Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXColdRiver Drops Fresh Malware on Targets
The Russia-backed threat actor's latest cyber spying campaign is a classic example of how quickly sophisticated hacking groups can pivot when exposed.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
International Sting Takes Down SIM Box Criminal Network
The operation took down a massive SIM card fraud network that provided fake phone numbers from more than 80 countries to criminals.
Is Your Car a BYOD Risk? Researchers Demonstrate How
If an employee's phone connects to their car and then their corporate network, an attack against the car can reach the company.
Five New Exploited Bugs Land in CISA's Catalog β Oracle and Microsoft Among Targets
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, officially confirming a recently disclosed vulnerability impacting Oracle E-Business Suite (EBS) has been weaponized in real-world attacks. The security defect in question is CVE-2025-61884 (CVSS score: 7.5), which has been described as a
South Korea Seeks to Arrest Dozens of Online Scam Suspects Repatriated From Cambodia
South Korea faces public calls to take stronger action to protect its nationals from being forced into overseas online scam centers. The post South Korea Seeks to Arrest Dozens of Online Scam Suspects Repatriated From Cambodia appeared first on SecurityWeek.
Flawed Vendor Guidance Exposes Enterprises to Avoidable Risk
Oracle E-Business Suite customers received conflicting deployment guidance, leaving enterprises exposed a recent zero-day flaw, Andrew argues.
Apple and Google challenged by parentsβ rights coalition on youth privacy protections
The Digital Childhood Institute, which filed a complaint with the FTC, is part of a newer crop of online safety groups focused on shaping tech policy around conservative political beliefs. The post Apple and Google challenged by parentsβ rights coalition on youth privacy protections appeared first on CyberScoop.
Chinaβs spy agency accuses NSA of yearslong attack on the countryβs timekeeping service
The NSA did not confirm nor deny the allegations made by Chinaβs Ministry of State Security. China said the origins of the attack date back to March 2022. The post Chinaβs spy agency accuses NSA of yearslong attack on the countryβs timekeeping service appeared first on CyberScoop.
New Microchip Tech Protects Vehicles from Laser Attacks
"FD-SOI" makes hardware attacks on silicon chips more difficult. And, researchers argue, it'll help OEMs with regulatory compliance.
Judge forbids NSO Group from targeting WhatsApp users
The judge also reduced the amount NSO Group would have to pay in punitive damages from $167.3 million to $4 million. The post Judge forbids NSO Group from targeting WhatsApp users appeared first on CyberScoop.
Self-Propagating GlassWorm Attacks VS Code Supply Chain
The sophisticated worm β which uses invisible code to steal credentials and turn developer systems into criminal proxies β has so far infected nearly 36k machines.
Behind the struggle for control of the CVE program
Following a funding scare that nearly shuttered the CVE program, outside experts and CISA are positioning to take charge of the 25-year-old system before the next funding crisis hits. The post Behind the struggle for control of the CVE program appeared first on CyberScoop.
SIM Farm Dismantled in Europe, Seven Arrested
The individuals ran a highly sophisticated cybercrime-as-a-service (CaaS) platform that caused roughly 5 million (~$5.8 million) in losses. The post SIM Farm Dismantled in Europe, Seven Arrested appeared first on SecurityWeek.
Lumma Stealer Activity Drops After Doxxing
The identities of alleged core members of the Lumma Stealer group were exposed in an underground doxxing campaign. The post Lumma Stealer Activity Drops After Doxxing appeared first on SecurityWeek.
ConnectWise Patches Critical Flaw in Automate RMM Tool
Attackers could exploit vulnerable deployments to intercept and tamper with communications in certain configurations. The post ConnectWise Patches Critical Flaw in Automate RMM Tool appeared first on SecurityWeek.
β‘ Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More
Itβs easy to think your defenses are solid β until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The best defense now isnβt just patching fast, but watching smarter and staying alert for what you donβt expect. Hereβs a quick look at this weekβs top threats, new tactics, and security stories shaping
Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches
ClickFix, FileFix, fake CAPTCHA β whatever you call it, attacks where users interact with malicious scripts in their web browser are a fast-growing source of security breaches. ClickFix attacks prompt the user to solve some kind of problem or challenge in the browser β most commonly a CAPTCHA, but also things like fixing an error on a webpage. The name is a little misleading, though
Agentic AIβs OODA Loop Problem
The OODA loopβfor observe, orient, decide, actβis a framework to understand decision-making in adversarial situations. We apply the same framework to artificial intelligence agents, who have to make their decisions with untrustworthy observations and orientation. To solve this problem, we need new systems of input, processing, and output integrity. Many decades ago, U.S. Air Force Colonel John Boyd introduced the...
