Threat actors are exploiting CVE-2025-20352, a recent Cisco zero-day, to deploy a rootkit on older networking devices.

The post Cisco Routers Hacked for Rootkit Deployment appeared first on SecurityWeek.

Other noteworthy stories that might have slipped under the radar: US universities targeted by payroll pirates, Zimbra vulnerability exploited, Mic-E-Mouse attack.

The post In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware appeared first on SecurityWeek.

GreyNoise has discovered that attacks exploiting Cisco, Fortinet, and Palo Alto Networks vulnerabilities are launched from the same infrastructure.

The post Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign appeared first on SecurityWeek.

The botnet packs over 50 exploits targeting unpatched routers, DVRs, NVRs, CCTV systems, servers, and other network devices.

The post RondoDox Botnet Takes ‘Exploit Shotgun’ Approach appeared first on SecurityWeek.

Google researchers believe exploitation may have started as early as July 10 and the campaign hit dozens of organizations.

The post Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks appeared first on SecurityWeek.

The malware now uses a four-stage infection chain, has an additional persistence mechanism, and also targets Firefox browser data.

The post New XCSSET macOS Malware Variant Hijacks Cryptocurrency Transactions appeared first on SecurityWeek.

The software update includes additional file checks and helps users remove the known rootkit deployed in a recent campaign.

The post SonicWall Updates SMA 100 Appliances to Remove Overstep Malware appeared first on SecurityWeek.

The botnet’s operators provide customers with access to an infected network of Docker containers so they can conduct DDoS attacks.

The post ShadowV2 DDoS Service Lets Customers Self-Manage Attacks appeared first on SecurityWeek.

Threat actors rely on malicious GitHub repositories to infect LastPass’s macOS users with the Atomic infostealer.

The post Widespread Infostealer Campaign Targeting macOS Users appeared first on SecurityWeek.

Turla malware was deployed in February on select systems that Gamaredon had compromised in January.

The post Turla and Gamaredon Working Together in Fresh Ukrainian Intrusions appeared first on SecurityWeek.

Hackers chained two Ivanti EPMM vulnerabilities to collect system information, dump credentials, and execute malware.

The post CISA Analyzes Malware From Ivanti EPMM Intrusions appeared first on SecurityWeek.

RevengeHotels has been targeting hotels in Brazil and Spanish-speaking regions with VenomRAT implants in 2025.

The post Threat Actor Infests Hotels With New RAT appeared first on SecurityWeek.

The cybercrime groups tracked as UNC6040 and UNC6395 have been extorting organizations after stealing data from their Salesforce instances.

The post FBI Shares IoCs for Recent Salesforce Intrusion Campaigns appeared first on SecurityWeek.

Apple this year sent at least four rounds of notifications to French users potentially targeted by commercial spyware.

The post Apple Sends Fresh Wave of Spyware Notifications to French Users appeared first on SecurityWeek.

Hackers mount the host’s file system into fresh containers, fetch malicious scripts over the Tor network, and block access to the Docker API.

The post Exposed Docker APIs Likely Exploited to Build Botnet appeared first on SecurityWeek.