A week in security (September 1 – September 7)
Last week on Malwarebytes Labs: Nexar dashcam video database hacked Roblox introduces age checks to use communication features Give your […]
A week in security (September 1 – September 7) Read More »
Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign
A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector
Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign Read More »
Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys
A new set of four malicious packages have been discovered in the npm package registry with capabilities to steal cryptocurrency
Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys Read More »
Nexar dashcam video database hacked
A hacker cracked into a database of video recordings taken from Nexar-branded cameras, which are built to be placed drivers’
Nexar dashcam video database hacked Read More »
CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation
Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the
CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation Read More »
TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations
The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan known
TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations Read More »
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild Read More »
Automation Is Redefining Pentest Delivery
Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat
Automation Is Redefining Pentest Delivery Read More »
VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages
Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing
VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages Read More »