Malware & Threats
The number of internet-exposed Palo Alto firewalls is dropping, but 2,000 have been compromised, according to Shadowserver Foundation.
Hi, what are you looking for?
SecurityWeek
Malware & Threats
Researchers identify a previously unknown ClickFix variant exploiting PowerShell and clipboard hijacking to deliver the Lumma infostealer via a compromised travel site.
Malware & Threats
A critical Langflow vulnerability tracked as CVE-2025-3248 has been exploited to ensnare devices in the Flodrix botnet.
Malware & Threats
Threat actors have abused the TeamFiltration pentesting framework to target over 80,000 Entra ID user accounts.
Malware & Threats
CISA warns that vulnerable SimpleHelp RMM instances have been exploited against a utility billing software provider’s customers.
Malware & Threats
Apple rushes out out major macOS and iOS security updates to cover a pair of vulnerabilities already being exploited in the wild.
Malware & Threats
Palo Alto Networks has released patches and CVEs for the firewall zero-days exploited in what the company calls Operation Lunar Peek.
Malware & Threats
The saga of VMWare’s critical CVE-2024-38812 vCenter Server bug has reached the “exploitation detected” stage.
Malware & Threats
A zero-day vulnerability affecting five discontinued GeoVision product models has been exploited by a botnet.
Malware & Threats
The DeepData malware framework was seen exploiting a Fortinet VPN client for Windows zero-day that remains unpatched.
Malware & Threats
The Glove Stealer malware leverages a recently disclosed App-Bound encryption bypass method in attacks.
Malware & Threats
The Chinese APT behind the LightSpy iOS backdoor has expanded its toolset with DeepData, a modular Windows-based surveillance framework.
Malware & Threats
Most of the top frequently exploited vulnerabilities in 2023 were initially exploited as zero-days, according to data from government agencies.
Malware & Threats
Patch Tuesday: Microsoft patches 90 security flaws across the Windows ecosystem and warns of zero-day exploitation and code execution risks.
Malware & Threats
Adobe patches critical-severity bugs in multiple products, including the Adobe Commerce and Magento Open Source platforms.
Funding/M&A
Malwarebytes has acquired Sweden-based privacy-focused VPN provider AzireVPN to expand its product offerings.
Malware & Threats
North Korean cryptocurrency thieves caught targeting macOS with fake PDF applications, backdoors and new persistence tactics.
Malware & Threats
Impersonating legitimate software such as Foxit PDF Editor and AutoCAD, the SteelFox crimeware bundle steals user information.
Malware & Threats
ToxicPanda is a China-linked Android banking trojan spotted targeting over a dozen banks in Europe and Latin America.
Malware & Threats
CyberPanel vulnerabilities have been exploited to compromise thousands of instances as part of ransomware attacks.
Malware & Threats
The FakeCall Android banking trojan now employs advanced evasion tactics and expanded surveillance capabilities, posing heightened risks for banks and enterprises.
Malware & Threats
Authorities announce server shutdowns, domain seizures, and arrests in RedLine and Meta infostealers takedown operation.
Malware & Threats
Google has uncovered a Russian cyberespionage and influence campaign targeting Ukrainian military recruits.
Funding/M&A
French startup scores investments from Insight Partners, Accel and Moonfire, bringing the total raised to $56 million.
Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.
RegisterLearn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.
RegisterExpert Insights
Adopting a layered defense strategy that includes human-centric tools and updating security components.
(Stu Sjouwerman)
A strong AI deployment starts with asking the right questions, mapping your risks, and thinking like an adversary — before it’s too late.
(Matt Honea)
It’s time for enterprises to stop treating unmanaged devices as an edge case and start securing them as part of a unified Zero Trust strategy.
(Etay Maor)
Many security professionals feel pressured to pursue leadership roles, but success can also mean going deeper, not just higher.
(Joshua Goldfarb)
AI is transforming the cybersecurity landscape—empowering attackers with powerful new tools while offering defenders a chance to fight back. But without stronger awareness and strategy, organizations risk falling behind.
(Trevin Edgeworth)