Beyond the kill chain: What cybercriminals do with their money (Part 5)

When BreachForums[.]st went offline on April 15, the rumor mills sprang into action. Claims that the forum had been seized (again), or that the owner, ShinyHunters, or Anastasia had been arrested were tossed around, with the only evidence to support any of the claims being redirects of Telegram accounts to FBI Telegram accounts. So of…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows – CVE-2024-54085 (CVSS score: 10.0) – An authentication bypass by spoofing

This year’s first batch of monthly security updates for Android resolves 36 vulnerabilities, including critical remote code execution flaws. The post First Android Update of 2025 Patches Critical Code Execution Vulnerabilities appeared first on SecurityWeek.

Meta on Tuesday said it’s launching new tools to protect Messenger and WhatsApp users from potential scams. To that end, the company said it’s introducing new warnings on WhatsApp when users attempt to share their screen with an unknown contact during a video call so as to prevent them from giving away sensitive information like…

In the fourth of our five-part series, Sophos X-Ops explores threat actors’ real-world criminal business interests

SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day. The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. “Pre-authentication deserialization of untrusted data…