Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXChina Exploited New VMware Bug for Nearly a Year
A seemingly benign privilege-escalation process in VMware and other software has likely benefited attackers and other malware strains for years, researchers noted.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
$50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections
A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors. "We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during startup and passing all trust checks," researchers Jesse De Meulemeester, David Oswald, Ingrid
New $50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections
A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors. "We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during startup and passing all trust checks," researchers Jesse De Meulemeester, David Oswald, Ingrid
DOJ, Georgia Tech affiliate company settle over alleged failure to meet DOD contract cyber requirements
The company agreed to pay $875,000, with neither side conceding to the other as part of resolving the suit. The post DOJ, Georgia Tech affiliate company settle over alleged failure to meet DOD contract cyber requirements appeared first on CyberScoop.
Watchdog: Cyber threat information-sharing programβs future uncertain with expected expiration of 2015 law
A DHS inspector general report found that CISA doesnβt have plans for what to do with AIS if the Cybersecurity Information Sharing Act lapses. The post Watchdog: Cyber threat information-sharing programβs future uncertain with expected expiration of 2015 law appeared first on CyberScoop.
Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware
Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously undocumented China-aligned nation-state actor dubbed Phantom Taurus over the past two-and-a-half years. "Phantom Taurus' main focus areas include ministries of foreign affairs, embassies, geopolitical events, and military operations," Palo Alto Networks Unit 42
Anthropic touts safety, security improvements in Claude Sonnet 4.5
Even with all the testing, the company said in its released research that the model tightened up once it was βawareβ it was being evaluated. The post Anthropic touts safety, security improvements in Claude Sonnet 4.5 appeared first on CyberScoop.
Google Patches Gemini AI Hacks Involving Poisoned Logs, Search Results
Researchers found more methods for tricking an AI assistant into aiding sensitive data theft. The post Google Patches Gemini AI Hacks Involving Poisoned Logs, Search Results appeared first on SecurityWeek.
Can Shadow AI Risks Be Stopped?
Agentic AI has introduced abundant shadow artificial intelligence (AI) risks. Cybersecurity startup Entro Security extends its platform to help enterprises combat the growing issue.
Researchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud Exploits
Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft. "They made Gemini vulnerable to search-injection attacks on its Search Personalization Model; log-to-prompt injection attacks against Gemini Cloud
Microsoft Expands Sentinel Into Agentic Security Platform With Unified Data Lake
Microsoft on Tuesday unveiled the expansion of its Sentinel Security Incidents and Event Management solution (SIEM) as a unified agentic platform with the general availability of the Sentinel data lake. In addition, the tech giant said it's also releasing a public preview of Sentinel Graph and Sentinel Model Context Protocol (MCP) server to turn telemetry into a security graph and allow AI
Mondoo Raises $17.5 Million for Vulnerability Management Platform
Mondoo has raised more than $32 million in total, with the latest funding round led by HV Capital. The post Mondoo Raises $17.5 Million for Vulnerability Management Platform appeared first on SecurityWeek.
New Guidance Calls on OT Operators to Create Continually Updated System Inventory
Agencies in several countries have created guidance titled βCreating and Maintaining a Definitive View of Your OT Architectureβ. The post New Guidance Calls on OT Operators to Create Continually Updated System Inventory appeared first on SecurityWeek.
California Gov. Gavin Newsom Signs Bill Creating AI Safety Measures
The Transparency in Frontier Artificial Intelligence Act (TFAIA) requires AI companies to implement and disclose publicly safety protocols to prevent their most advanced models from being used to cause major harm. The post California Gov. Gavin Newsom Signs Bill Creating AI Safety Measures appeared first on SecurityWeek.
Stop Alert Chaos: Context Is the Key to Effective Incident Response
The Problem: Legacy SOCs and Endless Alert Noise Every SOC leader knows the feeling: hundreds of alerts pouring in, dashboards lighting up like a slot machine, analysts scrambling to keep pace. The harder they try to scale people or buy new tools, the faster the chaos multiplies. The problem is not just volume; it is the model itself. Traditional SOCs start with rules, wait for alerts to fire,
Details of a Scam
Longtime Crypto-Gram readers know that I collect personal experiences of people being scammed. Hereβs an almost: Then he added, βHere at Chase, weβll never ask for your personal information or passwords.β On the contrary, he gave me more informationβtwo βcancellation codesβ and a long case number with four letters and 10 digits. Thatβs when he offered to transfer me to his supervisor. That simple phrase, familiar from...
Webinar Today: AI and the Trust Dilemma: Balancing Innovation and Risk
Webinar: How do you embrace AIβs potential while defending against its threats? The post Webinar Today: AI and the Trust Dilemma: Balancing Innovation and Risk appeared first on SecurityWeek.
Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024
A newly patched security flaw impacting Broadcom VMware Tools and VMware Aria Operations has been exploited in the wild as a zero-day since mid-October 2024 by a threat actor called UNC5174, according to NVISO Labs. The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), a local privilege escalation bug affecting the following versions - VMware Cloud Foundation 4.x and 5.x VMware
Apple Updates iOS and macOS to Prevent Malicious Font Attacks
The vulnerability could lead to a denial-of-service condition or memory corruption when a malicious font is processed. The post Apple Updates iOS and macOS to Prevent Malicious Font Attacks appeared first on SecurityWeek.
'Trifecta' of Google Gemini Flaws Turn AI Into Attack Vehicle
Flaws in individual models of Google's AI suite created significant security and privacy risks for users, demonstrating the need for heightened defenses.
Cyberattack on Beer Giant Asahi Disrupts ProductionΒ
The incident has resulted in a system failure that impacted orders and shipments in Japan, and call center operations. The post Cyberattack on Beer Giant Asahi Disrupts Production appeared first on SecurityWeek.
New Android Trojan βDatzbroβ Tricking Elderly with AI-Generated Facebook Travel Events
Cybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover (DTO) attacks and perform fraudulent transactions by preying on the elderly. Dutch mobile security company ThreatFabric said it discovered the campaign in August 2025 after users in Australia reported scammers managing Facebook groups promoting "active senior
Evolving Enterprise Defense to Secure the Modern AI Supply Chain
The world of enterprise technology is undergoing a dramatic shift. Gen-AI adoption is accelerating at an unprecedented pace, and SaaS vendors are embedding powerful LLMs directly into their platforms. Organizations are embracing AI-powered applications across every function, from marketing and development to finance and HR. This transformation unlocks innovation and efficiency, but it also
U.K. Police Just Seized Β£5.5 Billion in Bitcoin β The Worldβs Largest Crypto Bust
A Chinese national has been convicted for her role in a fraudulent cryptocurrency scheme after law enforcement authorities in the U.K. confiscated 5.5 billion (about $7.39 billion) during a raid of her home in London. The cryptocurrency seizure, amounting to 61,000 Bitcoin, is believed to be the single largest such effort in the world, the Metropolitan Police said. Zhimin Qian (aka Yadi Zhang),
AI-Powered Voice Cloning Raises Vishing Risks
A researcher-developed framework could enable attackers to conduct real-time conversations using simulated audio to compromise organizations and extract sensitive information.
CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to
IoT Security Flounders Amid Churning Risk
The Internet of Things (IoT) has made everything more interconnected, but an important US government security initiative is stuck in limbo while threat actors step up attacks on everything from medical gear to printers.
Sneaky, Malicious MCP Server Exfiltrates Secrets via BCC
The first known malicious MCP server is an AI integration tool that automatically sends email such as those related to password resets, account confirmations, security alerts, invoices, and receipts to threat actors.
Two-thirds of CISA personnel could be sent home under shutdown
A DHS plan estimates that it would keep nearly 900 CISA workers on the job during a lapse in federal funding. The post Two-thirds of CISA personnel could be sent home under shutdown appeared first on CyberScoop.
Akira Hits SonicWall VPNs in Broad Ransomware Campaign
Akira ransomware actors are currently targeting SonicWall firewall customers vulnerable to a bug discovered last year.
Interpol operation disrupts romance scam and sextortion networks in Africa
Authorities arrested 260 cybercrime suspects during a two-week operation spanning 14 African countries, Interpol announced Friday. The globally coordinated summertime crackdown dubbed βOperation Contender 3.0β targeted criminal networks that facilitated romance scams and sextortion, officials said. Interpol said total losses attributed to the scam syndicates amounted to about $2.8 million, involving almost 1,500...
EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations
Threat actors have been observed using seemingly legitimate artificial intelligence (AI) tools and software to sneakily slip malware for future attacks on organizations worldwide. According to Trend Micro, the campaign is using productivity or AI-enhanced tools to deliver malware targeting various regions, including Europe, the Americas, and the Asia, Middle East, and Africa (AMEA) region.
Ukrainian Cops Spoofed in Fileless Phishing Attacks on Kyiv
Attackers impersonate the National Police of Ukraine to deploy Amatera Stealer and PureMiner, using malicious Scalable Vector Graphics to trick victims.
β‘ Weekly Recap: Cisco 0-Day, Record DDoS, LockBit 5.0, BMC Bugs, ShadowV2 Botnet & More
Cybersecurity never stopsβand neither do hackers. While you wrapped up last week, new attacks were already underway. From hidden software bugs to massive DDoS attacks and new ransomware tricks, this weekβs roundup gives you the biggest security moves to know. Whether youβre protecting key systems or locking down cloud apps, these are the updates you need before making your next security
The State of AI in the SOC 2025 - Insights from Recent StudyΒ
Security leaders are embracing AI for triage, detection engineering, and threat hunting as alert volumes and burnout hit breaking points. A comprehensive survey of 282 security leaders at companies across industries reveals a stark reality facing modern Security Operations Centers: alert volumes have reached unsustainable levels, forcing teams to leave critical threats uninvestigated. You can