Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
USPS Impersonators Tap Trust in PDFs in Smishing Attack Wave
Attackers aim to steal people's personal and payment-card data in the campaign, which dangles the threat of an undelivered package and has the potential to reach organizations in more than 50 countries.
Published on: January 27, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Crisis Simulations: A Top 2025 Concern for CISOs
CISOs are planning to adjust their budgets this year to reflect their growing concerns for cybersecurity preparedness in the event of a cyberattack.
Published on: January 27, 2025 | Source:DeepSeek AI claims services are facing βlarge-scale malicious attacksβΒ
As its low-cost AI model receives accolades, the Chinese company says ongoing attacks on its services are making it harder for new users to sign up. The post DeepSeek AI claims services are facing βlarge-scale malicious attacksβ appeared first on CyberScoop.
Published on: January 27, 2025 | Source:TalkTalk Confirms Data Breach, Downplays Impact
UK telecoms firm TalkTalk has confirmed falling victim to a data breach after a threat actor boasted about hacking it. The post TalkTalk Confirms Data Breach, Downplays Impact appeared first on SecurityWeek.
Published on: January 27, 2025 | Source:LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity
Vulnerabilities in LTE/5G core infrastructure, some remotely exploitable, could lead to persistent denial-of-service to entire cities. The post LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity appeared first on SecurityWeek.
Published on: January 27, 2025 | Source:Cyber Insights 2025: Cybersecurity Regulatory Mayhem
Cybersecurity regulations are facing a tipping point. There are too many and they are too complex to manage β and itβs getting worse. The post Cyber Insights 2025: Cybersecurity Regulatory Mayhem appeared first on SecurityWeek.
Published on: January 27, 2025 | Source:Open-source security spat leads companies to join forces for new tool
A companyβs licensing change to a static analysis tool has forced 10 companies together to create Opengrep. The post Open-source security spat leads companies to join forces for new tool appeared first on CyberScoop.
Published on: January 27, 2025 | Source:Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST
Opengrep is a new consortium-backed fork of Semgrep, intended to be and remain a true genuine OSS SAST tool. The post Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST appeared first on SecurityWeek.
Published on: January 27, 2025 | Source:The Case for Proactive, Scalable Data Protection
Whether you're facing growing data demands and increased cyber threats, or simply looking to future-proof your business, it's time to consider the long-term benefits of transitioning to a cloud-first infrastructure.
Published on: January 27, 2025 | Source:GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user's Git credentials. "Git implements a protocol called Git Credential Protocol to retrieve credentials from the credential helper," GMO Flatt Security researcher Ry0taK, who discovered the flaws
Published on: January 27, 2025 | Source:Building Automation Protocols Increasingly Targeted in OT Attacks: Report
Industrial automation protocols continue to be the most targeted in OT attacks, but building automation systems have been increasingly targeted. The post Building Automation Protocols Increasingly Targeted in OT Attacks: Report appeared first on SecurityWeek.
Published on: January 27, 2025 | Source:Git Vulnerabilities Led to Credentials Exposure
Vulnerabilities in Gitβs credential retrieval protocol could have allowed attackers to compromise user credentials. The post Git Vulnerabilities Led to Credentials Exposure appeared first on SecurityWeek.
Published on: January 27, 2025 | Source:β‘ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January]
Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, weβre breaking down the sophisticated world of AI-driven threats, key updates in regulations, and some urgent vulnerabilities in healthcare tech that need our attention. As we unpack these complex topics, we'll equip you with sharp insights to
Published on: January 27, 2025 | Source:New VPN Backdoor
A newly discovered VPN backdoor uses some interesting tactics to avoid detection: When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work canβt be leveraged by competing groups or detected by defenders. One countermeasure is to equip the backdoor with a passive agent that remains dormant until it receives whatβs known in the business as a βmagic packet.β On...
Published on: January 27, 2025 | Source:Change Healthcare Data Breach Impact Grows to 190 Million Individuals
The impact of the Change Healthcare ransomware-caused data breach has increased from 100 million to 190 million individuals. The post Change Healthcare Data Breach Impact Grows to 190 Million Individuals appeared first on SecurityWeek.
Published on: January 27, 2025 | Source:Do We Really Need The OWASP NHI Top 10?
The Open Web Application Security Project has recently introduced a new Top 10 project - the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists. Non-human identity security represents an emerging
Published on: January 27, 2025 | Source:GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities
A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities. The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and PseudoGamaredon.
