More results...
SitusAMC says a recent breach exposed customer data; the real-estate financing firm provides back-office services for banks and lenders. SitusAMC, a leading real-estate financing services provider for banks and lenders, disclosed a data breach discovered earlier this month that exposed customer information. The firm manages back-office functions such as mortgage origination, servicing, and compliance for […]
Harvard revealed its Alumni Affairs systems suffered a vishing breach, exposing emails, phone numbers, addresses, donation data and biographical info. Harvard revealed that threat actors breached its Alumni Affairs and Development systems through a vishing attack, exposing contact, donation, and biographical data of students, staff, alumni. Harvard says the breached systems held no Social Security […]
Delta Dental of Virginia suffered a data breach that exposed personal and health data of about 146,000 customers after the hack of an email account. A security breach at the dental care provider Delta Dental of Virginia (DDVA) exposed data of about 146,000 people, including names, Social Security numbers, ID numbers, and health information, after […]
Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold […]
Why today’s AI attack agents boost human attackers but still fall far from becoming real autonomous weapons. Anthropic recently published a report that sparked a lively debate about what AI agents can actually do during a cyberattack. The study shows an AI system, trained specifically for offensive tasks, handling 80–90% of the tactical workload in […]
Two UK teens linked to Scattered Spider pleaded not guilty to charges over last year’s TfL cyberattack at a Southwark Crown Court hearing. Two British teens accused of Computer Misuse Act offenses for a cyberattack on Transport for London pleaded not guilty in court. Thalha Jubair (aka EarthtoStar, Brad, Austin, and @autistic), 19, and Owen […]
Iberia warns customers of a supplier-related data breach as a threat actor claims to hold 77GB of stolen airline data. Iberia is warning customers about a data breach after a third-party supplier was hacked by a threat actor who claims to have stolen 77 GB of airline data. Iberia is the flag carrier airline of […]
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery RONINGLOADER: DragonBreath’s New Path to PPL Abuse npm Malware Campaign Uses Adspect Cloaking to Deliver Malicious Redirects GPT Trade: Fake Google Play Store […]
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks U.S. CISA adds an Oracle […]
SonicWall warns of a high-severity buffer overflow flaw in SonicOS SSLVPN (CVE-2025-40601) that lets attackers crash Gen7 and Gen8 firewalls. A new high-severity SonicOS SSLVPN flaw, tracked as CVE-2025-40601 (CVSS score of 7.5), allows attackers to crash SonicWall Gen7 and Gen8 firewalls. SonicWall is urging all customers to apply patches immediately, as the issue stems […]