Security Affairs

MARCH 14, 2025

Operators behind the SuperBlack ransomware exploited two vulnerabilities in Fortinet firewalls for recent attacks. Between January and March, researchers at Forescout Research Vedere Labs observed a threat actors exploiting two Fortinet vulnerabilities to deploy the SuperBlack ransomware. ” reads the report.

Firewall 68

Firewall Ransomware VPN Encryption 68

Security Affairs

NOVEMBER 25, 2024

Zyxel warns that a ransomware group has been observed exploiting a recently patched command injection issue in its firewalls. Zyxel warns that a ransomware gang has been observed exploiting a recently patched command injection vulnerability, tracked as CVE-2024-42057, in its firewalls for initial compromise.

Firewall 77

Firewall Ransomware VPN Firmware 77

Security Affairs

JUNE 6, 2025

Qilin ransomware now exploits Fortinet vulnerabilities to achieve remote code execution on impacted devices. Initial access are being achieved by exploiting multiple FortiGate vulnerabilities, including CVE-2024-21762, CVE-2024-55591, and others.” in FortiOS SSL VPN was actively exploited in attacks in the wild.

Ransomware 78

Ransomware Authentication Healthcare Firewall 78

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency 111

Cryptocurrency Hacking Phishing Cyber Attacks 111

Security Affairs

NOVEMBER 13, 2024

Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. The group also relies on customized versions of open-source tools for C2 communications and stay under the radar.

VPN 125

VPN Government Malware Manufacturing 125

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. Despite a slowdown in “LockBit” ransomware activity due to law enforcement actions and a loss of affiliate trust, it remains a key player. Our latest investigation revealed the same trend.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59

Security Affairs

NOVEMBER 21, 2024

They impersonated help desk technicians, sent the victims fake VPN deactivation warnings, and used password reset scams to gain access to company systems. In January 2024, U.S. Scattered Spider used phishing and smishing attacks to trick employees to provide their credentials. Federal Bureau of Investigation (FBI).

Cybercrime 112

Cybercrime Identity Theft Cryptocurrency Phishing 112

Security Affairs

JULY 17, 2025

UNC6148 targets SonicWall devices with Overstep malware, using a backdoor and rootkit for data theft, extortion, or ransomware. Active since at least October 2024, the group uses a backdoor and user-mode rootkit to potentially enable data theft, extortion, or ransomware attacks. ” reads the report published by Google.

Malware 68

Malware Ransomware Architecture VPN 68

Zero Day

JUNE 6, 2025

The records are being linked to the same ones compromised by cybercriminals in a data breach that AT&T announced in July of 2024. Collectively, they could easily put affected customers at risk for account takeovers and identity theft. million existing AT&T subscribers and 65.4 million former account holders.

Password Management 128

Password Management Passwords Identity Theft Artificial Intelligence 128

Security Affairs

JULY 24, 2025

Active since at least October 2024, the group uses a backdoor and user-mode rootkit to potentially enable data theft, extortion, or ransomware attacks. UNC6148 activity overlaps with earlier SonicWall exploits tied to Abyss/VSOCIETY ransomware. reads the report published by Google.

Malware 74

Malware Ransomware Authentication Architecture 74

Security Affairs

JANUARY 19, 2025

CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems Russia-linked APT Star Blizzard targets WhatsApp accounts Prominent US law firm Wolf Haldenstein disclosed a data breach Clop Ransomware exploits Cleo File Transfer flaw: dozens (..)

Spyware 72

Spyware DNS Data breaches Firewall 72

Zero Day

JULY 3, 2025

But the big one -- CVE-2024-51978 -- can't be fixed on any device already sitting in your home or office. CVE-2024-51978 carries a CVSS score of 9.8 The one remaining sore spot -- CVE-2024-51978 -- can't be patched retroactively. Of those eight flaws, seven can be fully patched with firmware updates.

Password Management 95

Password Management Passwords Firmware Artificial Intelligence 95

eSecurity Planet

APRIL 21, 2025

Researchers at Trustwave SpiderLabs have linked the provider to a surge in dangerous activities from credential brute-forcing and mass vulnerability scanning to the delivery of ransomware, infostealers, and Android-targeted phishing campaigns. Once inside, they deploy a ransomware strain named SuperBlack, similar to LockBit 3.0,

Malware 70

Malware Phishing Ransomware VPN 70

Centraleyes

APRIL 24, 2025

Mandiants report highlighted that three of the four top exploited vulnerabilities in 2024 were zero-days discovered and leveraged by attackers before patches were available. Palo Alto Networks GlobalProtect (CVE-2024-3400) was the most exploited vulnerability, used by both state-backed groups and ransomware affiliates.

