Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXVMware Patches High-Risk Flaws in Oft-Targeted Aria Operations Products
VMWare calls attention to patches for multiple 'high-risk' security defects in its Aria Operations and Aria Operations for Logs products. The post VMware Patches High-Risk Flaws in Oft-Targeted Aria Operations Products appeared first on SecurityWeek.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Conifers.ai Scores $25M Investment for Agentic AI SOC Technology
Backed by SYN Ventures, Conifers.ai plans to use βagentic AIβ technology to tackle complex security operations center (SOC) problems. The post Conifers.ai Scores $25M Investment for Agentic AI SOC Technology appeared first on SecurityWeek.
House bill aims to better protect financial institutions from ransomware attacks
The bipartisan legislation would direct the Treasury secretary to deliver a report on public-private coordination to combat attacks on the financial sector. The post House bill aims to better protect financial institutions from ransomware attacks appeared first on CyberScoop.
Taming Shadow AI:Β Valence Security, Endor Labs Unveil New Protections to Counter Hidden AI Threats
Valence Security and Endor Labs have introduced extensions to their existing platforms specifically to tackle the invisibility and wrongful use of Shadow AI. The post Taming Shadow AI:Valence Security, Endor Labs Unveil New Protections to Counter Hidden AI Threats appeared first on SecurityWeek.
Wiz researchers find sensitive DeepSeek data exposed to internet
Experts for the cloud security firm pulled sensitive data from the service with simple SQL queries. The post Wiz researchers find sensitive DeepSeek data exposed to internet appeared first on CyberScoop.
DARPA wants to create βself-healingβ firmware that can respond and recover from cyberattacksΒ
The agencyβs Red-C program seeks to build new defenses into bus-based computer systems. The post DARPA wants to create βself-healingβ firmware that can respond and recover from cyberattacks appeared first on CyberScoop.
Backline Emerges From Stealth With $9M in Funding for Vulnerability Remediation Platform
Backline has emerged from stealth mode with an autonomous security remediation platform and $9 million in seed funding. The post Backline Emerges From Stealth With $9M in Funding for Vulnerability Remediation Platform appeared first on SecurityWeek.
Infrastructure Laundering: Blending in with the Cloud
In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit -- a sprawling network tied to Chinese organized crime gangs and aptly named "Funnull" -- highlights a persistent whac-a-mole problem facing cloud services.
Cyber Insights 2025: Cyberinsurance β The Debate Continues
Better risk management could lead to reduced premiums on top of value for money, making cyberinsurance a silent driver for improved cybersecurity. The post Cyber Insights 2025: Cyberinsurance β The Debate Continues appeared first on SecurityWeek.
Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations
Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations. "Threat actors are experimenting with Gemini to enable their operations, finding productivity gains but not yet developing novel capabilities," Google Threat
Seraphic Attracts $29M Investment to Chase Enterprise Browser Business
Seraphic Security banks $29 million investment as VCs remain bullish on startups with security-themed browsers for corporate defenders. The post Seraphic Attracts $29M Investment to Chase Enterprise Browser Business appeared first on SecurityWeek.
New Jailbreaks Allow Users to Manipulate GitHub Copilot
Whether by intercepting its traffic or just giving it a little nudge, GitHub's AI assistant can be made to do malicious things it isn't supposed to.
Automated Pen Testing Is Improving β Slowly
The rate of evolution has been glacial, but tools now understand cloud environments and can target Web applications.
US Cyber Agencyβs Future Role in Elections Remains Murky Under the Trump Administration
President Donald Trump has yet to name anyone to lead the U.S. Cybersecurity and Infrastructure Security. The post US Cyber Agencyβs Future Role in Elections Remains Murky Under the Trump Administration appeared first on SecurityWeek.
Exposure Management Provider CYE Acquires Solvo
The addition of Solvo CSPM to CYE Hyver aims to address the need for multicloud vulnerability monitoring and risk assessment.
Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown
An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP. The effort, which took place between January 28 and 30, 2025, targeted the following domains - www.cracked.io www.nulled.to www.mysellix.io www.sellix.io www.starkrdp.io Visitors to these websites are now greeted by a
TeamViewer Patches High-Severity Vulnerability in Windows Applications
TeamViewer has released patches for a high-severity elevation of privilege vulnerability in its client and host applications for Windows. The post TeamViewer Patches High-Severity Vulnerability in Windows Applications appeared first on SecurityWeek.
Nulled, Other Cybercrime Websites Seized by Law Enforcement
Several cybercrime websites have been seized in a law enforcement operation, including Nulled, Cracked, Sellix, and StarkRDP. The post Nulled, Other Cybercrime Websites Seized by Law Enforcement appeared first on SecurityWeek.
Fake Reddit and WeTransfer Sites are Pushing Malware
There are thousands of fake Reddit and WeTransfer webpages that are pushing malware. They exploit people who are using search engines to search sites like Reddit. Unsuspecting victims clicking on the link are taken to a fake WeTransfer site that mimicks the interface of the popular file-sharing service. The βDownloadβ button leads to the Lumma Stealer payload hosted on βweighcobbweo[.]top.β Boingboing post.
Lightning AI Studio Vulnerability Could've Allowed RCE via Hidden URL Parameter
Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could have allowed for remote code execution. The vulnerability, rated a CVSS score of 9.4, enables "attackers to potentially execute arbitrary commands with root privileges" by exploiting a hidden URL parameter, application security firm Noma said in
Lightning AI Studio Vulnerability Allowed RCE via Hidden URL Parameter
Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could allow for remote code execution. The vulnerability, rated a CVSS score of 9.4, enables "attackers to potentially execute arbitrary commands with root privileges" by exploiting a hidden URL parameter, application security firm Noma said in a
This month in security with Tony Anscombe β January 2025 edition
DeepSeekβs bursting onto the AI scene, apparent shifts in US cybersecurity policies, and a massive student data breach all signal another eventful year in cybersecurity and data privacy
SOC Analysts - Reimagining Their Role Using AI
The job of a SOC analyst has never been easy. Faced with an overwhelming flood of daily alerts, analysts (and sometimes IT teams who are doubling as SecOps) must try and triage thousands of security alertsβoften false positivesβjust to identify a handful of real threats. This relentless, 24/7 work leads to alert fatigue, desensitization, and increased risk of missing critical security incidents.
DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked
Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data. The ClickHouse database "allows full control over database operations, including the ability to access internal data," Wiz security researcher Gal
Untrustworthy AI: How to deal with data poisoning
You should think twice before trusting your AI assistant, as database poisoning can markedly alter its output β even dangerously so
Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits
Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. "When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server," Sonar researcher Yaniv Nizry said in a write-up published earlier this week. The
Fake Videos of Former First Lady Scam Namibians
Amateurish financial scams are common across Africa, and Namibia's influential former first lady, Monica Geingos, has emerged as a particularly effective host body for these messages.
New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks
A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks. The vulnerability in question is CVE-2024-41710 (CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actor
PrintNightmare Aftermath: Windows Print Spooler Is Better. What's Next?
While Microsoft has boosted the security of Windows Print Spooler in the three years since the disclosure of the PrintNightmare vulnerability, the service remains a spooky threat that organizations cannot afford to ignore.
Researchers Uncover Lazarus Group Admin Layer for C2 Servers
The threat actor is using a sophisticated network of VPNs and proxies to centrally manage command-and-control servers from Pyongyang.
FBI seizes major cybercrime forums in coordinated domain takedown
The domains for Cracked and Nulled now redirect to FBI-controlled servers. The post FBI seizes major cybercrime forums in coordinated domain takedown appeared first on CyberScoop.
Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers
VulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats.
Mirai Variant 'Aquabot' Exploits Mitel Device Flaws
Yet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoS-as-a-service model.
Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks
The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns. "Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API," SecurityScorecard's
New Zyxel Zero-Day Under Attack, No Patch Available
GreyNoise reports active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices. There are no patches available. The post New Zyxel Zero-Day Under Attack, No Patch Available appeared first on SecurityWeek.