SecurityWeek

Noteworthy stories that might have slipped under the radar: cryptojacker sentenced to prison, ECC.fail Rowhammer attack, and Microsoft limits China’s access to MAPP.

Silk Typhoon was seen exploiting n-day and zero-day vulnerabilities for initial access to victim systems.

Davis Lu was sentenced to four years in prison for installing malicious code on employer’s systems and for deleting encrypted data.

CPAP Medical Supplies and Services has disclosed a data breach resulting from an intrusion that occurred in December 2024.

AWS has addressed a vulnerability that could have been leveraged to bypass Trusted Advisor’s S3 bucket permissions check.

Between June and August, over 300 entities were targeted with the Atomic macOS Stealer via malvertising.

MITRE has updated the list of Most Important Hardware Weaknesses to align it with evolving hardware security challenges.

Colt Technology Services is working on restoring systems disrupted by a ransomware attack that involved data theft.

Noah Urban was sentenced to 10 years in prison for his role in the notorious cybercriminal operation known as Scattered Spider.

A researcher has tested nearly a dozen password managers and found that they were all vulnerable to clickjacking attacks.

Russian state-sponsored hackers tracked as Static Tundra continue to target Cisco devices affected by CVE-2018-0171.

Orange Belgium says hackers accessed data pertaining to 850,000 customer accounts during a July cyberattack.

Apple has rolled out iOS and macOS updates that resolve a zero-day vulnerability exploited in highly targeted attacks.

A $50,000 reward from Europol for two members of the Qilin ransomware group is a ‘scam’, according to the law enforcement agency.

Instead of GPT-5 Pro, your query could be quietly redirected to an older, weaker model, opening the door to jailbreaks, hallucinations, and unsafe outputs.

By focusing on fundamentals, enterprises can avoid the distraction of hype and build security programs that are consistent, resilient, and effective over the long run.

Elastic has found no evidence of a vulnerability leading to RCE after details and PoC of a Defend EDR bypass were published online.

The US Department of Justice has announced the takedown of the RapperBot botnet and charges against its American administrator.

Seemplicity announced a Series B funding round that will be used to create AI agents for its exposure management solution.

CERT/CC has disclosed the details of information exposure vulnerabilities in a Workhorse Software application after patches were released.