Keeping it real: Sophos and the 2024 MITRE ATT&CK Evaluations: Enterprise

A five-count criminal indictment was unsealed today in federal court in New York charging a Canadian man with exploiting vulnerabilities in two decentralized finance protocols to fraudulently obtain about $65 million from the protocols’ investors. According to court documents, from 2021 to 2023, Andean Medjedovic, 22, allegedly exploited vulnerabilities in the automated smart contracts used…

Many cars know where you’ve been and where you are going, and also often have access to your contacts, call logs, texts and other sensitive information thanks to cell phone syncing. The post Is Your Car Spying on You? What It Means That Tesla Shared Data in the Las Vegas Explosion appeared first on SecurityWeek.

Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System (CVSS). “VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control,” Broadcom said…

The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector. “The ClickFix technique is particularly risky because it allows the malware to execute in memory rather than being written to disk,” Expel said in a report shared with The Hacker News. “This removes…

World-class threat intelligence available directly where analysts work.

Google’s Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet’s Triofox file-sharing and remote access platform. The critical vulnerability, tracked as CVE-2025-12480 (CVSS score: 9.1), allows an attacker to bypass authentication and access the configuration pages, resulting in the upload and execution of arbitrary payloads.  The