Risk 52

Risk Firewall VPN Ransomware 52

The Last Watchdog

MAY 13, 2025

Four days of packed session tracks and face-to-face discussions with industry leaders pointed to a clear reality: a large majority of ransomware victims lack effective response plans, and even more security professionals have doubts about their organizations readiness for zero-day attacks. The RSAC 2025 conference theme “Many Voices.

Architecture 130

Architecture Risk Cybersecurity Cyber Attacks 130

Malwarebytes

FEBRUARY 19, 2025

And in 2024, one malicious program in particular is responsible for the lions share of info stealer activityracking up 70% of known info stealer detections on Mac. Unlike ransomware, which is deployed against large businesses that cybercriminals hope can pay hefty ransoms, info stealers can deliver illicit gains no matter the target.

Malware 133

Malware Software Passwords Cryptocurrency 133

SecureWorld News

JULY 1, 2025

Ransomware-as-a-Service collectives go even further in allowing practically anyone to enact cyberattacks; the Play gang weaponized a 2025 Windows zero-day just days after it was introduced, bundling the exploit into its affiliate kit for paying customers. It's estimated that the economic impact of a severe enough cyberattack against the U.S.

Social Engineering 80

Social Engineering Engineering Phishing Healthcare 80

SecureList

DECEMBER 19, 2024

The targeted company employs this technology to allow employees to download specific policies to their corporate devices, granting them secure access to the Fortinet VPN. Countries targeted by additional malicious activity on October 23, 2024 ( download ) Three requests originated from the same IP address 135.XXX.XX.47

Internet 104

Internet Internet Accountability Passwords 104

Security Affairs

FEBRUARY 15, 2025

custody in exchange for Marc Fogel North Korea-linked APT Emerald Sleet is using a new tactic U.S.

Spyware 72

Spyware Firewall Artificial Intelligence Malware 72

Security Affairs

DECEMBER 1, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cybercrime 74

Cybercrime Firewall Phishing Social Engineering 74

Zero Day

JUNE 27, 2025

That's a 358% increase year-over-year and nearly matches the total for all of 2024. According to Cloudflare, this record-setting attack comes amid a dramatic surge in DDoS assaults. In the first quarter of 2025 alone, Cloudflare mitigated 20.5 million DDoS attacks.

DDOS 97

DDOS Small Business Password Management Passwords 97

Security Affairs

NOVEMBER 24, 2024

CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office US DoJ charges five alleged members of the Scattered Spider cybercrime gang Threat actor (..)

Cybercrime 74

Cybercrime Hacking Artificial Intelligence Ransomware 74

Zero Day

JULY 12, 2025

Kerry Wan/ZDNET The big question with any foldable phone is how it holds up over time -- I write as my Motorola Razr Plus (2024) produces a gritty, brushing-sandpaper-like sound whenever I open and close it -- so I'll keep my eyes and ears out with the Razr Ultra.

Computers and Electronics 96

Computers and Electronics Artificial Intelligence Digital transformation Password Management 96

Security Affairs

APRIL 7, 2025

In 2024, he shifted to cybercrime, starting with low-level roles in vishing and ransomware, later moving into malware and vulnerability research that drew wide attention. In one exchange, he detailed hacking feats (VPN cracking, 0-day CVEs, RCEs) all done via mobile and RDP.

Cybercrime 74

Cybercrime Malware Hacking Cyber threats 74

Zero Day

JULY 9, 2025

In anticipation of AI's role as a hacker's weapon of choice,  Visa announced in December 2024  that "it will require Australian financial institutions to move away from SMS OTPs as the sole factor for payment authentication to address the threat of AI-driven fraud and scams.  

Passwords 84

Passwords Password Management Authentication Artificial Intelligence 84

Zero Day

JUNE 22, 2025

Also:   The best VPN services right now   Further, Cybernews blamed other media outlets for claiming that Facebook, Google, and Apple credentials were leaked.   IBM  estimates  that the average cost of a data breach in 2024 for companies was $4.9 The Tor network and a VPN are typically required.

