Pro-Russian and pro-Palestinian hacktivist groups share a common adversary in France, leading to coordinated cyberattacks against the country.

Russian hacktivist groups Z-Pentest and People’s Cyber Army escalate attacks on U.S. energy and water systems. Learn about their tactics and how to mitigate risks

24.03.2025 - En 2024, la police a enregistré au total 563 633 infractions relevant du Code pénal (CP), soit environ 8% de plus que l'année précédente. Si l'on considère la criminalité par domaines, les infractions numériques ont, comme les années précédentes, affiché une forte hausse (+35%). Les infractions contre le patrimoine se sont accrues de 8% par rapport à 2023. Et les infractions de violence grave ont augmenté (+19%) pour la troisième année consécutive. Ce sont là quelques-uns des résultats de la statistique policière de la criminalité (SPC), établie par l'Office fédéral de la statistique (OFS).

New malware targets Apache Tomcat servers, hijacking resources through stealthy payloads & lateral movement. What to watch for to protect your workloads

Apple has delivered a big batch of OS updates, some of which belatedly patch older versions of its operating systems to address exploited-in-the-wild flaws the iGiant earlier fixed in more recent releases.

By leveraging Microsoft Security Copilot to expedite the vulnerability discovery process, Microsoft Threat Intelligence uncovered several vulnerabilities in multiple open-source bootloaders, impacting all operating systems relying on Unified Extensible Firmware Interface (UEFI) Secure Boot as well as IoT devices. The vulnerabilities found in the GRUB2 bootloader (commonly used as a Linux bootloader) and U-boot and Barebox bootloaders (commonly used for embedded systems), could allow threat actors to gain and execute arbitrary code.

Discover how Lazarus leverages fake job sites in the ClickFake Interview campaign targeting crypto firms using the ClickFix tactic.

Enterprise file transfer solutions are critical infrastructure for many organizations, facilitating secure data exchange between systems and users. CrushFTP, a widely used multi-protocol file transfer server, offers an extensive feature set including Amazon S3-compatible API access. However, a critical vulnerability (CVE-2025-2825) was discovered in versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 that allows unauthenticated attackers to bypass authentication and gain unauthorized access

Key Takeaways The threat actor gained initial access by a fake Zoom installer that used d3f@ckloader and IDAT loader to drop SectopRAT. After nine days of dwell time, the SectopRAT malware dropped …

Depuis 2024, l'OFCS est un office fédéral indépendant au sein du Département fédéral de la défense, de la prot

Discover ClickFix, a rising social engineering threat used to deliver malware and learn how to detect and respond against it with Logpoint.

Connecting a successful phishing attempt to Scattered Spider through Validin pivoting

Apple finally adds TCC events to Endpoint Security!
Since the majority of macOS malware circumvents TCC through explicit user approval, it would be incredibly helpful for any security tool to detect this — and possibly override the user’s risky decision. Until now the best (only?) option was to ingest log messages generated by the TCC subsystem. This approach was implemented in a tool dubbed Kronos, written by Calum Hall Luke Roberts (now, of Phorion fame). Unfortunately, as they note, this approach did have it drawbacks:

Hidden malware strikes WordPress mu-plugins. Our latest findings reveal how to safeguard your site against these threats.

interview: Crims are disabling security tools early in attacks, Talos says

Dubbed “BlackLock” (aka "El Dorado" or "Eldorado"), the ransomware-as-a-service (RaaS) outfit has existed since March 2024. In Q4 of last year, it increased its number of data leak posts by a staggering 1,425% quarter-on-quarter. According to independent reporting, a relatively new group has rapidly accelerated attacks and could become the most dominant RaaS group in 2025.

Fortunately, it will not happen due to certain events happening "behind the scenes." As you may know, Christmas and Winter Holidays are the best times for cybercriminals to attack, defraud, and extort victims globally. But in some cases, they may expect unexpected gifts too. Around that time, Resecurity identified a vulnerability present at the Data Leak Site (DLS) of BlackLock in the TOR network - successful exploitation of which allowed our analysts to collect substantial intelligence about their activity outside of the public domain.

FEBRUARY 21st was a typical day, recalls Ben Zhou, the boss of ByBit, a Dubai-based cryptocurrency exchange. Before going to bed, he approved a fund transfer between the firm’s accounts, a “typical manoeuvre” performed while servicing more than 60m users around the world. Half an hour later he got a phone call. “Ben, there’s an issue,” his chief financial officer said, voice shaking. “We might be hacked…all of the Ethereum is gone.”

A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers.

Any service using xml-crypto or a Node.js SAML implementation using it, should update immediately to the latest version. WorkOS customers are safe and were not impacted.