Stay Updated with the Latest Tech News

Change Healthcare Data Breach Impact Grows to 190 Million Individuals

The impact of the Change Healthcare ransomware-caused data breach has increased from 100 million to 190 million individuals. The post Change Healthcare Data Breach Impact Grows to 190 Million Individuals appeared first on SecurityWeek.

SecurityWeek • 9 months ago • 1 min read

Do We Really Need The OWASP NHI Top 10?

The Open Web Application Security Project has recently introduced a new Top 10 project - the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists. Non-human identity security represents an emerging

The Hacker News • 9 months ago • 1 min read

GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities

A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities. The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and PseudoGamaredon.

The Hacker News • 9 months ago • 1 min read

MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks

Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC. "MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or a JScript file,"

The Hacker News • 9 months ago • 1 min read

Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

A high-severity security flaw has been disclosed in Meta's Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server. The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the other hand, has assigned it a

The Hacker News • 9 months ago • 1 min read

CISOs Are Gaining C-Suite Swagger, but Has It Come With a Cost?

The number of CISOs who report directly to the CEO is up sharply in recent years, but many still say it's not enough to secure adequate resources.

Dark Reading • 9 months ago • 1 min read

Friday Squid Blogging: Beaked Whales Feed on Squid

A Travers’ beaked whale (Mesoplodon traversii) washed ashore in New Zealand, and scientists conlcuded that “the prevalence of squid remains [in its stomachs] suggests that these deep-sea cephalopods form a significant part of the whale’s diet, similar to other beaked whale species.” Blog moderation policy.

Schneier on Security • 9 months ago • 1 min read

DoJ Busts Up Another Multinational DPRK IT Worker Scam

A departmentwide initiative has now led to five major law enforcement actions, in an attempt to curb the increasingly common trend of North Korean hackers posing as IT job applicants.

Dark Reading • 9 months ago • 1 min read

MITRE's Latest ATT&CK Simulations Tackle Cloud Defenses

The MITRE framework's applied exercise provides defenders with critical feedback about how to detect and defend against common, but sophisticated, attacks.

Dark Reading • 9 months ago • 1 min read

Cisco: Critical Meeting Management Bug Requires Urgent Patch

The bug has been given a 9.9 CVSS score, and could allow authenticated threat actors to escalate their privileges to admin-level if exploited.

Dark Reading • 9 months ago • 1 min read

3 Use Cases for Third-Party API Security

Third-party API security requires a tailored approach for different scenarios. Learn how to adapt your security strategy to outbound data flows, inbound traffic, and SaaS-to-SaaS interconnections.

Dark Reading • 9 months ago • 1 min read

Strengthening Our National Security in the AI Era

For the first time in a long while, the federal government and the software sector alike finally have the tools and resources needed to do security well — consistently and cost-effectively.

Dark Reading • 9 months ago • 1 min read

Subaru Starlink Vulnerability Exposed Cars to Remote Hacking

A vulnerability in Subaru’s Starlink connected vehicle service exposed US, Canada, and Japan vehicle and customer accounts. The post Subaru Starlink Vulnerability Exposed Cars to Remote Hacking appeared first on SecurityWeek.

SecurityWeek • 9 months ago • 1 min read

North Korean Fake IT Workers More Aggressively Extorting Enterprises

North Korean fake IT workers are more aggressively extorting their employers in response to law enforcement actions. The post North Korean Fake IT Workers More Aggressively Extorting Enterprises appeared first on SecurityWeek.

SecurityWeek • 9 months ago • 1 min read

In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies

Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York for $2 million, trojanized RAT builder targets script kiddies. The post In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies appeared first on SecurityWeek.

SecurityWeek • 9 months ago • 1 min read

RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations

A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network. The 119 vulnerabilities, assigned 97 unique CVE identifiers, span seven LTE implementations – Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC,

The Hacker News • 9 months ago • 1 min read

US Charges Five People Over North Korean IT Worker Scheme

The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to North Korea. The post US Charges Five People Over North Korean IT Worker Scheme appeared first on SecurityWeek.

SecurityWeek • 9 months ago • 1 min read

CISA Warns of Old jQuery Vulnerability Linked to Chinese APT

CISA has added the JQuery flaw CVE-2020-11023, previously linked to APT1, to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Warns of Old jQuery Vulnerability Linked to Chinese APT appeared first on SecurityWeek.

