Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
New Risk Index Helps Organizations Tackle Cloud Security Chaos
Enterprises can use the IaC Risk Index to identify vulnerable cloud resources in their infrastructure-as-code environments that are not managed or governed.
Published on: July 28, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads
In what's the latest instance of a software supply chain attack, unknown threat actors managed to compromise Toptal's GitHub organization account and leveraged that access to publish 10 malicious packages to the npm registry. The packages contained code to exfiltrate GitHub authentication tokens and destroy victim systems, Socket said in a report published last week. In addition, 73 repositories
Published on: July 28, 2025 | Source:Sophisticated Shuyal Stealer Targets 19 Browsers, Demonstrates Advanced Evasion
A new infostealing malware making the rounds can exfiltrate credentials and other system data even from browsing software considered more privacy-focused than mainstream options.
Published on: July 28, 2025 | Source:Sen. Hassan wants to hear from SpaceX about scammers abusing Starlink
Itβs time for SpaceX to take strong action against scammers abusing the companyβs Starlink internet service, Sen. Maggie Hassan said in a letter to CEO Elon Musk on Monday. The New Hampshire Democrat cited evidence accumulating over the past two years that some Southeast Asian fraudsters scamming billions of dollars from U.S. citizens have leaned [β¦] The post Sen. Hassan wants to hear from SpaceX about scammers abusing...
Published on: July 28, 2025 | Source:FBI alerts tie together threats of cybercrime, physical violence from The Com
Officials said thousands of people, typically between 11 and 25 years old, are engaged in a growing and evolving online threat to commit crime for money, retaliation, ideology, sexual gratification and notoriety. The post FBI alerts tie together threats of cybercrime, physical violence from The Com appeared first on CyberScoop.
Published on: July 28, 2025 | Source:Hundreds of registered data brokers ignore user requests around personal data
Researchers in California contacted data brokers in their state to exercise their rights under the California Privacy Protection Act. Many didnβt reply, while others threw up barriers. The post Hundreds of registered data brokers ignore user requests around personal data appeared first on CyberScoop.
Published on: July 28, 2025 | Source:How to Spot Malicious AI Agents Before They Strike
The rise of agentic AI means the battle of the machines is just beginning. To win, we'll need our own agents β human and machine β working together.
Published on: July 28, 2025 | Source:Root Evidence Launches With $12.5 Million in Seed Funding
Root Evidence is developing fully integrated vulnerability scanning and attack surface management technology. The post Root Evidence Launches With $12.5 Million in Seed Funding appeared first on SecurityWeek.
Published on: July 28, 2025 | Source:β‘ Weekly Recap β SharePoint Breach, Spyware, IoT Hijacks, DPRK Fraud, Crypto Drains and More
Some risks donβt breach the perimeterβthey arrive through signed software, clean resumes, or sanctioned vendors still hiding in plain sight. This week, the clearest threats werenβt the loudestβthey were the most legitimate-looking. In an environment where identity, trust, and tooling are all interlinked, the strongest attack path is often the one that looks like it belongs. Security teams are
Published on: July 28, 2025 | Source:Allianz Life Data Breach Impacts Most of 1.4 Million US Customers
Allianz subsidiary said the information of customers, financial professionals and employees was compromised as a result of a hack. The post Allianz Life Data Breach Impacts Most of 1.4 Million US Customers appeared first on SecurityWeek.
Published on: July 28, 2025 | Source:Email Security Is Stuck in the Antivirus Era: Why It Needs a Modern Approach
Picture this: youβve hardened every laptop in your fleet with realβtime telemetry, rapid isolation, and automated rollback. But the corporate mailboxβthe front door for most attackersβis still guarded by what is effectively a 1990s-era filter. This isn't a balanced approach. Email remains a primary vector for breaches, yet we often treat it as a static stream of messages instead of a dynamic,
Published on: July 28, 2025 | Source:Microsoft SharePoint Zero-Day
Chinese hackers are exploiting a high-severity vulnerability in Microsoft SharePoint to steal data worldwide: The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 10. It gives unauthenticated remote access to SharePoint Servers exposed to the Internet. Starting Friday, researchers began warning of active exploitation of the vulnerability, which affects SharePoint Servers that...
Published on: July 28, 2025 | Source:BlackSuit Ransomware Group Transitioning to βChaosβ Amid Leak Site Seizure
The emerging Chaos ransomware appears to be a rebranding of BlackSuit, which had its leak site seized by law enforcement. The post BlackSuit Ransomware Group Transitioning to βChaosβ Amid Leak Site Seizure appeared first on SecurityWeek.
Published on: July 28, 2025 | Source:Microsoftβs software licensing playbook is a national security risk
The tech giantβs model is built around anticompetitive practices, the head of the Coalition for Fair Software Licensing argues. The post Microsoftβs software licensing playbook is a national security risk appeared first on CyberScoop.
Published on: July 28, 2025 | Source:Flaw Allowing Website Takeover Found in WordPress Plugin With 400k Installations
The Post SMTP email delivery WordPress plugin is affected by a critical vulnerability and half of websites using it remain unpatched. The post Flaw Allowing Website Takeover Found in WordPress Plugin With 400k Installations appeared first on SecurityWeek.
Published on: July 28, 2025 | Source:Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America. "The group's core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven playbook centered on phone calls to an IT help desk," Google's Mandiant team said in an extensive
Published on: July 28, 2025 | Source:Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide
Cybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridium's Niagara Framework that could allow an attacker on the same network to compromise the system under certain circumstances. "These vulnerabilities are fully exploitable if a Niagara system is misconfigured, thereby disabling encryption on a specific network device," Nozomi Networks Labs said in a
Published on: July 28, 2025 | Source:Friday Squid Blogging: Stable Quasi-Isodynamic Designs
Yet another SQUID acronym: βStable Quasi-Isodynamic Design.β Itβs a stellarator for a fusion nuclear power plant.
