Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXCISA: Ivanti Vulns Chained Together in Cyberattack Onslaught
The threat actors are abusing the vulnerabilities to gain initial access, obtain credentials, and install malicious scripts on user devices.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Conduent Confirms Cyberattack After Government Agencies Report Outages
Conduent has confirmed suffering disruptions due to a cyberattack after government agencies reported service outages. The post Conduent Confirms Cyberattack After Government Agencies Report Outages appeared first on SecurityWeek.
Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits
An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features. "These weren't obscure, corner-case vulnerabilities," security vendor Eclypsium said in a report shared with The Hacker News. "Instead these were very well-known issues that we wouldn't expect to see
New backdoor discovered that specifically targets Juniper routers
Researchers at Black Lotus Labs have uncovered an operation where a back door is dropped onto enterprise-grade Juniper Networks routers and listens for specific network signals, known as βmagic packets,β to execute malicious commands. The campaign, which researchers at the cybersecurity wing of Lumen Technologies refer to as βJ-Magic,β was active between mid-2023 and mid-2024. [β¦] The post New backdoor discovered that...
Black 'Magic' Targets Enterprise Juniper Routers With Backdoor
Such routers typically lack endpoint detection and response protection, are in front of a firewall, and don't run monitoring software like Sysmon, making the attacks harder to detect.
The Security Risk of Rampant Shadow AI
While employees want to take advantage of the increased efficiency of GenAI and LLMs, CISOs and IT teams must be diligent and stay on top of the most up-to-date security regulations.
Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks
Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer. "The campaign is global, with Netskope Threat Labs tracking victims targeted in Argentina, Colombia, the United States, the Philippines, and other countries around the world," Leandro FrΓ³es, senior threat research engineer at
Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024)
Last month, Henry Farrell and I convened the Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024) at Johns Hopkins Universityβs Bloomberg Center in Washington DC. This is a small, invitational workshop on the future of democracy. As with the previous two workshops, the goal was to bring together a diverse set of political scientists, law professors, philosophers, AI researchers and other industry...
New Research: The State of Web Exposure 2025
Are your websites leaking sensitive data? New research reveals that 45% of third-party apps access user info without proper authorization, and 53% of risk exposures in Retail are due to the excessive use of tracking tools. Learn how to uncover and mitigate these hidden threats and risksβdownload the full report here. New research by web exposure management specialist Reflectiz reveals several
Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers
Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic. According to the Black Lotus Labs team at Lumen Technologies, the activity is so named for the fact that the backdoor continuously monitors for a "magic packet" sent by the threat actor in TCP traffic. "J-magic campaign marks the rare occasion of malware designed&
Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads
An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads. The findings come from SentinelOne, which analyzed artifacts uploaded to the VirusTotal malware scanning platform by the same submitter towards the end of December 2024. "These two payload samples are
How to Eliminate Identity-Based Threats
Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based attacks continue to dominate as the leading cause of security incidents, the common approach to identity security threats is still threat reduction, implementing layers of
SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation
SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day. The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. "Pre-authentication deserialization of untrusted data vulnerability has been identified in the
The evolving landscape of data privacy: Key trends to shape 2025
Incoming laws, combined with broader developments on the threat landscape, will create further complexity and urgency for security and compliance teams
QakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering Features
Cybersecurity researchers have disclosed details of a new BackConnect (BC) malware that has been developed by threat actors linked to the infamous QakBot loader. "BackConnect is a common feature or module utilized by threat actors to maintain persistence and perform tasks," Walmart's Cyber Intelligence team told The Hacker News. "The BackConnect(s) in use were 'DarkVNC' alongside the IcedID
Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)
Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances. The vulnerability, tracked as CVE-2025-20156, carries a CVSS score of 9.9 out 10.0. It has been described as a privilege escalation flaw in the REST API of Cisco Meeting Management. "This
Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review
The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS). "In alignment with the Department of Homeland Security's (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory
TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware
Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on-premise ransomware attacks. "This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity," the tech giant's cloud division said in its 11th
Doti AI Launches Platform to Securely Find Enterprise Data
The AI-powered work platform helps organizations securely identify and access internal enterprise data as part of business processes and workflows.