Passwords 101

Passwords Data breaches Password Management Accountability 101

Webroot

JUNE 17, 2025

According to Mastercard, travel-related fraud in 2024 increased by 18% during the summer peak season and 28% in the winter peak season. Fewer than 1 in 3 travelers (31%) protect their data with a virtual private network (VPN) when traveling internationally. This is especially true when you travel to foreign countries.

VPN 89

VPN Scams Phishing Computers and Electronics 89

Security Boulevard

JUNE 27, 2025

Threat actor Activity HomeLand Justice Carried out destructive attacks against the Government of Albania in 2022, utilizing ransomware and disk wiping malware. Pioneer Kitten Fox Kitten UNC757 Parisite RUBIDIUM Lemon Sandstorm Br0k3r xplfinder Collaborates with ransomware groups in order to monetize access to victim networks.

Accountability 58

Accountability Passwords Authentication Energy and Utilities 58

Webroot

OCTOBER 31, 2024

Steam the Webinar on demand HERE As we look back on the cybersecurity landscape of 2024, it’s clear that the world of digital threats continues to evolve at an alarming pace in parallel with AI. The saga of LockBit in 2024 exemplifies the resilience and adaptability of these cybercriminal groups.

Malware 117

Malware Ransomware Healthcare Passwords 117

Zero Day

JUNE 20, 2025

Also:   The best VPN services right now   Further, Cybernews blamed other media outlets for claiming that Facebook, Google, and Apple credentials were leaked.   IBM  estimates  that the average cost of a data breach in 2024 for companies was $4.9 The Tor network and a VPN are typically required.

Passwords 106

Passwords Data breaches Password Management Identity Theft 106

Zero Day

JULY 14, 2025

Identity Check This feature was added in 2024, but it didn't receive much attention until the release of Android 16. I'll explain these two key security features and how to find and enable them. Also:  Google quietly confirms ChromeOS-Android merger - here's what it means for you 1. What is Identity Check?

Artificial Intelligence 59

Artificial Intelligence Digital transformation Password Management Mobile 59

Zero Day

JULY 10, 2025

The Oura Ring 4 came out in 2024, kickstarting discounts across older models. So, you'll get the same sleep tracking and staging, activity and stress monitoring, and app user experience as the new smart ring -- just a different build with the Oura Ring Gen 3.

Retail 55

Retail Artificial Intelligence Digital transformation Software 55

Zero Day

JUNE 24, 2025

Earlier this year, the company confirmed two major data breaches -- one from 2019 or earlier and one from 2024. The settlement includes customers who were involved in both the 2019 breach and the 2024 breach. It's not necessary for you to have been involved in both.

Data breaches 75

Data breaches Password Management Small Business Artificial Intelligence 75

Zero Day

JUNE 20, 2025

Android 15 was released in September 2024.) Also: Your Android phone just got a major feature upgrade for free - including these Pixel models One thing to keep in mind is that Google released Android 16 early. Usually, those major updates are held back until late summer/fall. Why did Google release this latest update three months early?

Password Management 98

Password Management Small Business Artificial Intelligence Software 98

Zero Day

JULY 11, 2025

  Review:  Amazon Kindle Scribe (2024) In addition, the Active Canvas allows you to take notes and scribble your thoughts directly onto the pages of your book.  Its updated AI features include a new display with flush white borders and a paper-like texture, and Active Canvas -- a new experience for taking notes in books. 

Retail 51

Retail Artificial Intelligence Digital transformation Password Management 51

Security Affairs

JANUARY 26, 2025

President Donald Trump granted a “full and unconditional pardon” to Ross Ulbricht, Silk Road creator Pwn2Own Automotive 2025 Day 1: organizers awarded $382,750 for 16 zero-days Subaru Starlink flaw allowed experts to remotely hack cars Two ransomware groups abuse Microsofts Office 365 platform to gain access to target organizations Cloudflare (..)

DDOS 64

DDOS Hacking Penetration Testing Malware 64

Zero Day

JULY 10, 2025

  Show more View now at Amazon Kindle Essentials Bundle with 2024 base model Kindle : $111 (save $51): I tested and loved the  base model Kindle  that debuted last year and highly recommend it to those purchasing their first e-reader. inch display, a slew of Gemini-enhanced AI features, and a proven camera system.

Retail 70

Retail Wireless Artificial Intelligence Software 70