Published on: July 25, 2025 | Source:Cyber Career Opportunities: Weighing Certifications vs. Degrees
Longtime CISO Melina Scotto joins Dark Reading to discuss career advice gleaned from her 30 years in the cyber industry.
Published on: July 25, 2025 | Source:'Fire Ant' Cyber Spies Compromise Siloed VMware Systems
Suspected China-nexus threat actors targeted virtual environments and used several tools and techniques to bypass security barriers and reach isolated portions of victims' networks.
Published on: July 25, 2025 | Source:AI-Generated Linux Miner 'Koske' Beats Human Malware
AI malware is becoming less of a gimmick, with features that meet or exceed what traditional human-developed malware typically can do.
Published on: July 25, 2025 | Source:North Korea's IT Worker Rampage Continues Amid DoJ Action
Arrests and indictments keep coming, but the North Korean fake IT worker scheme is only snowballing, and businesses can't afford to assume their applicant-screening processes are up to the task of weeding the imposters out.
Published on: July 25, 2025 | Source:U.S. Sanctions Firm Behind N. Korean IT Scheme; Arizona Woman Jailed for Running Laptop Farm
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned a North Korean front company and three associated individuals for their involvement in the fraudulent remote information technology (IT) worker scheme designed to generate illicit revenues for Pyongyang. The sanctions target Korea Sobaeksu Trading Company (aka Sobaeksu United Corporation), and Kim Se Un, Jo
Published on: July 25, 2025 | Source:US offers $15 million reward for info on North Korean nationals involved in global criminal network
The announcement comes as an Arizona woman was sentenced to more than eight years in jail for her role in running a laptop farm. The post US offers $15 million reward for info on North Korean nationals involved in global criminal network appeared first on CyberScoop.
Published on: July 25, 2025 | Source:Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files
The threat actor known as Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence. "The campaign employs a five-stage execution chain delivered via malicious LNK files disguised as conference invitations sent to targets interested in learning more about unmanned vehicle systems," Arctic Wolf Labs said
Published on: July 25, 2025 | Source:Why Security Nudges Took Off
Nudges can be powerful β but they are not immune to overuse or misapplication.
Published on: July 25, 2025 | Source:In Other News: $30k Google Cloud Build Flaw, Louis Vuitton Breach Update, Attack Surface Growth
Noteworthy stories that might have slipped under the radar: Google Cloud Build vulnerability earns researcher big bounty, more countries hit by Louis Vuitton data breach, organizationsβ attack surface is increasing. The post In Other News: $30k Google Cloud Build Flaw, Louis Vuitton Breach Update, Attack Surface Growth appeared first on SecurityWeek.
Published on: July 25, 2025 | Source:Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor
Russian aerospace and defense industries have become the target of a cyber espionage campaign that delivers a backdoor called EAGLET to facilitate data exfiltration. The activity, dubbed Operation CargoTalon, has been assigned to a threat cluster tracked as UNG0901 (short for Unknown Group 901). "The campaign is aimed at targeting employees of Voronezh Aircraft Production Association (VASO), one
Published on: July 25, 2025 | Source:The Young and the Restless: Young Cybercriminals Raise Concerns
National governments warn that many hacker groups attract young people through a sense of community, fame, or the promise of money and the perception of a lack of risk of prosecution.
Published on: July 25, 2025 | Source:Mitel Patches Critical Flaw in Enterprise Communication Platform
An authentication bypass vulnerability in Mitel MiVoice MX-ONE could allow attackers to access user or admin accounts on the system. The post Mitel Patches Critical Flaw in Enterprise Communication Platform appeared first on SecurityWeek.
Published on: July 25, 2025 | Source:Sophisticated Koske Linux Malware Developed With AI Aid
The Koske Linux malware shows how cybercriminals can use AI for payload development, persistence, and adaptivity. The post Sophisticated Koske Linux Malware Developed With AI Aid appeared first on SecurityWeek.
Published on: July 25, 2025 | Source:Subliminal Learning in AIs
Todayβs freaky LLM behavior: We study subliminal learning, a surprising phenomenon where language models learn traits from model-generated data that is semantically unrelated to those traits. For example, a βstudentβ model learns to prefer owls when trained on sequences of numbers generated by a βteacherβ model that prefers owls. This same phenomenon can transmit misalignment through data that appears completely...
Published on: July 25, 2025 | Source:Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks
Threat hunters have disclosed two different malware campaigns that have targeted vulnerabilities and misconfigurations across cloud environments to deliver cryptocurrency miners. The threat activity clusters have been codenamed Soco404 and Koske by cloud security firms Wiz and Aqua, respectively. Soco404 "targets both Linux and Windows systems, deploying platform-specific malware," Wiz
Published on: July 25, 2025 | Source:Overcoming Risks from Chinese GenAI Tool Usage
A recent analysis of enterprise data suggests that generative AI tools developed in China are being used extensively by employees in the US and UK, often without oversight or approval from security teams. The study, conducted by Harmonic Security, also identifies hundreds of instances in which sensitive data was uploaded to platforms hosted in China, raising concerns over compliance, data
Published on: July 25, 2025 | Source:UK Student Sentenced to Prison for Selling Phishing Kits
Ollie Holman was sentenced to prison for selling over 1,000 phishing kits that caused estimated losses of over $134 million. The post UK Student Sentenced to Prison for Selling Phishing Kits appeared first on SecurityWeek.
Published on: July 25, 2025 | Source: