Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
OAuth Flaw Exposed Millions of Airline Users to Account Takeovers
The now-fixed vulnerability involved a major travel services company that's integrated with dozens of airline websites worldwide.
Published on: January 28, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Phishing Campaign Baits Hook With Malicious Amazon PDFs
In their discovery, researchers found 31 PDF files linking to these phishing websites, none of which have been yet submitted to VirusTotal.
Published on: January 28, 2025 | Source:VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer
VMware warns that a malicious user with network access may be able to use specially crafted SQL queries to gain database access. The post VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer appeared first on SecurityWeek.
Published on: January 28, 2025 | Source:Super Bowl LIX Could Be a Magnet for Cyberattacks
Concerns include everything from ransomware, malware, and phishing attacks on the game's infrastructure to those targeting event sponsors and fans.
Published on: January 28, 2025 | Source:Lawsuit claims systems behind OPM governmentwide email blast are illegal, insecure
A pair of whistleblowers believe the office skirted the law by not conducting a privacy impact assessment for an alleged βon-premβ server used to send mass emails to federal employees and store information from responses. The post Lawsuit claims systems behind OPM governmentwide email blast are illegal, insecure appeared first on CyberScoop.
Published on: January 28, 2025 | Source:National security risks in routers, modems targeted in bipartisan Senate bill
A separate piece of bipartisan Senate legislation would create a cyber insurance working group. The post National security risks in routers, modems targeted in bipartisan Senate bill appeared first on CyberScoop.
Published on: January 28, 2025 | Source:Data Privacy Day 2025: Time for Data Destruction to Become Standard Business Practice
Compliance standards are mandating better data security. There are several ways to do this, but most organizations would admit that erasure is not one of them.
Published on: January 28, 2025 | Source:PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks
A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany. The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a previously undocumented backdoor dubbed TorNet that's delivered by means of PureCrypter. TorNet is so
Published on: January 28, 2025 | Source:Reporting a Breach or Vuln? Be Sure Your Lawyer's on Call
Globally, security researchers and whistleblowers face increasingly hostile laws and judiciaries that are ready to levy fines and prison sentences.
Published on: January 28, 2025 | Source:Eclypsium Eyes Global Expansion with $45 Million Series C Investment
The investment includes equity and debt from new investors Qualcomm Ventures, Pavilion Capital, Singtel Innov8, and Sixty Degree Capital. The post Eclypsium Eyes Global Expansion with $45 Million Series C Investment appeared first on SecurityWeek.
Published on: January 28, 2025 | Source:Appleβs latest patch closes zero-day affecting wide swath of products
The zero-day impacts Appleβs framework that manages audio and video playback. The post Appleβs latest patch closes zero-day affecting wide swath of products appeared first on CyberScoop.
Published on: January 28, 2025 | Source:Cryptographic Agility's Legislative Possibilities & Business Benefits
Quantum computing will bring new security risks. Both professionals and legislators need to use this time to prepare.
Published on: January 28, 2025 | Source:OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking
Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals. "By exploiting this flaw, attackers can gain unauthorized access to any userβs account within the system, effectively allowing them to impersonate the victim and perform an array of actions on their behalf β including
Published on: January 28, 2025 | Source:Hackers Drain Over $85 Million From Crypto Exchange Phemex
Hackers stole more than $85 million in crypto assets from hot wallets at cryptocurrency exchange Phemex. The post Hackers Drain Over $85 Million From Crypto Exchange Phemex appeared first on SecurityWeek.
Published on: January 28, 2025 | Source:NinjaOne to Acquire Dropsuite for $252 Million
Endpoint management and security firm NinjaOne to acquire cloud data backup, archiving, and recovery solutions provider Dropsuite for $252 million. The post NinjaOne to Acquire Dropsuite for $252 Million appeared first on SecurityWeek.
Published on: January 28, 2025 | Source:European Union Sanctions Russian Nationals for Hacking Estonia
The European Union has added three Russian nationals to its sanctions list for their involvement in cyberattacks against Estonia. The post European Union Sanctions Russian Nationals for Hacking Estonia appeared first on SecurityWeek.
Published on: January 28, 2025 | Source:DeepSeek Blames Disruption on Cyberattack as Vulnerabilities Emerge
Chinaβs DeepSeek blamed sign-up disruptions on a cyberattack as researchers started finding vulnerabilities in the R1 AI model. The post DeepSeek Blames Disruption on Cyberattack as Vulnerabilities Emerge appeared first on SecurityWeek.
Published on: January 28, 2025 | Source:CISA Under Trump
Jen Easterly is out as the Director of CISA. Read her final interview: Thereβs a lot of unfinished business. We have made an impact through our ransomware vulnerability warning pilot and our pre-ransomware notification initiative, and Iβm really proud of that, because we work on preventing somebody from having their worst day. But ransomware is still a problem. We have been laser-focused on PRC cyber actors. That will...