SecurityWeek • 9 months ago • 1 min read

Millions Impacted by PowerSchool Data Breach

Four decades of student and educator information was stolen from PowerSchool – tens of millions are potentially affected. The post Millions Impacted by PowerSchool Data Breach appeared first on SecurityWeek.

SecurityWeek • 9 months ago • 1 min read

Cyber Insights 2025: Social Engineering Gets AI Wings

Business resilience must be the ultimate purpose of all the security controls and processes we employ, because we will never conclusively defeat or protect ourselves from social engineering. The post Cyber Insights 2025: Social Engineering Gets AI Wings appeared first on SecurityWeek.

SecurityWeek • 9 months ago • 1 min read

Hackers Earn $886,000 at Pwn2Own Automotive 2025 for Charger, OS, Infotainment Exploits

Pwn2Own Automotive 2025 has come to an end and participants have earned a total of $886,000 for exploits targeting EV chargers and infotainment systems. The post Hackers Earn $886,000 at Pwn2Own Automotive 2025 for Charger, OS, Infotainment Exploits appeared first on SecurityWeek.

SecurityWeek • 9 months ago • 1 min read

Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls

Eclypsium warns that Palo Alto Networks firewalls are impacted by BIOS and bootloader flaws, but the vendor says users should not be concerned. The post Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls appeared first on SecurityWeek.

SecurityWeek • 9 months ago • 1 min read

2025 State of SaaS Backup and Recovery Report

The modern workplace has undergone a seismic transformation over recent years, with hybrid work becoming the norm and businesses rapidly adopting cloud-based Software-as-a-Service (SaaS) applications to facilitate it. SaaS applications like Microsoft 365 and Google Workspace have now become the backbone of business operations, enabling seamless collaboration and productivity. However, this

The Hacker News • 9 months ago • 1 min read

DoJ Indicts 5 Individuals for $866K North Korean IT Worker Scheme Violations

The U.S. Department of Justice (DoJ) on Thursday indicted two North Korean nationals, a Mexican national, and two of its own citizens for their alleged involvement in the ongoing fraudulent information technology (IT) worker scheme that seeks to generate revenue for the Democratic People's Republic of Korea (DPRK) in violation of international sanctions. The action targets Jin Sung-Il (진성일), Pak

The Hacker News • 9 months ago • 1 min read

Android's New Identity Check Feature Locks Device Settings Outside Trusted Locations

Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations. "When you turn on Identity Check, your device will require explicit biometric authentication to access certain sensitive resources when you're outside of trusted locations," Google said in a post announcing the

The Hacker News • 9 months ago • 1 min read

CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The medium-severity vulnerability is CVE-2020-11023 (CVSS score: 6.1/6.9), a nearly five-year-old cross-site scripting (XSS) bug that could be

The Hacker News • 9 months ago • 1 min read

War Game Pits China Against Taiwan in All-Out Cyberwar

At Black Hat and DEF CON, cybersecurity experts were asked to game out how Taiwan could protect its communications and power infrastructure in case of invasion by China.

Dark Reading • 9 months ago • 1 min read

Tesla Gear Gets Hacked Multiple Times in Pwn2Own Contests

The first team to successfully hack the electric vehicle maker's charger won $50,000 for their ingenuity.

Dark Reading • 9 months ago • 1 min read

SonicWall pushes urgent patch for its SMA appliance

The flaw has a severity rating of 9.8 out of 10, and a patch has been made available. The post SonicWall pushes urgent patch for its SMA appliance appeared first on CyberScoop.

CyberScoop • 9 months ago • 1 min read

CISA Calls For Action to Close the Software Understanding Gap

Dark Reading • 9 months ago • 0 min read

Omdia Finds Phishing Attacks Top Smartphone Security Concern for Consumers

Dark Reading • 9 months ago • 0 min read

Automox Releases Endpoint Management With FastAgent

Dark Reading • 9 months ago • 0 min read

84% of Healthcare Organizations Spotted a Cyberattack in the Late Year

Dark Reading • 9 months ago • 0 min read

DOJ indicts five in North Korean fake IT worker scheme

The department alleges that a North Carolina-based laptop farm enabled access for two North Korean nationals over the course of the scheme. The post DOJ indicts five in North Korean fake IT worker scheme appeared first on CyberScoop.

CyberScoop • 9 months ago • 1 min read

Cloudflare CDN Bug Outs User Locations on Signal, Discord

Attackers can use a zero- or one-click flaw to send a malicious image to targets — an image that can deanonymize a user within seconds, posing a threat to journalists, activists, hackers, and others whose locations are sensitive.

Dark Reading • 9 months ago • 1 min read