Search results for eset security VPN | Breaking Cybersecurity News | The Hacker News

In a world where threats are persistent, the modern CISO's real job isn't just to secure technology—it's to preserve institutional trust and ensure business continuity. This week, we saw a clear pattern: adversaries are targeting the complex relationships that hold businesses together, from supply chains to strategic partnerships. With new regulations and the rise of AI-driven attacks, the decisions you make now will shape your organization's resilience for years to come. This isn't just a threat roundup; it's the strategic context you need to lead effectively. Here's your full weekly recap, packed with the intelligence to keep you ahead. ⚡ Threat of the Week New HybridPetya Ransomware Bypasses UEFI Secure Boot — A copycat version of the infamous Petya/NotPetya malware dubbed HybridPetya has been spotted. But no telemetry exists to suggest HybridPetya has been deployed in the wild yet. It also differs in one key respect: It can compromise the secure boot featu...

Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior. Each new breach proves a harsh truth: in cybersecurity, feeling safe can be far more dangerous than being alert. Here's how that false sense of security was broken again this week. ⚡ Threat of the Week Newly Patched Critical Microsoft WSUS Flaw Comes Under Attack — Microsoft released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability that has since come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant as part of its Patch Tuesday update published last week. According to Eye Security and Huntress, the security flaw is being weaponized to drop a .N...

Attackers aren't waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden. This week's events show a hard truth: it's not enough to react after an attack. You have to assume that any system you trust today could fail tomorrow. In a world where AI tools can be used against you and ransomware hits faster than ever, real protection means planning for things to go wrong — and still staying in control. Check out this week's update to find important threat news, helpful webinars, useful tools, and tips you can start using right away. ⚡ Threat of the Week Windows 0-Day Exploited for Ransomware Attacks — A security affecting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets, Microsoft revealed. The flaw, CVE-2025-29824, is a privilege escalation vulnerabilit...

Welcome to this week's Threatsday Bulletin —your Thursday check-in on the latest twists and turns in cybersecurity and hacking. The digital threat landscape never stands still. One week it's a critical zero-day, the next it's a wave of phishing lures or a state-backed disinformation push. Each headline is a reminder that the rules keep changing and that defenders—whether you're protecting a global enterprise or your own personal data—need to keep moving just as fast. In this edition we unpack fresh exploits, high-profile arrests, and the newest tactics cybercriminals are testing right now. Grab a coffee, take five minutes, and get the key insights that help you stay a step ahead of the next breach. Firmware fights back SonicWall Releases SMA 100 Firmware Update to Remove Rootkit SonicWall has released a firmware update that it said will help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices. "S...

Hey there, it's your weekly dose of " what the heck is going on in cybersecurity land " – and trust me, you NEED to be in the loop this time. We've got everything from zero-day exploits and AI gone rogue to the FBI playing crypto kingpin – it's full of stuff they don't 🤫 want you to know. So let's jump in before we get FOMO. ⚡ Threat of the Week GoldenJackal Hacks Air-Gapped Systems: Meet GoldenJackal, the hacking crew you've probably never heard of – but should definitely know about now. They're busting into super-secure, air-gapped computer systems with sneaky worms spread through infected USB drives (yes, really!), proving that even the most isolated networks aren't safe. ESET researchers caught them red-handed using two different custom-made tools to target high-profile victims, including a South Asian embassy in Belarus and a European Union government organization. 🔔 Top News Mozilla Patches Firefox 0-Day: Mozilla patched a...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities ( KEV ) catalog following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that could be exploited to achieve arbitrary code execution remotely. Fixes (version 9.4.0.484) for the security shortcoming were released by the network hardware vendor in March 2023.  "Array AG/vxAG remote code execution vulnerability is a web security vulnerability that allows an attacker to browse the filesystem or execute remote code on the SSL VPN gateway using flags attribute in HTTP header without authentication," Array Networks said. "The product can be exploited through a vulnerable URL." The inclusion to KEV catalog comes shortly after cybersecurity company Trend...

The China-aligned threat actor known as MirrorFace has been observed targeting a diplomatic organization in the European Union, marking the first time the hacking crew has targeted an entity in the region. "During this attack, the threat actor used as a lure the upcoming World Expo, which will be held in 2025 in Osaka, Japan," ESET said in its APT Activity Report for the period April to September 2024. "This shows that even considering this new geographic targeting, MirrorFace remains focused on Japan and events related to it." MirrorFace, also tracked as Earth Kasha , is assessed to be part of an umbrella group known as APT10, which also comprises clusters tracked as Earth Tengshe and Bronze Starlight. It's known for its targeting of Japanese organizations at least since 2019, although a new campaign observed in early 2023 expanded its operations to include Taiwan and India. Over the years, the hacking crew's malware arsenal has evolved to include bac...

The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files. NTT Security Holdings, which detailed the new findings, said the attackers have "actively and continuously" updated the malware, introducing versions v3 and v4 in February and April 2025, respectively. The Japanese cybersecurity company is tracking the cluster under the name WaterPlum , which is also known as CL-STA-0240, DeceptiveDevelopment, DEV#POPPER, Famous Chollima, PurpleBravo, and Tenacious Pungsan. OtterCookie was first documented by NTT last year after having observed it in attacks since September 2024. Delivered by means of a JavaScript payload via a malicious npm package, trojanized GitHub or Bitbucket repository, or a bogus videoconferencing app, it's designed to contact an external server to execute commands on compromis...

Some risks don't breach the perimeter—they arrive through signed software, clean resumes, or sanctioned vendors still hiding in plain sight. This week, the clearest threats weren't the loudest—they were the most legitimate-looking. In an environment where identity, trust, and tooling are all interlinked, the strongest attack path is often the one that looks like it belongs. Security teams are now challenged to defend systems not just from intrusions—but from trust itself being turned into a weapon. ⚡ Threat of the Week Microsoft SharePoint Attacks Traced to China — The fallout from an attack spree targeting defects in on-premises Microsoft SharePoint servers continues to spread a week after the discovery of the zero-day exploits, with more than 400 organizations globally compromised. The attacks have been attributed to two known Chinese hacking groups tracked as Linen Typhoon (aka APT27), Violet Typhoon (aka APT31), and a suspected China-based threat actor codenamed Storm-2603 t...

A hitherto undocumented threat actor operating for nearly a decade and codenamed  MoustachedBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus. "Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (AitM) attacks at the ISP level, within Belarus, in order to compromise its targets," ESET security researcher Matthieu Faou  said , describing the group as skilled and advanced. The adversary, active since at least 2014, is assessed to be aligned with Belarusian interests, likely employing a lawful interception system such as  SORM  to conduct its AitM attacks as well as deploy disparate tools called NightClub and Disco. Both the Windows malware frameworks support additional spying plugins including a screenshotter, an audio recorder, and a file stealer. The oldest sample of NightClub dates back to November 19, 2014, when it was uploaded to VirusTotal from Ukraine. Embassy staff from fo...