Security Week
New ‘ResolverRAT’ Targeting Healthcare, Pharmaceutical Organizations
Organizations in the healthcare and pharmaceutical sectors have been targeted with ResolverRAT, a new malware family with advanced capabilities.
The post New ‘ResolverRAT’ Targeting Healthcare, Pharmaceutical Organizations appeared first on SecurityWeek.
AI Hallucinations Create a New Software Supply Chain Threat
Researchers uncover new software supply chain threat from LLM-generated package hallucinations.
The post AI Hallucinations Create a New Software Supply Chain Threat appeared first on SecurityWeek.
Industry Moves for the week of April 14, 2025 - SecurityWeek
Malicious NPM Packages Target Cryptocurrency, PayPal Users
Threat actors are publishing malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers.
The post Malicious NPM Packages Target Cryptocurrency, PayPal Users appeared first on SecurityWeek.
Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle
The CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices.
The post Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle appeared first on SecurityWeek.
Hackers Breach Morocco’s Social Security Database
The hackers who posted the documents on Telegram said the attack was in response to alleged Moroccan “harassment” of Algeria on social media platforms.
The post Hackers Breach Morocco’s Social Security Database appeared first on SecurityWeek.
Vulnerability in OttoKit WordPress Plugin Exploited in the Wild
A vulnerability in the OttoKit WordPress plugin with over 100,000 active installations has been exploited in the wild.
The post Vulnerability in OttoKit WordPress Plugin Exploited in the Wild appeared first on SecurityWeek.
In Other News: Scattered Spider Still Active, EncryptHub Unmasked, Rydox Extraditions
Noteworthy stories that might have slipped under the radar: Scattered Spider still active despite arrests, hacker known as EncryptHub unmasked, Rydox admins extradited to US.
The post In Other News: Scattered Spider Still Active, EncryptHub Unmasked, Rydox Extraditions appeared first on SecurityWeek.
SonicWall Patches High-Severity Vulnerability in NetExtender
SonicWall has released fixes for three vulnerabilities in NetExtender for Windows, including a high-severity bug.
The post SonicWall Patches High-Severity Vulnerability in NetExtender appeared first on SecurityWeek.
1.6 Million People Impacted by Data Breach at Laboratory Services Cooperative
Laboratory Services Cooperative says the personal and medical information of 1.6 million was stolen in an October 2024 data breach.
The post 1.6 Million People Impacted by Data Breach at Laboratory Services Cooperative appeared first on SecurityWeek.
China Admitted to US That It Conducted Volt Typhoon Attacks: Report
In a secret meeting between Chinese and US officials, the former confirmed conducting cyberattacks on US infrastructure.
The post China Admitted to US That It Conducted Volt Typhoon Attacks: Report appeared first on SecurityWeek.
Rising Tides: Bryson Bort on Cyber Entrepreneurship and the Needed Focus on Critical Infrastructure
Very few people in the cybersecurity industry do not know, or know of, Bryson Bort. Yes, he’s the CEO/Founder of SCYTHE, but he’s also the co-founder of ICS Village (the next one at RSA Conference from April 28 to May 1, 2025). This event, and all of our industry’s attention on critical infrastructure, is pivotal […]
The post Rising Tides: Bryson Bort on Cyber Entrepreneurship and the Needed Focus on Critical Infrastructure appeared first on SecurityWeek.
Europol Targets Customers of Smokeloader Pay-Per-Install Botnet
Law enforcement agencies in multiple countries have announced the arrests of users of the malicious Smokeloader botnet.
The post Europol Targets Customers of Smokeloader Pay-Per-Install Botnet appeared first on SecurityWeek.
Trump Revokes Security Clearance for Ex-CISA Director Chris Krebs
Trump orders a termination of any active security clearances held by Krebs and a suspension of clearances held by individuals at SentinelOne.
The post Trump Revokes Security Clearance for Ex-CISA Director Chris Krebs appeared first on SecurityWeek.
Juniper Networks Patches Dozens of Junos Vulnerabilities
Juniper Networks has patched two dozen vulnerabilities in Junos OS and Junos OS Evolved, and dozens of flaws in Junos Space third-party dependencies.
The post Juniper Networks Patches Dozens of Junos Vulnerabilities appeared first on SecurityWeek.
Study Identifies 20 Most Vulnerable Connected Devices of 2025
Routers are the riskiest devices in enterprise networks as they contain the most critical vulnerabilities, a new Forescout report shows.
The post Study Identifies 20 Most Vulnerable Connected Devices of 2025 appeared first on SecurityWeek.
GitHub Announces General Availability of Security Campaigns
GitHub security campaigns make it easier for developers and security teams to collaborate on fixing vulnerabilities in their applications.
The post GitHub Announces General Availability of Security Campaigns appeared first on SecurityWeek.
Nissan Leaf Hacked for Remote Spying, Physical Takeover
Researchers find vulnerabilities that can be exploited to remotely take control of a Nissan Leaf’s functions, including physical controls.
The post Nissan Leaf Hacked for Remote Spying, Physical Takeover appeared first on SecurityWeek.
Operations of Sensor Giant Sensata Disrupted by Ransomware Attack
Sensata has informed the SEC that shipping, manufacturing and other operations have been impacted by a ransomware attack.
The post Operations of Sensor Giant Sensata Disrupted by Ransomware Attack appeared first on SecurityWeek.
‘AkiraBot’ Spammed 80,000 Websites With AI-Generated Messages
CAPTCHA-evading Python framework AkiraBot has spammed over 80,000 websites with AI-generated spam messages.
The post ‘AkiraBot’ Spammed 80,000 Websites With AI-Generated Messages appeared first on SecurityWeek.