zero-Day Disclosed by CISA Exploited by Botnets appeared first on SecurityWeek.

SecurityWeek – ​Read More

Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist

/in

Safe{Wallet} has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a “highly sophisticated, state-sponsored attack,” stating the North Korean threat actors behind the hack took steps to erase traces of the malicious activity in an effort to hamper investigation efforts.
The multi-signature (multisig) platform, which has roped in Google Cloud Mandiant to

The Hacker News – ​Read More

Intel Maps New vPro Chips to MITRE’s ATT&CK Framework

/in

The PC Security Stack Mappings project improves the security posture of corporate PCs by aligning each of the security features found in vPro PC and Core Ultra chips with the techniques described in MITRE’s ATT&CK.

darkreading – ​Read More

PHP-CGI RCE Flaw Exploited in Attacks on Japan’s Tech, Telecom, and E-Commerce Sectors

/in

Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025.
“The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines,” Cisco Talos researcher Chetan Raghuprasad said in a technical

The Hacker News – ​Read More