Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below - CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote
Published on: February 06, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Basket of Bank Trojans Defraud Citizens of East India
Cheap banking scams are often easier to pull off in a country with older devices, fewer regulations, and experienced fraudsters.
Published on: February 06, 2025 | Source:Researchers Link DeepSeekβs Blockbuster Chatbot to Chinese Telecom Banned From Doing Business in US
DeepSeek has computer code that could send some user login information to China Mobile. The post Researchers Link DeepSeekβs Blockbuster Chatbot to Chinese Telecom Banned From Doing Business in US appeared first on SecurityWeek.
Published on: February 05, 2025 | Source:Why Cybersecurity Needs Probability β Not Predictions
While probabilities may be based on subjective information, when used in an objective framework, they demonstrate an effective way to improve the value of hard decisions.
Published on: February 05, 2025 | Source:Lawmakers fear Elon Musk, DOGE not adhering to privacy rules
House members say Muskβs organization is βrunning roughshodβ over security and privacy standards, and senators worry about access to classified information. The post Lawmakers fear Elon Musk, DOGE not adhering to privacy rules appeared first on CyberScoop.
Published on: February 05, 2025 | Source:Abandoned AWS Cloud Storage: A Major Cyberattack Vector
New research highlights how bad actors could abuse deleted AWS S3 buckets to create all sorts of mayhem, including a SolarWinds-style supply chain attack.
Published on: February 05, 2025 | Source:How Agentic AI will be Weaponized for Social Engineering Attacks
With each passing year, social engineering attacks are becoming bigger and bolder thanks to rapid advancements in artificial intelligence. The post How Agentic AI will be Weaponized for Social Engineering Attacks appeared first on SecurityWeek.
Published on: February 05, 2025 | Source:Attackers Target Education Sector, Hijack Microsoft Accounts
A sophisticated cyberattack campaign is targeting organizations that still rely on Active Directory Federation Services (ADFS) for authentication across applications and services.
Published on: February 05, 2025 | Source:Infosec pros: We need CVSS, warts and all
The Common Vulnerability Scoring System has a lot of critics, but experts say itβs still the best unified way to share the severity of cybersecurity flaws. The post Infosec pros: We need CVSS, warts and all appeared first on CyberScoop.
Published on: February 05, 2025 | Source:Hacker Conversations: David Kennedy β an Atypical Typical Hacker
David Kennedy is a hacker. There is no doubt about that. He has qualities common among hackers, but also many differences. The post Hacker Conversations: David Kennedy β an Atypical Typical Hacker appeared first on SecurityWeek.
Published on: February 05, 2025 | Source:Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign
The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems. According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of
Published on: February 05, 2025 | Source:Cybersecurity M&A Roundup: 45 Deals Announced in January 2025
A significant number of cybersecurity-related merger and acquisition (M&A) deals announced in January 2025. The post Cybersecurity M&A Roundup: 45 Deals Announced in January 2025 appeared first on SecurityWeek.
Published on: February 05, 2025 | Source:Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts
Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover (ATO) attacks on Microsoft 365 environments. Enterprise security company Proofpoint said it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP responses from web servers with the goal of conducting ATO attacks. "Originally sourced from public
Published on: February 05, 2025 | Source:Riot Raises $30 Million for Employee Cybersecurity Solution
Riot has raised $30 million in Series B funding for a platform that helps employees improve their cybersecurity posture. The post Riot Raises $30 Million for Employee Cybersecurity Solution appeared first on SecurityWeek.
Published on: February 05, 2025 | Source:Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks
A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan. "This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector," Seqrite Labs researcher Subhajeet Singha said in a technical report
Published on: February 05, 2025 | Source:Abandoned Amazon S3 Buckets Enabled Attacks Against Governments, Big Firms
150 abandoned Amazon S3 buckets could have been leveraged to deliver malware or backdoors to governments and Fortune companies. The post Abandoned Amazon S3 Buckets Enabled Attacks Against Governments, Big Firms appeared first on SecurityWeek.
Published on: February 05, 2025 | Source:New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack
Veeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2025-23114, carries a CVSS score of 9.0 out of 10.0. "A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code
Published on: February 05, 2025 | Source:On Generative AI Security
Microsoftβs AI Red Team just published βLessons from Red Teaming 100 Generative AI Products.β Their blog post lists βthree takeaways,β but the eight lessons in the report itself are more useful: Understand what the system can do and where it is applied. You donβt have to compute gradients to break an AI system. AI red teaming is not safety benchmarking. Automation can help cover more of the risk landscape. The human...