Published on: January 28, 2025 | Source:ENGlobal Says Personal Information Accessed in Ransomware Attack
ENGlobal has informed the SEC that personal information was compromised in a November 2024 ransomware attack. The post ENGlobal Says Personal Information Accessed in Ransomware Attack appeared first on SecurityWeek.
Published on: January 28, 2025 | Source:Actively Exploited Fortinet Zero-Day Gives Attackers Super-Admin Privileges
The firewall specialist has patched the security flaw, which was responsible for a series of attacks reported earlier this month that compromised FortiOS and FortiProxy products exposed to the public Internet.
Published on: January 28, 2025 | Source:SonicWall Confirms Exploitation of New SMA Zero-Day
SonicWall has confirmed that an SMA 1000 zero-day tracked as CVE-2025-23006 has been exploited in the wild. The post SonicWall Confirms Exploitation of New SMA Zero-Day appeared first on SecurityWeek.
Published on: January 28, 2025 | Source:AI SOC Analysts: Propelling SecOps into the future
Triaging and investigating alerts is central to security operations. As SOC teams strive to keep up with ever-increasing alert volumes and complexity, modernizing SOC automation strategies with AI has emerged as a critical solution. This blog explores how an AI SOC Analyst transforms alert management, addressing key SOC challenges while enabling faster investigations and responses. Security
Published on: January 28, 2025 | Source:Ransomware Targets ESXi Systems via Stealthy SSH Tunnels for C2 Operations
Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar. "ESXi appliances, which are unmonitored, are increasingly exploited as a persistence mechanism and gateway to access corporate networks widely," Sygnia
Published on: January 28, 2025 | Source:Apple Patches First Exploited iOS Zero-Day of 2025
Apple has released fixes for dozens of vulnerabilities in its mobile and desktop products, including an iOS zero-day exploited in attacks. The post Apple Patches First Exploited iOS Zero-Day of 2025 appeared first on SecurityWeek.
Published on: January 28, 2025 | Source:How Long Does It Take Hackers to Crack Modern Hashing Algorithms?
While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity. Hashing, however, remains a non-negotiable. Even long secure passphrases should be hashed to prevent them
Published on: January 28, 2025 | Source:E.U. Sanctions 3 Russian Nationals for Cyber Attacks Targeting Estoniaβs Key Ministries
The Council of the European Union has sanctioned three individuals for allegedly carrying out "malicious cyber activities" against Estonia. The three Russian nationals β Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov β are officers of the General Staff of the Armed Forces of the Russian Federation (GRU) Unit 29155, it said. Per the council decision, all the
Published on: January 28, 2025 | Source:Top-Rated Chinese AI App DeepSeek Limits Registrations Amid Cyberattacks
DeepSeek, the Chinese AI startup that has captured much of the artificial intelligence (AI) buzz in recent days, said it's restricting registrations on the service, citing malicious attacks. "Due to large-scale malicious attacks on DeepSeek's services, we are temporarily limiting registrations to ensure continued service," the company said in an incident report page. "Existing users can log in
Published on: January 28, 2025 | Source:Going (for) broke: 6 common online betting scams and how to avoid them
Donβt roll the dice on your online safety β watch out for bogus sports betting apps and other traps commonly set by scammers
Published on: January 28, 2025 | Source:Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More
Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild. The vulnerability,tracked as CVE-2025-24085 (CVSS scores: 7.3/7.8), has been described as a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to
Published on: January 28, 2025 | Source:A Tumultuous Week for Federal Cybersecurity Efforts
President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation's cybersecurity posture. The president fired all advisors from the Department of Homeland Security's Cyber Safety Review Board, called for the creation of a strategic cryptocurrency reserve, and voided a Biden administration action that sought to reduce the risks that artificial...
Published on: January 28, 2025 | Source:For $50, Cyberattackers Can Use GhostGPT to Write Malicious Code
Malware writing is only one of several malicious activities for which the new, uncensored generative AI chatbot can be used.
Published on: January 27, 2025 | Source:Apple Patches Actively Exploited Zero-Day Vulnerability
The Apple iOS 18.3 update fixes 28 other vulnerabilities identified by the tech company, though there is little information on them.
Published on: January 27, 2025 | Source:Spectral Capital Files Quantum Cybersecurity Patent
Published on: January 27, 2025 | Source:
Change Healthcare Breach Impact Doubles to 190M People
One of the largest data breaches in history was apparently twice as impactful as previously thought, with PII belonging to hundreds of millions of people sitting in the hands of cybercriminals.
Published on: January 27, 2025 | Source: