Stealing user credentials with evilginx

A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure. The vulnerability, tracked as CVE-2025-24813, affects the below versions – Apache Tomcat 11.0.0-M1 to 11.0.2 Apache Tomcat 10.1.0-M1 to 10.1.34 Apache Tomcat 9.0.0-M1 to…

Andy Greenberg, Matt Burgess, and Lily Hay Newman of WIRED report: Made possible through partnership with ThreatLocker Ransomware gangs, email scammers, state-sponsored spies: hacking groups come in all shapes and sizes. There are some we write about quite a bit here at WIRED, who through some combination of audacity, incompetence, or geopolitical importance—or some combination…

Transforming the future, together

Christopher Brown reports: PowerSchool Holdings Inc. is facing three federal lawsuits alleging the education software provider negligently failed to protect the personal information of students, parents, and teachers that was exposed in a December data breach. Sheilah Buack-Shelton, Tyler Baker, and Kimberly Kinney alleged in separate complaints that PowerSchool breached its duties under common law,…

A ransomware group tracked as Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C. The post Compromised AWS Keys Abused in Codefinger Ransomware Attacks appeared first on SecurityWeek.

As Unmanned Aerial Vehicles (UAVs or “drones”) and Unmanned Aerial Systems (UAS) are increasingly deployed as part of military operations, there has also been an upsurge in counter-UAV (C-UAV) and counter-UAS technologies designed to detect and neutralize the threats they pose. Unsurprisingly, there has been an uptick in cyberespionage groups and cybercriminals attempting to acquire…