Published on: February 05, 2025 | Source:Chrome 133, Firefox 135 Patch High-Severity Vulnerabilities
Chrome 133 and Firefox 135 were released with patches for multiple high-severity memory safety vulnerabilities. The post Chrome 133, Firefox 135 Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Published on: February 05, 2025 | Source:Navigating the Future: Key IT Vulnerability Management TrendsΒ
As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers (MSPs) and IT teams. Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify and address potential security flaws. Staying informed on these trends can help MSPs and IT teams
Published on: February 05, 2025 | Source:Patch or perish: How organizations can master vulnerability management
Donβt wait for a costly breach to provide a painful reminder of the importance of timely software patching
Published on: February 05, 2025 | Source:AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks
A malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels. "AsyncRAT is a remote access trojan (RAT) that exploits the async/await pattern for efficient, asynchronous communication," Forcepoint X-Labs researcher Jyotika Singh said in an analysis. "It allows attackers to control infected systems
Published on: February 05, 2025 | Source:Nigeria Touts Cyber Success, Even as Cybercrime Rises in Africa
Organizations continue to be at high risk from cybercrime in Africa, despite law enforcement takedowns of cybercriminal syndicates in Nigeria and other African nations.
Published on: February 05, 2025 | Source:CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized
Published on: February 05, 2025 | Source:How Are Modern Fraud Groups Using GenAI and Deepfakes?
Fraud groups are using cutting-edge technology to scale their operations to create fake identities and execute fraud campaigns.
Published on: February 04, 2025 | Source:Backline Tackles Enterprise Security Backlogs With AI
The security startup's autonomous security remediation platform uses off-the-shelf large language models (LLMs) to analyze security alerts and apply the fixes.
Published on: February 04, 2025 | Source:Credential Theft Becomes Cybercriminals' Favorite Target
Researchers measured a threefold increase in credential stealing between 2023 and 2024, with more than 11.3 million such thefts last year.
Published on: February 04, 2025 | Source:Ferret Malware Added to 'Contagious Interview' Campaign
Targets are lured into a fake interview process that convinces them to download malware needed for a virtual interview.
Published on: February 04, 2025 | Source:Sophos Completes Acquisition of Secureworks
Sophos has completed its $859 million all-cash acquisition of SecureWorks. The post Sophos Completes Acquisition of Secureworks appeared first on SecurityWeek.
Published on: February 04, 2025 | Source:Cybercriminals Court Traitorous Insiders via Ransom Notes
Ransomware actors are offering individuals millions to turn on their employers and divulge private company information, in a brand-new cybercrime tactic.
Published on: February 04, 2025 | Source:Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud
Funnull CDN rents IPs from legitimate cloud service providers and uses them to host criminal websites, continuously cycling cloud resources in and out of use and acquiring new ones to stay ahead of cyber-defender detection.
Published on: February 04, 2025 | Source:Exploitation of Over 700 Vulnerabilities Came to Light in 2024
The number of vulnerabilities first reported as exploited surged last year amid a decrease in zero-day reports. The post Exploitation of Over 700 Vulnerabilities Came to Light in 2024 appeared first on SecurityWeek.
Published on: February 04, 2025 | Source:Cybersecurity, government experts are aghast at security failures in DOGE takeover
Elon Muskβs takeover of key systems across the federal government is ignoring decades of laws, regulations and procedures, experts told CyberScoop. The post Cybersecurity, government experts are aghast at security failures in DOGE takeover appeared first on CyberScoop.
Published on: February 04, 2025 | Source:CISO Forum Webinar: Defenders on the Frontline β Incident Response and Threat Intel Under the MicroscopeΒ
Join this panel of CISOs and threat-intel professionals for a deep-dive on aligning incident response and threat intelligence with broader business objectives. The post CISO Forum Webinar: Defenders on the Frontline β Incident Response and Threat Intel Under the Microscope appeared first on SecurityWeek.
Published on: February 04, 2025 | Source:Whoβs Behind the Seized Forums βCrackedβ & βNulledβ?
The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled, English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent co-founders quite openly operate an Internet service provider and a pair of e-commerce platforms catering to buyers and sellers on...
Published on: February 04, 2025 | Source: