Iran’s MOIS-Linked APT34 Spies on Allies Iraq & Yemen
The Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors.
Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability
Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape….
Hoff’s Rule: People First
Dark Reading Confidential Episode 5: Christofer Hoff, chief secure technology officer at LastPass, shares the human side of the story of how he led his team through a major cyber incident and built from the ground up a security team and security culture.
Sophos ranked #1 overall for Firewall, MDR, and EDR in the G2 Spring 2025 Reports
Also ranked the top solution across 53 global reports.
How CISA Cuts Impact Election Security
State and federal security experts weighed in on the impact that budgetary and personnel cuts to CISA will have on election security as a whole.
OpenAI Bumps Up Bug Bounty Reward to $100K in Security Update
The artificial intelligence research company previously had its maximum payout set at $20,000 before exponentially raising the reward.
New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records
Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat….
DoJ Recovers $5M Lost in BEC Fraud Against Workers’ Union
The union received a spoofed email that led to the loss of $6.4 million, much of it transferred to other accounts or to a cryptocurrency exchange.
Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks
A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that’s designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as…
Fake DeepSeek Ads Spread Malware to Google Users
Popularity of the generative AI platform makes it an obvious choice for cybercriminals abusing Google-sponsored search results, according to researchers.