Google spots tailored backdoor malware aimed at SonicWall appliances
Google researchers reported on a malware campaign against end-of-life SonicWall appliances, noting that the attackers were good at covering their tracks.
New Fortinet FortiWeb hacks likely linked to public RCE exploits
Multiple Fortinet FortiWeb instances recently infected with web shells are believed to have been compromised using public exploits for a recently patched remote code execution (RCE) flaw tracked as CVE-2025-25257.
Italian police dismantle Romanian ransomware gang targeting nonprofits, film companies
The group, known as “Diskstation,” is accused of encrypting victims’ systems and demanding large cryptocurrency ransoms to restore access to their data, Italy’s Postal and Cybersecurity Police said in a statement.
Europol disrupts pro-Russian NoName057(16) DDoS hacktivist group
An international law enforcement operation dubbed "Operation Eastwood" has targeted the infrastructure of the pro-Russian hacktivist group NoName057(16), responsible for distributed denial-of-service (DDoS) attacks across Europe and the US.
Dating app scammer cons former US army colonel into leaking national secrets
Even hard-headed military types can fall victim to romance scams, it seems. A former US army colonel faces up to ten years in prison after revealing national secrets on a foreign dating app.
Senate panel passes Intelligence Authorization Act that takes aim at telecom hacks
The measure aims to prevent compromise of U.S. telecommunications through strengthening network security by establishing “baseline cybersecurity requirements for vendors of telecommunications services” to the country’s 18 intelligence agencies, according to a summary of the bill released by the panel.
Copilot Studio: AIjacking Leads to Data Exfiltration | CSA
AI agents are prone to data exfiltration. See how one attack led to discovery of the knowledge sources, then to data exfiltration of entire customer records.
21-year-old former US soldier pleads guilty to hacking, extorting telecoms
Cameron John Wagenius faces up to 27 years in prison after pleading guilty to wire fraud, extortion and aggravated identity theft in data breaches involving major corporations.
Talos IR ransomware engagements and the significance of timeliness in incident response
The decision between immediate action and delayed response made the difference between ransomware prevention and complete encryption in these two real-world Talos IR engagements.
AWS, Google Drive, Dropbox : quand le cloud est détourné pour espionner des négociations
Depuis fin 2024, une campagne d’espionnage d’une sophistication inédite vise les gouvernements d’Asie du Sud-Est. L’outil au cœur de cette opération : HazyBeacon, un logiciel malveillant capable de se dissimuler dans le trafic légitime des services cloud d’Amazon, afin de collecter des informations sensibles sur des
Grok 4 benchmark results: Tops math, ranks second in coding
Grok 4 is a huge leap from Grok 3, but how good is it compared to other models in the market, such as Gemini 2.5 Pro? We now have answers, thanks to new independent benchmarks.
Google fixes actively exploited sandbox escape zero day in Chrome
Google has released a security update for Chrome to address half a dozen vulnerabilities, one of them actively exploited by attackers to escape the browser's sandbox protection.