News

Russian hackers exploit Zimbra flaw in Ukrainian govt attacks

Bys s March 19, 2026

Sergiu Gatlan reports: Hackers part of APT28, a state-backed threat group linked to Russia’s military intelligence service (GRU), are exploiting a Zimbra Collaboration Suite (ZCS) vulnerability in attacks targeting Ukrainian government entities. This high-severity security flaw (tracked as CVE-2025-66376 and patched in early November) stems from a stored cross-site scripting (XSS) that unauthenticated attackers can exploit to gain remote…

Source

News

Why Secrets in JavaScript Bundles are Still Being Missed
Bys s January 20, 2026

Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked at what traditional vulnerability scanners actually cover and built a new secrets detection method to address gaps in existing approaches. Applying this at scale by…

Read More Why Secrets in JavaScript Bundles are Still Being Missed
News

New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround
Bys s March 26, 2025

Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System (CVSS). “VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control,” Broadcom said…

Read More New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround
News

Mitiga Banks$30M Series B to Expand Cloud and SaaS Security Platform
Bys s January 21, 2025

New York/Israel startup selling threat detection, investigation, and response tools banks $30 million in a Series B led by SYN Ventures. The post Mitiga Banks$30M Series B to Expand Cloud and SaaS Security Platform appeared first on SecurityWeek.

Read More Mitiga Banks$30M Series B to Expand Cloud and SaaS Security Platform
News

Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code
Bys s December 26, 2025

Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a “security incident” that led to the loss of approximately $7 million. The issue, the multi‑chain, non‑custodial cryptocurrency wallet service said, impacts version 2.68. The extension has about one million users, according to the Chrome…

Read More Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code
News

New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released
Bys s February 16, 2026

Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming…

Read More New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released
News

This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions
Bys s March 7, 2025

Cybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI) repository that’s equipped to steal a victim’s Ethereum private keys by impersonating popular libraries. The package in question is set-utils, which has received 1,077 downloads to date. It’s no longer available for download from the official registry. “Disguised as a simple…

Read More This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions

Similar Posts