Security Needs to Start Saying 'No' Again
The rush to say "yes" allows cybersecurity teams to avoid hard conversations with business stakeholders but also risks losing their ability to effectively protect organizations.
Trump Overturns Biden Rules on AI Development, Security
The new administration moved quickly to remove any constraints on AI development and collected $500 billion in investment pledges for an American-owned AI joint venture.
Removal of Cyber Safety Review Board members sparks alarm from cyber pros, key lawmaker
Not everyone opposed the move, however, even as the board reviews the major Salt Typhoon telecom breach. The post Removal of Cyber Safety Review Board members sparks alarm from cyber pros, key lawmaker appeared first on CyberScoop.
BreachForums founder to be resentenced after court vacates previous punishment
Conor Fitzpatrick was initially sentenced to 20 years of supervised release following a guilty plea in July 2023. The post BreachForums founder to be resentenced after court vacates previous punishment appeared first on CyberScoop.
Chinese Cyberspies Target South Korean VPN in Supply Chain Attack
Advanced persistent threat group PlushDaemon, active since 2019, is using a sophisticated modular backdoor to collect data from infected systems in South Korea.
Trump Pardons 'Silk Road' Dark Web Drug Market Creator
The pardon comes after 11 years in prison for Ross Ulbricht, who was sentenced to life without parole on several charges, including computer hacking, distribution of narcotics, and money laundering.
βSevereβ bug in ChatGPTβs API could be used to DDoS websites
The vulnerability, described by a researcher as βbad programming,β allows an attacker to send unlimited connection requests through ChatGPTβs API. The post βSevereβ bug in ChatGPTβs API could be used to DDoS websites appeared first on CyberScoop.
Cloudflare detected (and blocked) the biggest DDoS attack on record
The company said that the 5.6 Tbps attack is indicative of the steady increase in the size of these attacks. The post Cloudflare detected (and blocked) the biggest DDoS attack on record appeared first on CyberScoop.
MasterCard DNS Error Went Unnoticed for Years
The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent it from being grabbed by cybercriminals.
Will 2025 See a Rise of NHI Attacks?
The flurry of non-human identity attacks at the end of 2024 demonstrates extremely strong momentum heading into the new year. That does not bode well.
Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet
Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further abuse. Some
AI Will Write Complex Laws
Artificial intelligence (AI) is writing law today. This has required no changes in legislative procedure or the rules of legislative bodiesβall it takes is one legislator, or legislative assistant, to use generative AI in the process of drafting a bill. In fact, the use of AI by legislators is only likely to become more prevalent. There are currently projects in the US House, US Senate, and legislatures around the...
Government battles against tech could leave consumers less secure
Courts and federal regulators too often treat consumers as bystanders, a Center for Cybersecurity Policy and Law expert argues. The post Government battles against tech could leave consumers less secure appeared first on CyberScoop.
Discover Hidden Browsing Threats: Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks
As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks associated with data exposure, identity vulnerabilities, and unmonitored browsing behavior have skyrocketed. Forward-thinking security teams are looking for security controls and strategies to address these risks, but they do not always know which risks to prioritize. In some cases, they might have
President Trump Pardons Silk Road Creator Ross Ulbricht After 11 Years in Prison
U.S. President Donald Trump on Tuesday granted a "full and unconditional pardon" to Ross Ulbricht, the creator of the infamous Silk Road drug marketplace, after spending more than 11 years behind bars. "I just called the mother of Ross William Ulbricht to let her know that in honor of her and the Libertarian Movement, which supported me so strongly, it was my pleasure to have just signed a full
PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack
A previously undocumented China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private network (VPN) provider in 2023, according to new findings from ESET. "The attackers replaced the legitimate installer with one that also deployed the group's signature implant that we have named SlowStepper β a