Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXThreatsday Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal & More
Welcome to this week’s Threatsday Bulletin—your Thursday check-in on the latest twists and turns in cybersecurity and hacking. The digital threat landscape never stands still. One week it’s a critical zero-day, the next it’s a wave of phishing lures or a state-backed disinformation push. Each headline is a reminder that the rules keep changing and that defenders—whether you’re protecting a
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
ThreatsDay Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal & More
Welcome to this week’s Threatsday Bulletin—your Thursday check-in on the latest twists and turns in cybersecurity and hacking. The digital threat landscape never stands still. One week it’s a critical zero-day, the next it’s a wave of phishing lures or a state-backed disinformation push. Each headline is a reminder that the rules keep changing and that defenders—whether you’re protecting a
Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network
The threat actor known as Vane Viper has been outed as a purveyor of malicious ad technology (adtech), while relying on a tangled web of shell companies and opaque ownership structures to deliberately evade responsibility. "Vane Viper has provided core infrastructure in widespread malvertising, ad fraud, and cyberthreat proliferation for at least a decade," Infoblox said in a technical report
Dem report concludes Department of Government Efficiency violates cybersecurity, privacy rules
DOGE is “bypassing cybersecurity protections” at three agencies, Senate Homeland Security and Governmental Affairs Committee Democrats concluded. The post Dem report concludes Department of Government Efficiency violates cybersecurity, privacy rules appeared first on CyberScoop.
Salesforce AI Hack Enabled CRM Data Theft
Prompt injection has been leveraged alongside an expired domain to steal Salesforce data in an attack named ForcedLeak. The post Salesforce AI Hack Enabled CRM Data Theft appeared first on SecurityWeek.
Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection
Cybersecurity researchers have disclosed a critical flaw impacting Salesforce Agentforce, a platform for building artificial intelligence (AI) agents, that could allow attackers to potentially exfiltrate sensitive data from its customer relationship management (CRM) tool by means of an indirect prompt injection. The vulnerability has been codenamed ForcedLeak (CVSS score: 9.4) by Noma Security,
Cisco uncovers new SNMP vulnerability used in attacks on IOS devices
Cisco Systems has issued security updates to address a critical vulnerability in its widely deployed IOS and IOS XE network operating systems, after confirming the flaw is being exploited in active attacks. Designated CVE-2025-20352, the vulnerability resides in the Simple Network Management Protocol (SNMP) subsystem of Cisco’s core network software. According to Cisco, the weakness […] The post Cisco uncovers new SNMP...
PyPI Warns Users of Fresh Phishing Campaign
Threat actors impersonating PyPI ask users to verify their email for security purposes, directing them to fake websites. The post PyPI Warns Users of Fresh Phishing Campaign appeared first on SecurityWeek.
How Cloud Service Disruptions Are Making Resilience Critical for Developers
Outages affecting DevOps tools threaten to leave developers coding like it's 1999. How serious is the threat — and what can companies do?
Contain or be contained: The security imperative of controlling autonomous AI
The most secure and resilient AI systems will be those with minimal direct human interaction, the CEO of Owl Cyber Defense argues. The post Contain or be contained: The security imperative of controlling autonomous AI appeared first on CyberScoop.
North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers
The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like TsunamiKit and Tropidoor. Slovak cybersecurity firm ESET, which is tracking the activity under the name DeceptiveDevelopment, said the campaign targets software developers across all operating systems, Windows,
Chinese Cyberspies Hacked US Defense Contractors
RedNovember has been targeting government, defense and aerospace, and legal services organizations worldwide. The post Chinese Cyberspies Hacked US Defense Contractors appeared first on SecurityWeek.
Perspective: Why Politics in the Workplace is a Cybersecurity Risk
Bringing politics into professional spaces undermines decision-making, collaboration, and ultimately weakens security teams. The post Perspective: Why Politics in the Workplace is a Cybersecurity Risk appeared first on SecurityWeek.
CTEM's Core: Prioritization and Validation
Despite a coordinated investment of time, effort, planning, and resources, even the most up-to-date cybersecurity systems continue to fail. Every day. Why? It’s not because security teams can't see enough. Quite the contrary. Every security tool spits out thousands of findings. Patch this. Block that. Investigate this. It's a tsunami of red dots that not even the most crackerjack team on
Chinese Hackers Lurked Nearly 400 Days in Networks With Stealthy BrickStorm Malware
Google’s Threat Intelligence Group and Mandiant link the BrickStorm campaign to UNC5221, warning that hackers are analyzing stolen code to weaponize zero-day vulnerabilities. The post Chinese Hackers Lurked Nearly 400 Days in Networks With Stealthy BrickStorm Malware appeared first on SecurityWeek.
Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds
The latest Gcore Radar report analyzing attack data from Q1–Q2 2025, reveals a 41% year-on-year increase in total attack volume. The largest attack peaked at 2.2 Tbps, surpassing the 2 Tbps record in late 2024. Attacks are growing not only in scale but in sophistication, with longer durations, multi-layered strategies, and a shift in target industries. Technology now overtakes gaming as the most
CSA Unveils SaaS Security Controls Framework to Ease Complexity
New framework from the Cloud Security Alliance helps SaaS customers navigate the shared responsibility model with confidence. The post CSA Unveils SaaS Security Controls Framework to Ease Complexity appeared first on SecurityWeek.
