Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Android security update includes patch for actively exploited vulnerabilityΒ
The monthly update closes 47 security vulnerabilities in total. The post Android security update includes patch for actively exploited vulnerability appeared first on CyberScoop.
Published on: February 04, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Managing Software Risk in a World of Exploding Vulnerabilities
Organizations and development teams need to evolve from "being prepared" to "managing the risk" of security breaches.
Published on: February 04, 2025 | Source:Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module (github.com/boltdb/bolt), per Socket. The malicious version (1.3.1) was published to
Published on: February 04, 2025 | Source:Roeland Nusselder: AI will eat all our energy, unless we make it tiny | Starmus highlights
Left unchecked, AI's energy and carbon footprint could become a significant concern. Can our AI systems be far less energy-hungry without sacrificing performance?
Published on: February 04, 2025 | Source:AMD Patches CPU Vulnerability That Could Break Confidential Computing Protections
AMD has released patches for a microprocessor vulnerability found by Google that could allow an attacker to load malicious microcode. The post AMD Patches CPU Vulnerability That Could Break Confidential Computing Protections appeared first on SecurityWeek.
Published on: February 04, 2025 | Source:Personal Information Compromised in GrubHub Data Breach
Food delivery firm GrubHub has disclosed a data breach impacting the personal information of drivers and customers. The post Personal Information Compromised in GrubHub Data Breach appeared first on SecurityWeek.
Published on: February 04, 2025 | Source:Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections
A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version 24.09. "The vulnerability was
Published on: February 04, 2025 | Source:North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS
The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process. "Targets are typically asked to communicate with an interviewer through a link that throws an error message and a request to install or update some required piece of software such as VCam or
Published on: February 04, 2025 | Source:Deepfakes and the 2024 US Election
Interesting analysis: We analyzed every instance of AI use in elections collected by the WIRED AI Elections Project (source for our analysis), which tracked known uses of AI for creating political content during elections taking place in 2024 worldwide. In each case, we identified what AI was used for and estimated the cost of creating similar content without AI. We find that (1) half of AI use isnβt deceptive, (2)...
Published on: February 04, 2025 | Source:Cyber Insights 2025: The CISO Outlook
There has never been a single job description for the CISO β the role depends upon each company, its maturity, its size and resources, and the risk tolerance of boards. The post Cyber Insights 2025: The CISO Outlook appeared first on SecurityWeek.
Published on: February 04, 2025 | Source:Developers Targeted With Malware Disguised as DeepSeek Package
Python developers looking to integrate DeepSeek into their projects were targeted with malicious packages delivered through PyPI. The post Developers Targeted With Malware Disguised as DeepSeek Package appeared first on SecurityWeek.
Published on: February 04, 2025 | Source:Contec Patient Monitors Not Malicious, but Still Pose Big Risk to Healthcare
The Contec CMS8000 patient monitors do not contain a malicious backdoor but are plagued by an insecure and vulnerable design. The post Contec Patient Monitors Not Malicious, but Still Pose Big Risk to Healthcare appeared first on SecurityWeek.
Published on: February 04, 2025 | Source:Watch Out For These 8 Cloud Security Shifts in 2025
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Letβs take a
Published on: February 04, 2025 | Source:Hereβs all the ways an abandoned cloud instance can cause security issues
Research released Tuesday by watchTowr shows how easy an old storage bucket can be repurposed by malicious attackers. The post Hereβs all the ways an abandoned cloud instance can cause security issues appeared first on CyberScoop.
Published on: February 04, 2025 | Source:Vulnerability Patched in Android Possibly Exploited by Forensic Tools
The February 2025 Android patches resolve 46 vulnerabilities, including a Linux kernel bug that has been exploited in the wild. The post Vulnerability Patched in Android Possibly Exploited by Forensic Tools appeared first on SecurityWeek.