131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign
Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale. The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to supply chain security company Socket. The browser add-ons collectively have about 20,905 active users. "
Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks
On Android, the out-of-bounds write issue can be triggered during the processing of media files without user interaction. The post Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks appeared first on SecurityWeek.
NSO Ordered to Stop Hacking WhatsApp, but Damages Cut to $4 Million
The judge ruled that punitive damages of $167 million awarded by a jury were excessive. The post NSO Ordered to Stop Hacking WhatsApp, but Damages Cut to $4 Million appeared first on SecurityWeek.
American Airlines Subsidiary Envoy Air Hit by Oracle Hack
Envoy Air, which operates the American Eagle brand, has confirmed that business information was stolen by hackers. The post American Airlines Subsidiary Envoy Air Hit by Oracle Hack appeared first on SecurityWeek.
MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems
China on Sunday accused the U.S. National Security Agency (NSA) of carrying out a "premeditated" cyber attack targeting the National Time Service Center (NTSC), as it described the U.S. as a "hacker empire" and the "greatest source of chaos in cyberspace." The Ministry of State Security (MSS), in a WeChat post, said it uncovered "irrefutable evidence" of the agency's involvement in the intrusion
China Accuses US of Cyberattack on National Time Center
The Ministry of State Security alleged that the NSA exploited vulnerabilities in the messaging services of a foreign mobile phone brand to steal sensitive information. The post China Accuses US of Cyberattack on National Time Center appeared first on SecurityWeek.
Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide
Europol on Friday announced the disruption of a sophisticated cybercrime-as-a-service (CaaS) platform that operated a SIM farm and enabled its customers to carry out a broad spectrum of crimes ranging from phishing to investment fraud. The coordinated law enforcement effort, dubbed Operation SIMCARTEL, saw 26 searches carried out, resulting in the arrest of seven suspects and the seizure of
New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs
Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware dubbed CAPI Backdoor. According to Seqrite Labs, the attack chain involves distributing phishing emails containing a ZIP archive as a way to trigger the infection. The cybersecurity company's analysis is based on the ZIP
Cyber Academy Founder Champions Digital Safety for All
Aliyu Ibrahim Usman, founder of the Cyber Cadet Academy in Nigeria, shares his passion for raising cybersecurity awareness in the wake of mounting security concerns worldwide.
Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT
The threat actors behind a malware family known as Winos 4.0 (aka ValleyRAT) have expanded their targeting footprint from China and Taiwan to target Japan and Malaysia with another remote access trojan (RAT) tracked as HoldingHands RAT (aka Gh0stBins). "The campaign relied on phishing emails with PDFs that contained embedded malicious links," Pei Han Liao, researcher with Fortinet's FortiGuard
Friday Squid Blogging: Squid Inks Philippines Fisherman
Good video. As usual, you can also use this squid post to talk about the security stories in the news that I havenβt covered. Blog moderation policy.
Europol dismantles cybercrime network linked to $5.8M in financial losses
Authorities arrested seven people allegedly involved in the operation and seized 1,200 SIM boxes containing 40,000 active SIM cards. The post Europol dismantles cybercrime network linked to $5.8M in financial losses appeared first on CyberScoop.
Microsoft Disrupts Ransomware Campaign Abusing Azure Certificates
Microsoft revoked more than 200 digital certificates that threat actors used to sign fake Teams binaries that set the stage for Rhysida ransomware attacks.
AI Agent Security: Whose Responsibility Is It?
The shared responsibility model of data security, familiar from cloud deployments, is key to agentic services, but cybersecurity teams and corporate users often struggle with awareness and managing that risk.
Microsoft: Russia, China Increasingly Using AI to Escalate Cyberattacks on the US
The U.S. is the top target for cyberattacks, with criminals and foreign adversaries targeting companies, governments and organizations. The post Microsoft: Russia, China Increasingly Using AI to Escalate Cyberattacks on the US appeared first on SecurityWeek.
AI Chat Data Is History's Most Thorough Record of Enterprise Secrets. Secure It Wisely
AI interactions are becoming one of the most revealing records of human thinking, and we're only beginning to understand what that means for law enforcement, accountability, and privacy.
John Bolton indictment says suspected Iranian hackers accessed his emails, issued threats
The indictment of the former national security adviser is the latest against President Donald Trumpβs political enemies. The post John Bolton indictment says suspected Iranian hackers accessed his emails, issued threats appeared first on CyberScoop.