Mideast, African Hackers Target Gov’ts, Banks, Small Retailers
In the hotly political Middle East, you’d expect hacktivism and disruption of services. But retail attacks?
Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw
E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source platforms, with more than 250 attack attempts recorded against multiple stores over the past 24 hours. The vulnerability in question is CVE-2025-54236 (CVSS score: 9.1), a critical improper input validation…
Critical Lanscope Endpoint Manager Bug Exploited in Ongoing Cyberattacks, CISA Confirms
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild. The vulnerability, CVE-2025-61932 (CVSS v4 score: 9.3), impacts on-premises versions of Lanscope Endpoint Manager, specifically Client
Lazarus Group Hunts European Drone Manufacturing Data
The campaign is the latest effort by the North Korean threat actor to collect data of strategic interest to Pyongyang.
Pwn2Own Underscores Secure Development Concerns
Pwn2Own Ireland kicked off on Oct. 21 and what researchers found continued to highlight how secure development practices are lacking across the industry.
The Best End User Security Awareness Programs Aren’t About Awareness Anymore
The goal is to apply psychology principles to security training to change behaviors and security outcomes.
It Takes Only 250 Documents to Poison Any AI Model
Researchers find it takes far less to manipulate a large language model’s (LLM) behavior than anyone previously assumed.
Too Many Secrets: Attackers Pounce on Sensitive Data Sprawl
Hardcoded credentials, access tokens, and API keys are ending up in the darnedest places, prompting a call for organizations to stop over-privileging secrets.
WhatsApp Secures Ban on NSO Group After 6-Year Legal Battle
NSO Group must pay $4 million in damages and is permanently prohibited from reverse-engineering WhatsApp or creating new accounts after targeting users with spyware.
Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign
The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to various organizations across the Middle East and North Africa (MENA) region, including over 100 government entities. The end goal of the campaign is to infiltrate high-value targets…