Published on: February 04, 2025 | Source:Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks
Taiwan has become the latest country to ban government agencies from using Chinese startup DeepSeek's Artificial Intelligence (AI) platform, citing security risks. "Government agencies and critical infrastructure should not use DeepSeek, because it endangers national information security," according to a statement released by Taiwan's Ministry of Digital Affairs, per Radio Free Asia. "DeepSeek
Published on: February 04, 2025 | Source:AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access
A security vulnerability has been disclosed in AMD's Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions. The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity. "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local
Published on: February 04, 2025 | Source:Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service
Published on: February 04, 2025 | Source:Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104
Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver. Successful exploitation of the flaw could lead
Published on: February 04, 2025 | Source:Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform
Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks. This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf
Published on: February 04, 2025 | Source:DNSFilter's Annual Security Report Reveals Worrisome Spike in Malicious DNS Requests
Published on: February 03, 2025 | Source:
Interactive Online Training for Cybersecurity Professionals; Earn CPE Credits
Published on: February 03, 2025 | Source:
'Constitutional Classifiers' Technique Mitigates GenAI Jailbreaks
Anthropic says its Constitutional Classifiers approach offers a practical way to make it harder for bad actors to try and coerce an AI model off its guardrails.
Published on: February 03, 2025 | Source:Name That Edge Toon: In the Cloud
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
Published on: February 03, 2025 | Source:Microsoft Sets End Date for Defender VPN
Though Windows, iOS, and macOS users won't need to make any changes, Android users are advised to remove their Defender VPN profiles.
Published on: February 03, 2025 | Source:AI Malware Dressed Up as DeepSeek Packages Lurk in PyPi
Adversaries looking to ride the DeepSeek interest wave are taking advantage of developers in a rush to deploy the new technology, by using AI-generated malware against them.
Published on: February 03, 2025 | Source:Ransomware Groups Weathered Raids, Profited in 2024
Cybercriminals posted nearly 6,000 breaches to data-leak sites last yearβ and despite significant takedowns, they continued to thrive in a record-breaking year for ransomware.
Published on: February 03, 2025 | Source:XE Group Cybercrime Gang Moves from Credit Card Skimming to Zero-Day Exploits
Vietnamese cybercrime gang shifts from credit card-skimming to exploiting at least two zero-day vulnerabilities enterprise software product. The post XE Group Cybercrime Gang Moves from Credit Card Skimming to Zero-Day Exploits appeared first on SecurityWeek.
Published on: February 03, 2025 | Source:1-Click Phishing Campaign Targets High-Profile X Accounts
In an attack vector that's been used before, threat actors aim to commit crypto fraud by hijacking highly followed users, thus reaching a broad audience of secondary victims.
Published on: February 03, 2025 | Source:Proactive Vulnerability Management for Engineering Success
By integrating security into CI/CD, applying automated policies, and supporting developers with the right processes and tools, infosec teams can increase efficiency and build secure software.
Published on: February 03, 2025 | Source:Cyber Insights 2025: Quantum and the Threat to Encryption
2025 is an important year β it is probably our last chance to start our migration to post quantum cryptography before we are all undone by cryptographically relevant quantum computers. The post Cyber Insights 2025: Quantum and the Threat to Encryption appeared first on SecurityWeek.
Published on: February 03, 2025 | Source:768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023
As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before
Published on: February 03, 2025 | Source:From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts
The Vietnam-based group has grown more sophisticated since 2013, new research shows. The post From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts appeared first on CyberScoop.
Published on: February 03, 2025 | Source:PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages
The maintainers of the Python Package Index (PyPI) registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security. "Maintainers can now archive a project to let users know that the project is not expected to receive any more updates," Facundo Tuesca, senior engineer at Trail of Bits, said. In doing so, the idea is to
Published on: February 03, 2025 | Source:Casio Website Infected With SkimmerΒ
A threat actor has infected Casio UKβs website with a web skimmer on all pages, except the typical checkout page. The post Casio Website Infected With Skimmer appeared first on SecurityWeek.
Published on: February 03, 2025 | Source: