Autore: SecurityIT

North Korea’s Fake Recruiters Feed Stolen Data to IT Workers

north-korea’s-fake-recruiters-feed-stolen-data-to-it-workers

North Korean threat actors pose as recruiters to steal developers’ identities and supply them to fraudulent IT workers.

The post North Korea’s Fake Recruiters Feed Stolen Data to IT Workers appeared first on SecurityWeek.

No Patches for Vulnerabilities Allowing Cognex Industrial Camera Hacking

no-patches-for-vulnerabilities-allowing-cognex-industrial-camera-hacking

Cognex is advising customers to transition to newer versions of its machine vision products.

The post No Patches for Vulnerabilities Allowing Cognex Industrial Camera Hacking appeared first on SecurityWeek.

New XCSSET macOS Malware Variant Hijacks Cryptocurrency Transactions

new-xcsset-macos-malware-variant-hijacks-cryptocurrency-transactions

The malware now uses a four-stage infection chain, has an additional persistence mechanism, and also targets Firefox browser data.

The post New XCSSET macOS Malware Variant Hijacks Cryptocurrency Transactions appeared first on SecurityWeek.

Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day

recent-fortra-goanywhere-mft-vulnerability-exploited-as-zero-day

Eight days before patches, a threat actor exploited CVE-2025-10035 as a zero-day to create a backdoor admin account.

The post Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.

Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks

cisco-firewall-zero-days-exploited-in-china-linked-arcanedoor-attacks

Leading to remote code execution and privilege escalation, the flaws were exploited on Cisco ASA 5500-X series devices that lack secure boot.

The post Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks appeared first on SecurityWeek.

Salesforce AI Hack Enabled CRM Data Theft

salesforce-ai-hack-enabled-crm-data-theft

Prompt injection has been leveraged alongside an expired domain to steal Salesforce data in an attack named ForcedLeak.

The post Salesforce AI Hack Enabled CRM Data Theft appeared first on SecurityWeek.

PyPI Warns Users of Fresh Phishing Campaign

pypi-warns-users-of-fresh-phishing-campaign

Threat actors impersonating PyPI ask users to verify their email for security purposes, directing them to fake websites.

The post PyPI Warns Users of Fresh Phishing Campaign appeared first on SecurityWeek.

Chinese Cyberspies Hacked US Defense Contractors

chinese-cyberspies-hacked-us-defense-contractors

RedNovember has been targeting government, defense and aerospace, and legal services organizations worldwide.

The post Chinese Cyberspies Hacked US Defense Contractors appeared first on SecurityWeek.

RTX Confirms Airport Services Hit by Ransomware

rtx-confirms-airport-services-hit-by-ransomware

The aerospace and defense giant has disclosed the cyberattack in a filing with the SEC.

The post RTX Confirms Airport Services Hit by Ransomware appeared first on SecurityWeek.

Perspective: Why Politics in the Workplace is a Cybersecurity Risk

perspective:-why-politics-in-the-workplace-is-a-cybersecurity-risk

Bringing politics into professional spaces undermines decision-making, collaboration, and ultimately weakens security teams.

The post Perspective: Why Politics in the Workplace is a Cybersecurity Risk appeared first on SecurityWeek.