Published on: January 27, 2025 | Source:MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks
Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC. "MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or a JScript file,"
Published on: January 27, 2025 | Source:Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks
A high-severity security flaw has been disclosed in Meta's Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server. The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the other hand, has assigned it a
Published on: January 26, 2025 | Source:CISOs Are Gaining C-Suite Swagger, but Has It Come With a Cost?
The number of CISOs who report directly to the CEO is up sharply in recent years, but many still say it's not enough to secure adequate resources.
Published on: January 24, 2025 | Source:Friday Squid Blogging: Beaked Whales Feed on Squid
A Traversβ beaked whale (Mesoplodon traversii) washed ashore in New Zealand, and scientists conlcuded that βthe prevalence of squid remains [in its stomachs] suggests that these deep-sea cephalopods form a significant part of the whaleβs diet, similar to other beaked whale species.β Blog moderation policy.
Published on: January 24, 2025 | Source:DoJ Busts Up Another Multinational DPRK IT Worker Scam
A departmentwide initiative has now led to five major law enforcement actions, in an attempt to curb the increasingly common trend of North Korean hackers posing as IT job applicants.
Published on: January 24, 2025 | Source:MITRE's Latest ATT&CK Simulations Tackle Cloud Defenses
The MITRE framework's applied exercise provides defenders with critical feedback about how to detect and defend against common, but sophisticated, attacks.
Published on: January 24, 2025 | Source:Cisco: Critical Meeting Management Bug Requires Urgent Patch
The bug has been given a 9.9 CVSS score, and could allow authenticated threat actors to escalate their privileges to admin-level if exploited.
Published on: January 24, 2025 | Source:3 Use Cases for Third-Party API Security
Third-party API security requires a tailored approach for different scenarios. Learn how to adapt your security strategy to outbound data flows, inbound traffic, and SaaS-to-SaaS interconnections.
Published on: January 24, 2025 | Source:Strengthening Our National Security in the AI Era
For the first time in a long while, the federal government and the software sector alike finally have the tools and resources needed to do security well β consistently and cost-effectively.
Published on: January 24, 2025 | Source:Subaru Starlink Vulnerability Exposed Cars to Remote Hacking
A vulnerability in Subaruβs Starlink connected vehicle service exposed US, Canada, and Japan vehicle and customer accounts. The post Subaru Starlink Vulnerability Exposed Cars to Remote Hacking appeared first on SecurityWeek.
Published on: January 24, 2025 | Source:North Korean Fake IT Workers More Aggressively Extorting Enterprises
North Korean fake IT workers are more aggressively extorting their employers in response to law enforcement actions. The post North Korean Fake IT Workers More Aggressively Extorting Enterprises appeared first on SecurityWeek.
Published on: January 24, 2025 | Source:In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York for $2 million, trojanized RAT builder targets script kiddies. The post In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies appeared first on SecurityWeek.
Published on: January 24, 2025 | Source:RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations
A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network. The 119 vulnerabilities, assigned 97 unique CVE identifiers, span seven LTE implementations β Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC,
Published on: January 24, 2025 | Source:US Charges Five People Over North Korean IT Worker Scheme
The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to North Korea. The post US Charges Five People Over North Korean IT Worker Scheme appeared first on SecurityWeek.
Published on: January 24, 2025 | Source:CISA Warns of Old jQuery Vulnerability Linked to Chinese APT
CISA has added the JQuery flaw CVE-2020-11023, previously linked to APT1, to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Warns of Old jQuery Vulnerability Linked to Chinese APT appeared first on SecurityWeek.
Published on: January 24, 2025 | Source:Millions Impacted by PowerSchool Data Breach
Four decades of student and educator information was stolen from PowerSchool β tens of millions are potentially affected. The post Millions Impacted by PowerSchool Data Breach appeared first on SecurityWeek.
Published on: January 24, 2025 | Source:Cyber Insights 2025: Social Engineering Gets AI Wings
Business resilience must be the ultimate purpose of all the security controls and processes we employ, because we will never conclusively defeat or protect ourselves from social engineering. The post Cyber Insights 2025: Social Engineering Gets AI Wings appeared first on SecurityWeek.
Published on: January 24, 2025 | Source:Hackers Earn $886,000 at Pwn2Own Automotive 2025 for Charger, OS, Infotainment Exploits
Pwn2Own Automotive 2025 has come to an end and participants have earned a total of $886,000 for exploits targeting EV chargers and infotainment systems. The post Hackers Earn $886,000 at Pwn2Own Automotive 2025 for Charger, OS, Infotainment Exploits appeared first on SecurityWeek.
Published on: January 24, 2025 | Source: