Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXVulnerability in popular AI developer could ‘shut down essentially everything you own’
The flaw in Lightning.AI’s platform, which has been patched, would have given root access to an attacker and broad control over a victim’s cloud-based studio and connected systems. The post Vulnerability in popular AI developer could ‘shut down essentially everything you own’ appeared first on CyberScoop.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Oligo Raises $50M to Tackle Application Detection and Response
Oligo Security has raised $50 million in Series B funding for its application detection and response (ADR) platform. The post Oligo Raises $50M to Tackle Application Detection and Response appeared first on SecurityWeek.
The Old Ways of Vendor Risk Management Are No Longer Good Enough
Managing third-party risk in the SaaS era demands a proactive, data-driven approach beyond checkbox compliance.
New SLAP and FLOP CPU Attacks Expose Data From Apple Computers, Phones
New CPU side-channel attacks named SLAP and FLOP can be exploited to remotely steal data from Apple mobile and desktop devices. The post New SLAP and FLOP CPU Attacks Expose Data From Apple Computers, Phones appeared first on SecurityWeek.
Aquabot Botnet Targeting Vulnerable Mitel Phones
The Mirai-based Aquabot botnet has been targeting a vulnerability in Mitel SIP phones for which a proof-of-concept (PoC) exploit exists. The post Aquabot Botnet Targeting Vulnerable Mitel Phones appeared first on SecurityWeek.
ExxonMobil Lobbyist Caught Hacking Climate Activists
The Department of Justice is investigating a lobbying firm representing ExxonMobil for hacking the phones of climate activists: The hacking was allegedly commissioned by a Washington, D.C., lobbying firm, according to a lawyer representing the U.S. government. The firm, in turn, was allegedly working on behalf of one of the world’s largest oil and gas companies, based in Texas, that wanted to discredit groups and...
Smiths Group Scrambling to Restore Systems Following Cyberattack
Engineering firm Smiths Group has disclosed a cyberattack that forced it to take some systems offline and activate business continuity plans. The post Smiths Group Scrambling to Restore Systems Following Cyberattack appeared first on SecurityWeek.
AI in Cybersecurity: What's Effective and What’s Not – Insights from 200 Experts
Curious about the buzz around AI in cybersecurity? Wonder if it's just a shiny new toy in the tech world or a serious game changer? Let's unpack this together in a not-to-be-missed webinar that goes beyond the hype to explore the real impact of AI on cybersecurity. Join Ravid Circus, a seasoned pro in cybersecurity and AI, as we peel back the layers of AI in cybersecurity through a revealing
Rockwell Patches Critical, High-Severity Vulnerabilities in Several Products
Rockwell Automation has released six new security advisories to inform customers about several critical and high-severity vulnerabilities. The post Rockwell Patches Critical, High-Severity Vulnerabilities in Several Products appeared first on SecurityWeek.
Cyber Insights 2025: Artificial Intelligence
Artificial intelligence is upending cybersecurity. It is used by adversaries in their attacks, and by defenders in their defense. The post Cyber Insights 2025: Artificial Intelligence appeared first on SecurityWeek.
New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits
A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome. The attacks have been codenamed Data Speculation Attacks via Load Address Prediction on Apple Silicon (SLAP) and Breaking the
SimpleHelp Remote Access Software Exploited in Attacks
Threat actors have been exploiting SimpleHelp remote access software shortly after the disclosure of three vulnerabilities. The post SimpleHelp Remote Access Software Exploited in Attacks appeared first on SecurityWeek.
How Interlock Ransomware Infects Healthcare Organizations
Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total. This breach shows just how deeply ransomware
Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution
A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances. The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a maximum of 10.0. "Due to a flaw in the multi-line SNMP result parser, authenticated users can inject
Frenos Raises $3.88M in Seed Funding for OT Security Assessment Platform
Frenos, a company that has developed an autonomous OT security assessment platform, has raised $3.88 million in seed funding. The post Frenos Raises $3.88M in Seed Funding for OT Security Assessment Platform appeared first on SecurityWeek.
Brian Greene: Until the end of time | Starmus highlights
The renowned physicist explores how time and entropy shape the evolution of the universe, the nature of existence, and the eventual fate of everything, including humanity
UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents
The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE. "This research focuses on completing the picture of UAC-0063's operations, particularly documenting their expansion beyond their initial focus on Central Asia,
Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer
Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked as CVE-2025-22217 (CVSS score: 8.6), has been described as an unauthenticated blind SQL injection. "A malicious user with network access may be able to use specially crafted SQL queries to gain database
Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability
Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild. "Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration," GreyNoise researcher Glenn Thorpe said in an alert
7 Tips for Strategically Saying 'No' in Cybersecurity
Cybersecurity can't always be "Department of No," but saying yes all the time is not the answer. Here is how to enable innovation gracefully without adding risk to the organization.
CrowdStrike Highlights Magnitude of Insider Risk
The impetus for CrowdStrike's new professional services came from last year's Famous Chollima threat actors, which used fake IT workers to infiltrate organizations and steal data.
Lynx Ransomware Group 'Industrializes' Cybercrime With Affiliates
The ransomware group provides everything an affiliate could want to breach and attack victims, including a quality controlled recruitment system to engage even more criminals.
Trump pauses on grants, aid leaves federal cyber programs in state of confusion
A series of moves from the president raises questions about what’s next for the federal government’s many cyber grant and aid initiatives. The post Trump pauses on grants, aid leaves federal cyber programs in state of confusion appeared first on CyberScoop.
OAuth Flaw Exposed Millions of Airline Users to Account Takeovers
The now-fixed vulnerability involved a major travel services company that's integrated with dozens of airline websites worldwide.
Phishing Campaign Baits Hook With Malicious Amazon PDFs
In their discovery, researchers found 31 PDF files linking to these phishing websites, none of which have been yet submitted to VirusTotal.
VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer
VMware warns that a malicious user with network access may be able to use specially crafted SQL queries to gain database access. The post VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer appeared first on SecurityWeek.
Super Bowl LIX Could Be a Magnet for Cyberattacks
Concerns include everything from ransomware, malware, and phishing attacks on the game's infrastructure to those targeting event sponsors and fans.
Lawsuit claims systems behind OPM governmentwide email blast are illegal, insecure
A pair of whistleblowers believe the office skirted the law by not conducting a privacy impact assessment for an alleged “on-prem” server used to send mass emails to federal employees and store information from responses. The post Lawsuit claims systems behind OPM governmentwide email blast are illegal, insecure appeared first on CyberScoop.
National security risks in routers, modems targeted in bipartisan Senate bill
A separate piece of bipartisan Senate legislation would create a cyber insurance working group. The post National security risks in routers, modems targeted in bipartisan Senate bill appeared first on CyberScoop.
Data Privacy Day 2025: Time for Data Destruction to Become Standard Business Practice
Compliance standards are mandating better data security. There are several ways to do this, but most organizations would admit that erasure is not one of them.
PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks
A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany. The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a previously undocumented backdoor dubbed TorNet that's delivered by means of PureCrypter. TorNet is so
Reporting a Breach or Vuln? Be Sure Your Lawyer's on Call
Globally, security researchers and whistleblowers face increasingly hostile laws and judiciaries that are ready to levy fines and prison sentences.
Eclypsium Eyes Global Expansion with $45 Million Series C Investment
The investment includes equity and debt from new investors Qualcomm Ventures, Pavilion Capital, Singtel Innov8, and Sixty Degree Capital. The post Eclypsium Eyes Global Expansion with $45 Million Series C Investment appeared first on SecurityWeek.
Apple’s latest patch closes zero-day affecting wide swath of products
The zero-day impacts Apple’s framework that manages audio and video playback. The post Apple’s latest patch closes zero-day affecting wide swath of products appeared first on CyberScoop.
Cryptographic Agility's Legislative Possibilities & Business Benefits
Quantum computing will bring new security risks. Both professionals and legislators need to use this time to prepare.