Search the Portal

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa Consortium, the holding company behind a commercial spyware known as Predator, from the specially designated nationals list. The names of the individuals are as follows - Merom Harpaz Andrea Nicola Constantino Hermes Gambazzi Sara Aleksandra Fayssal Hamou

The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691, carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution without requiring any

The total disclosed value for all the cybersecurity M&A deals announced in 2025 exceeded $84 billion. The post 8 Cybersecurity Acquisitions Surpassed $1 Billion Mark in 2025 appeared first on SecurityWeek.

The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos 4.0). "This sophisticated attack leverages a complex kill chain involving DLL hijacking and the modular Valley RAT to ensure persistence," CloudSEK researchers Prajwal Awasthi and Koushik Pal said in an

The threat actor uses a signed driver file containing two user-mode shellcodes to execute its ToneShell backdoor. The post Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit appeared first on SecurityWeek.

Artificial intelligence (AI) is making its way into security operations quickly, but many practitioners are still struggling to turn early experimentation into consistent operational value. This is because SOCs are adopting AI without an intentional approach to operational integration. Some teams treat it as a shortcut for broken processes. Others attempt to apply machine learning to problems

Roughly 30,000 Korean Air employees had their data stolen by hackers in a breach at former subsidiary KC&D. The post Korean Air Data Compromised in Oracle EBS Hack appeared first on SecurityWeek.

The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected in mid-2025 targeting an unspecified entity in Asia. The findings come from Kaspersky, which observed the new backdoor variant in cyber espionage campaigns mounted by the hacking group targeting

It took Sax well over a year to complete its investigation after detecting hackers on its network. The post Top US Accounting Firm Sax Discloses 2024 Data Breach Impacting 220,000 appeared first on SecurityWeek.

Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced. New ones were used almost immediately. A common theme ran through it all in 2025. Attackers moved faster than fixes. Access meant for work, updates, or support kept getting abused. And damage did not

Tracked as CVE-2020-12812, the exploited FortiOS flaw allows threat actors to bypass two-factor authentication. The post Fortinet Warns of New Attacks Exploiting Old Vulnerability appeared first on SecurityWeek.

The ecommerce giant will provide purchase vouchers to the 33.7 million individuals impacted by the incident. The post Coupang to Issue $1.17 Billion in Vouchers Over Data Breach appeared first on SecurityWeek.

Hackers stole names, addresses, Social Security numbers, ID numbers, and medical and health insurance information from Aflac’s systems. The post 22 Million Affected by Aflac Data Breach appeared first on SecurityWeek.

The ‘download’ button on the official EmEditor website served a malicious installer. The post Infostealer Malware Delivered in EmEditor Supply Chain Attack appeared first on SecurityWeek.