Latest Cybersecurity News and Articles
RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
30 March 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched security flaw in Ivanti Connect Secure (ICS) appliances.
"RESURGE contains capabilities of the SPAWNCHIMERA malware variant, including surviving reboots; however, RESURGE contains distinctive commands that
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials
29 March 2025
Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey.
"Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging,"
Birthday freebies: how to cash in on UK retailers’ gifts and discounts
29 March 2025
Join a loyalty scheme and you often get a reward or discount on your special day – but it may have strings attachedCelebrating your birthday isn’t just about getting presents and cards from family and friends. Signing up to loyalty schemes and newsletters can give you access to a host of freebies, deals and discounts from retailers to mark the big day.With my birthday on the horizon I decided to look at what was on offer, and see which gifts came with some small print. Continue reading...
BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability
28 March 2025
In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process.
Resecurity said it identified a security vulnerability in the data leak site (DLS) operated by the e-crime group that made it possible to extract
Vulnerability affecting Next.js web development framework
28 March 2025
The NCSC is encouraging UK organisations to take immediate action to mitigate a vulnerability (CVE-2025-29927) affecting the Next.js framework used to build web applications.
Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA
28 March 2025
Cybersecurity researchers have disclosed 46 new security flaws in products from three solar inverter vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids.
The vulnerabilities have been collectively codenamed SUN:DOWN by Forescout Vedere Labs.
"The new vulnerabilities can be
Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware
28 March 2025
Analysis found that 99% of healthcare organizations are vulnerable to publicly available exploits.
The post Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware appeared first on SecurityWeek.
9-Year-Old NPM Crypto Package Hijacked for Information Theft
28 March 2025
Nearly a dozen crypto packages on NPM, including one published 9 years ago, have been hijacked to deliver infostealers.
The post 9-Year-Old NPM Crypto Package Hijacked for Information Theft appeared first on SecurityWeek.
In Other News: Hellcat Hackers Unmasked, CrushFTP Bug Controversy, NYU Hacked
28 March 2025
Noteworthy stories that might have slipped under the radar: Key members of Hellcat ransomware group identified, controversy around CrushFTP flaw CVE, NYU website hacked and defaced.
The post In Other News: Hellcat Hackers Unmasked, CrushFTP Bug Controversy, NYU Hacked appeared first on SecurityWeek.
27,000 records in Australian fintech database were exposed
28 March 2025
Research has revealed that an Australia-based fintech company had a database exposed.
CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection
28 March 2025
Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that's designed to download and execute secondary payloads.
The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader.
"The purpose of the malware is to download and execute second-stage payloads while evading
New Issuance Requirements Improve HTTPS Certificate Validation
28 March 2025
HTTPS certificate issuance now requires Multi-Perspective Issuance Corroboration and linting to improve validation.
The post New Issuance Requirements Improve HTTPS Certificate Validation appeared first on SecurityWeek.
Morphing Meerkat Phishing Kits Target Over 100 Brands
28 March 2025
A threat actor tracked as Morphing Meerkat abuses DNS mail exchange (MX) records to deliver spoofed login pages.
The post Morphing Meerkat Phishing Kits Target Over 100 Brands appeared first on SecurityWeek.
Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe
28 March 2025
The Grandoreiro banking trojan has reemerged in new campaigns targeting users in Latin America and Europe.
The post Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe appeared first on SecurityWeek.
Product Walkthrough: How Datto BCDR Delivers Unstoppable Business Continuity
28 March 2025
Long gone are the days when a simple backup in a data center was enough to keep a business secure. While backups store information, they do not guarantee business continuity during a crisis. With IT disasters far too common and downtime burning through budgets, modern IT environments require solutions that go beyond storage and enable instant recovery to minimize downtime and data loss. This is
Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia
28 March 2025
Firefox developers have determined that their browser is affected by a vulnerability similar to the recent Chrome sandbox escape zero-day.
The post Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia appeared first on SecurityWeek.
PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps
28 March 2025
An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps.
"PJobRAT can steal SMS messages, phone contacts, device and app information, documents, and media files from infected Android devices," Sophos security researcher Pankaj Kohli said in a Thursday analysis.
PJobRAT, first
Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts
28 March 2025
Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems.
"Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers," Sonatype researcher Ax Sharma said. "However, [...] the latest
Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability
28 March 2025
Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day.
The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape.
"Following the recent Chrome sandbox escape (
Splunk Patches Dozens of Vulnerabilities
27 March 2025
Splunk patches high-severity remote code execution and information disclosure flaws in Splunk Enterprise and Secure Gateway App.
The post Splunk Patches Dozens of Vulnerabilities appeared first on SecurityWeek.