Trending
Stay at the forefront of technologyβexplore the latest and most impactful trends shaping the tech world today.
Filter by Category
Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act
Google on Tuesday revealed that its large language model (LLM)-assisted vulnerability discovery framework identified a security flaw in the SQLite open-source database engine before it could have been exploited in the wild. The vulnerability, tracked as CVE-2025-6965 (CVSS score: 7.2), is a memory corruption flaw affecting all versions prior to 3.50.2. It was discovered by Big Sleep, an
Published on: July 16, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Ransomware Group Claims Attack on Belk
DragonForce says it stole more than 150 gigabytes of data from US department store chain Belk in a May cyberattack. The post Ransomware Group Claims Attack on Belk appeared first on SecurityWeek.
Published on: July 15, 2025 | Source:China-Backed Salt Typhoon Hacks US National Guard for Nearly a Year
Between March and December of last year, infamous Chinese state-sponsored APT Salt Typhoon gained access to sensitive US National Guard data.
Published on: July 17, 2025 | Source:UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns
Multiple sectors in China, Hong Kong, and Pakistan have become the target of a threat activity cluster tracked as UNG0002 (aka Unknown Group 0002) as part of a broader cyber espionage campaign. "This threat entity demonstrates a strong preference for using shortcut files (LNK), VBScript, and post-exploitation tools such as Cobalt Strike and Metasploit, while consistently deploying CV-themed
Published on: July 18, 2025 | Source:Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers
A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49706 (CVSS score: 6.3), a spoofing bug in Microsoft SharePoint Server that was addressed by the tech giant as part of its July 2025 Patch Tuesday
Published on: July 20, 2025 | Source:Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers
A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2025-54309, the vulnerability carries a CVSS score of 9.0. "CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS," according to
Published on: July 20, 2025 | Source:Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild
Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild. The high-severity vulnerability in question is CVE-2025-6558 (CVSS score: 8.8), which has been described as an incorrect validation of untrusted input in the browser's ANGLE and GPU components. "Insufficient validation of untrusted input in ANGLE and
Published on: July 16, 2025 | Source:DOGE Denizen Marko Elez Leaked API Key for xAI
Marko Elez, a 25-year-old employee at Elon Musk's Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over the weekend inadvertently published a private key that allowed...
Published on: July 15, 2025 | Source:MITRE Launches AADAPT Framework for Financial Systems
The new framework is modeled after and meant to complement the MITRE ATT&CK framework, and it is aimed at detecting and responding to cyberattacks on cryptocurrency assets and other financial targets.
Published on: July 15, 2025 | Source:Hacking Trains
Seems like an old system system that predates any care about security: The flaw has to do with the protocol used in a train system known as the End-of-Train and Head-of-Train. A Flashing Rear End Device (FRED), also known as an End-of-Train (EOT) device, is attached to the back of a train and sends data via radio signals to a corresponding device in the locomotive called the Head-of-Train (HOT). Commands can also be...
Published on: July 16, 2025 | Source: