Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. The flaw, tracked under CVE-2025-53690, is a ViewState deserialization vulnerability caused by the inclusion of a sample ASP.NET machine key in pre-2017 Sitecore guides. Some customers reused this key in production, allowing attackers with knowledge of the key
Microsoft says recent Windows updates cause app install issues
Microsoft says the August 2025 security updates are triggering unexpected User Account Control (UAC) prompts and app installation issues for non-admin users across all supported Windows versions. This known issue is caused by a security patch that addresses the CVE-2025-50173 Windows Installer privilege escalation vulnerability, which can allow authenticated attackers to gain SYSTEM privileges due
Hackers breach fintech firm in attempted $130M bank heist
Hackers tried to steal $130 million from Evertec’s Brazilian subsidiary Sinqia S.A.after gaining unauthorized access to its environment on the central bank’s real-time payment system (Pix). Evertec is a public financial technology giant that stands as a major full-service transaction processor in Latin America, Puerto Rico, and the Caribbean. Sinqia, acquired by Evertec in 2023
Zscaler data breach exposes customer info after Salesloft Drift compromise
Cybersecurity company Zscaler warns it suffered a data breach after threat actors gained access to its Salesforce instance and stole customer information, including the contents of support cases. This warning follows the compromise of Salesloft Drift, an AI chat agent that integrates with Salesforce, in which attackers stole OAuth and refresh tokens, enabling them to gain
Protecting troops’ benefits in an evolving government | Defense News Weekly Full Episode 8.23.25
Protecting troops’ benefits in an evolving government | Defense News Weekly Full Episode 8.23.25 The president of the Military Officers Association of America talks about the state of efforts to ensure troops’ and vets’ benefits in a new administration. 8 days ago
Brokewell Android malware delivered through fake TradingView ads
Cybercriminals are abusing Meta’s advertising platforms with fake offers of a free TradingView Premium app that spreads the Brokewell malware for Android. The campaign targets cryptocurrency assets and has been running since at least July 22nd through an estimated 75 localized ads. Brokewell has been around since early 2024 and features a broad set of
TamperedChef infostealer delivered through fraudulent PDF Editor
Threat actors have been using multiple websites promoted through Google ads to distribute a convincing PDF editing app that delivers an info-stealing malware called TamperedChef. The campaign is part of a larger operation with multiple apps that can download each other, some of them tricking users into enrolling their system into residential proxies. More than
US Army awards RTX $1.7B for new missile defense radar production
A full scale model of Raytheon’s Lower Tier Air and Missile Defense Sensor, a next-generation radar that will defeat advanced threats like hypersonic weapons. (Photo courtesy of Raytheon) The U.S. Army awarded Raytheon a $1.7 billion contract to produce a new missile defense sensor that will replace the current Patriot system’s radar, according to an
WhatsApp patches vulnerability exploited in zero-day attacks
WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. The company says this zero-click flaw (tracked as CVE-2025-55177) affects WhatsApp for iOS prior to version 2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78. “Incomplete authorization of linked device synchronization messages in
Google warns Salesloft breach impacted some Workspace accounts
Google now reports that the Salesloft Drift breach is larger than initially thought, warning that attackers also used stolen OAuth tokens to access a small number of Google Workspace email accounts in addition to stealing data from Salesforce instances. “Based on new information identified by GTIG, the scope of this compromise is not exclusive to