Search the Portal

Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Huntress last month across five partner organizations, involved the threat actors using email spam as lures, followed by a phone call from

The company was founded in March 2025 and it has now emerged from stealth mode. The post Fig Security Launches With $38 Million to Bolster SecOps Resilience appeared first on SecurityWeek.

The researcher says he has identified thousands of internet-exposed IQ4 building management controllers. The post Honeywell, Researcher Clash Over Impact of Building Controller Vulnerability appeared first on SecurityWeek.

Every CISO knows the uncomfortable truth about their Security Operations Center: the people most responsible for catching threats in real time are the people with the least experience. Tier 1 analysts sit at the front line of detection, and yet they are also the most vulnerable to the cognitive and organizational pressures that quietly erode SOC performance over time. The Paradox at the Gate:

The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks. The new findings come from Team Cymru, which detected its use following an analysis of the IP address ("212.11.64[.]250") that was used by the suspected

For decades, the quantum threat to RSA and ECC encryption has been tied to Shor’s algorithm and the assumption that we would need million-qubit quantum computers to make it practical. A newly announced algorithm challenges that assumption and suggests the breaking point could arrive far sooner than expected. The post Quantum Decryption of RSA is Much Closer than Expected appeared first on SecurityWeek.

Researchers have uncovered a Wi-Fi vulnerability that allows nearby attackers to intercept sensitive data and execute machine-in-the-middle attacks against connected devices. The post New ‘AirSnitch’ Attack Shows Wi-Fi Client Isolation Could Be a False Sense of Security appeared first on SecurityWeek.

Hackers stole names, Social Security numbers, driver’s license information, voter registration records, and health-related information. The post 1.2 Million Affected by University of Hawaii Cancer Center Data Breach appeared first on SecurityWeek.

An integer overflow or wraparound in the Qualcomm graphics component, the bug leads to memory corruption. The post Android Update Patches Exploited Qualcomm Zero-Day appeared first on SecurityWeek.

The cybersecurity industry is monitoring the landscape and says many of the big claims made by hacktivist groups remain unverified. The post Iran Cyber Front: Hacktivist Activity Rises, but State-Sponsored Attacks Stay Low appeared first on SecurityWeek.

The Rise of MCPs in the Enterprise The Model Context Protocol (MCP) is quickly becoming a practical way to push LLMs from “chat” into real work. By providing structured access to applications, APIs, and data, MCP enables prompt-driven AI agents that can retrieve information, take action, and automate end-to-end business workflows across the enterprise. This is already showing up in production

Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections. It's advertised as a cybercrime platform by a threat group calling itself Jinkusu, granting customers access to a dashboard that lets them select a brand to impersonate or enter a brand's real URL. It also lets

Improper input sanitization in the framework can be exploited through the Shell tool, allowing attackers to modify system files and steal data. The post Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise appeared first on SecurityWeek.

Using low-cost receivers deployed along roads, academic researchers tracked drivers and their movement patterns. The post Researchers Uncover Method to Track Cars via Tire Sensors appeared first on SecurityWeek.

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector organizations with the end goal of redirecting victims to attacker-controlled infrastructure without stealing their tokens. It described