Volvo Group Employee Data Stolen in Ransomware Attack
The Miljödata data breach has impacted numerous organizations, education institutions, and Swedish municipalities. The post Volvo Group Employee Data Stolen in Ransomware Attack appeared first on SecurityWeek.
Cisco Patches Zero-Day Flaw Affecting Routers and Switches
The security defect allows remote attackers with administrative privileges to execute arbitrary code as the root user. The post Cisco Patches Zero-Day Flaw Affecting Routers and Switches appeared first on SecurityWeek.
Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed
Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and Ethereum wallet keys from source code. The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased on May 25, 2025, amassing 8,424 downloads in total, according to software supply chain
Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software
Cisco has warned of a high-severity security flaw in IOS Software and IOS XE Software that could allow a remote attacker to execute arbitrary code or trigger a denial-of-service (DoS) condition under specific circumstances. The company said the vulnerability, CVE-2025-20352 (CVSS score: 7.7), has been exploited in the wild, adding it became aware of it "after local Administrator credentials were
CISA: Attackers Breach Federal Agency via Critical GeoServer Flaw
Threat actors exploited CVE-2024-36401 less than two weeks after it was initially disclosed and used it to gain access to a large federal civilian executive branch (FCEB) agency that uses the geospatial mapping data.
The Fall of Scattered Spider? Teen Member Surrenders Amid Group's Shutdown Claims
The cybercrime group continues to gain attention despite its apparent shutdown last week.
Russia Targets Moldovan Election in Disinformation Play
Researchers have tracked a Russian disinformation campaign against upcoming Moldovan elections, linking it to a previous campaign that began in 2022.
Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike
A suspected cyber espionage activity cluster that was previously found targeting global government and private sector organizations spanning Africa, Asia, North America, South America, and Oceania has been assessed to be a Chinese state-sponsored threat actor. Recorded Future, which was tracking the activity under the moniker TAG-100, has now graduated it to a hacking group dubbed RedNovember.
UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors
Companies in the legal services, software-as-a-service (SaaS) providers, Business Process Outsourcers (BPOs), and technology sectors in the U.S. have been targeted by a suspected China-nexus cyber espionage group to deliver a known backdoor referred to as BRICKSTORM. The activity, attributed to UNC5221 and closely related, suspected China-nexus threat clusters, is designed to facilitate
Teen arrested in UK was a core figure in Scattered Spider’s operations
Researchers said Thalha Jubair was a principal operator, leading or directing many attacks attributed to the hacker subset of The Com since 2022. The post Teen arrested in UK was a core figure in Scattered Spider’s operations appeared first on CyberScoop.
Hackers Target Casino Operator Boyd Gaming
Boyd Gaming has informed the SEC about a data breach affecting the information of employees and other individuals. The post Hackers Target Casino Operator Boyd Gaming appeared first on SecurityWeek.
Brickstorm malware powering ‘next-level’ Chinese cyberespionage campaign
The researchers who uncovered the “very, very advanced adversary” behind the malware said it could be a big problem years into the future. The post Brickstorm malware powering ‘next-level’ Chinese cyberespionage campaign appeared first on CyberScoop.
Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models
Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the system to artificial intelligence (AI) model tampering and supply chain risks. The critical-rated vulnerabilities in question, discovered by Trend Micro, are listed below - CVE-2025-10643 (CVSS score: 9.1) - An authentication bypass vulnerability that
Threat Actor Deploys 'OVERSTEP' Backdoor in Ongoing SonicWall SMA Attacks
Hackers tracked as UNC6148 are attacking SonicWall security devices by installing hidden software, allowing them to control systems, steal passwords, and hide their activities.
European Airport Cyberattack Linked to Obscure Ransomware, Suspect Arrested
Cybersecurity researchers believe the attack on Collins Aerospace involved a piece of ransomware known as HardBit. The post European Airport Cyberattack Linked to Obscure Ransomware, Suspect Arrested appeared first on SecurityWeek.
How One Bad Password Ended a 158-Year-Old Business
Most businesses don't make it past their fifth birthday - studies show thatroughly 50% of small businesses fail within the first five years. So whenKNP Logistics Group (formerly Knights of Old) celebrated more than a century and a half of operations, it had mastered the art of survival. For 158 years, KNP adapted and endured, building a transport business that operated 500 trucks
Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms
U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and an alleged co-conspirator appeared in a London court to face accusations of hacking into and extorting several large U.K....
New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus
Cybersecurity researchers have disclosed details of a new malware family dubbed YiBackdoor that has been found to share "significant" source code overlaps with IcedID and Latrodectus. "The exact connection to YiBackdoor is not yet clear, but it may be used in conjunction with Latrodectus and IcedID during attacks," Zscaler ThreatLabz said in a Tuesday report. "YiBackdoor is able to execute