Security Week
ESET Vulnerability Exploited for Stealthy Malware Execution
A sophisticated APT tracked as ToddyCat has exploited an ESET DLL search order hijacking vulnerability for malware delivery.
The post ESET Vulnerability Exploited for Stealthy Malware Execution appeared first on SecurityWeek.
Corsha Raises $18 Million to Enhance and Extend Machine-to-Machine Security
The new funds will be used to extend Corsha’s reach into critical infrastructure and further improve its own use of AI.
The post Corsha Raises $18 Million to Enhance and Extend Machine-to-Machine Security appeared first on SecurityWeek.
Tailscale Raises $160 Million for Secure Networking Platform
Tailscale’s new Series C funding round brings the total raised by the company for its secure networking platform to $275 million.
The post Tailscale Raises $160 Million for Secure Networking Platform appeared first on SecurityWeek.
Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk
More than 5,000 Ivanti Connect Secure appliances are vulnerable to attacks exploiting CVE-2025-22457, which has been used by Chinese hackers.
The post Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk appeared first on SecurityWeek.
Android Update Patches Two Exploited Vulnerabilities
Android’s latest security update resolves two exploited Kernel vulnerabilities, as well as critical-severity bugs.
The post Android Update Patches Two Exploited Vulnerabilities appeared first on SecurityWeek.
Threat Actors Setting Up Persistent Access to Hosts Hacked in CrushFTP Attacks
Huntress has shared details on the post-exploitation activities of threat actors targeting the recent CrushFTP vulnerability.
The post Threat Actors Setting Up Persistent Access to Hosts Hacked in CrushFTP Attacks appeared first on SecurityWeek.
PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry
As PCI DSS 4.0.1 comes into force, it shows the power of industry collaboration in cybersecurity.
The post PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry appeared first on SecurityWeek.
Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows
Experimental Sec-Gemini v1 touts a combination of Google’s Gemini LLM capabilities with real-time security data and tooling from Mandiant.
The post Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows appeared first on SecurityWeek.
CRM, Bulk Email Providers Targeted in Crypto Phishing Campaign
‘PoisonSeed’ phishing campaign targets CRM and bulk email providers to distribute “crypto seed phrase” messages.
The post CRM, Bulk Email Providers Targeted in Crypto Phishing Campaign appeared first on SecurityWeek.
NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog
NIST has marked pre-2018 CVEs in NVD as ‘Deferred’ and will no longer spend resources on enriching them.
The post NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog appeared first on SecurityWeek.
Industry Moves for the week of April 7, 2025 - SecurityWeek
Port of Seattle Says 90,000 People Impacted by Ransomware Attack
The Port of Seattle says the personal information of 90,000 individuals was stolen in an August 2024 ransomware attack.
The post Port of Seattle Says 90,000 People Impacted by Ransomware Attack appeared first on SecurityWeek.
Suspected Scattered Spider Hacker Pleads Guilty
A 20-year-old arrested last year and charged alongside others believed to be members of Scattered Spider has pleaded guilty.
The post Suspected Scattered Spider Hacker Pleads Guilty appeared first on SecurityWeek.
Call Records of Millions Exposed by Verizon App Vulnerability
A patch has been released for a serious information disclosure vulnerability affecting a Verizon call filtering application.
The post Call Records of Millions Exposed by Verizon App Vulnerability appeared first on SecurityWeek.
In Other News: Apple Improving Malware Detection, Cybersecurity Funding, Cyber Command Chief Fired
Noteworthy stories that might have slipped under the radar: Apple adding TCC events to Endpoint Security, cybersecurity funding report for Q1 2025, Trump fires the head of NSA and Cyber Command.
The post In Other News: Apple Improving Malware Detection, Cybersecurity Funding, Cyber Command Chief Fired appeared first on SecurityWeek.
State Bar of Texas Says Personal Information Stolen in Ransomware Attack
The State Bar of Texas is notifying thousands of individuals that their personal information was stolen in a February ransomware attack.
The post State Bar of Texas Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.
US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server Locations
US and allied countries warn of threat actors using the “fast flux” technique to change DNS records and hide malicious servers’ locations.
The post US, Allies Warn of Threat Actors Using ‘Fast Flux’ to Hide Server Locations appeared first on SecurityWeek.
Oracle Confirms Cloud Hack
Oracle has confirmed suffering a data breach but the tech giant is apparently trying to downplay the impact of the incident.
The post Oracle Confirms Cloud Hack appeared first on SecurityWeek.
Critical Apache Parquet Vulnerability Leads to Remote Code Execution
A critical vulnerability in Apache Parquet can be exploited to execute arbitrary code remotely, leading to complete system compromise.
The post Critical Apache Parquet Vulnerability Leads to Remote Code Execution appeared first on SecurityWeek.
Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack
Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.
The post Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack appeared first on SecurityWeek.