Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXDoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering
The U.S. Department of Justice (DoJ) on Friday indicted three Russian nationals for their alleged involvement in operating the cryptocurrency mixing services Blender.io and Sinbad.io. Roman Vitalyevich Ostapenko and Alexander Evgenievich Oleynik were arrested on December 1, 2024, in coordination with the Netherlands' Financial Intelligence and Investigative Service, Finland's National Bureau of
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Threat Actors Exploit a Critical Ivanti RCE Bug, Again
New year, same story. Despite Ivanti's commitment to secure-by-design principles, threat actors β possibly the same ones as before β are exploiting its edge devices for the nth time.
China's UNC5337 Exploits a Critical Ivanti RCE Bug, Again
New year, same story. Despite Ivanti's commitment to secure-by-design principles, Chinese threat actors are exploiting its edge devices for the nth time.
Russian nationals charged with operating crypto mixers that masked cybercrime funds
The DOJ said the men behind Blender.io and Sinbad.io βmade it easier for state-sponsored hacking groupsβ to profit off their crimes. The post Russian nationals charged with operating crypto mixers that masked cybercrime funds appeared first on CyberScoop.
Friday Squid Blogging: Cotton-and-Squid-Bone Sponge
News: A sponge made of cotton and squid bone that has absorbed about 99.9% of microplastics in water samples in China could provide an elusive answer to ubiquitous microplastic pollution in water across the globe, a new report suggests. [β¦] The study tested the material in an irrigation ditch, a lake, seawater and a pond, where it removed up to 99.9% of plastic. It addressed 95%-98% of plastic after five cycles, which...
CISA report touts cyber hygiene enrollment surge for critical infrastructure orgs
The cyber agency said that surge has fueled βa moderate impactβ in CI sectors meeting its cybersecurity performance goals. The post CISA report touts cyber hygiene enrollment surge for critical infrastructure orgs appeared first on CyberScoop.
Fake CrowdStrike 'Job Interviews' Become Latest Hacker Tactic
Cybercriminals are luring victims into downloading the XMRig cryptomining malware via convincing emails, inviting them to schedule fake interviews using a malicious link.
Russia Carves Out Commercial Surveillance Success Globally
Growing sales of the System for Operative Investigative Activities (SORM), a Russian wiretapping platform, in Central Asia and Latin American suggests increasing risks for Western businesses.
Apps That Are Spying on Your Location
404 Media and Wired are reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics: The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating apps like Tinder, to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection...
Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices
Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. "Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote
The Path Toward Championing Diversity in Cybersecurity Education
To build a truly inclusive and diverse cybersecurity workforce, we need a comprehensive approach beyond recruitment and retention.
What is βsecurity theaterβ and how can we move beyond it?
Too many companies are caught up in security theatrics, overlooking the real cause. The post What is βsecurity theaterβ and how can we move beyond it? appeared first on CyberScoop.
Taking the Pain Out of Cybersecurity Reporting: A Practical Guide for MSPs
Cybersecurity reporting is a critical yet often overlooked opportunity for service providers managing cybersecurity for their clients, and specifically for virtual Chief Information Security Officers (vCISOs). While reporting is seen as a requirement for tracking cybersecurity progress, it often becomes bogged down with technical jargon, complex data, and disconnected spreadsheets that fail to
AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics
Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date. "The group uses double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms," Check Point Research said in a new report shared with The Hacker News. "
Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity
Network segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challenges as they integrate diverse endpoints β from legacy medical devices to IoT sensors β onto their production networks.
RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns
Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024. "The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations, including an
CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer
Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a supposed recruitment process. "The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website," the company said. "Victims are prompted to
Microsoft moves to disrupt hacking-as-a-service scheme thatβsΒ bypassing AI safety measures
The defendants used stolen API keys to gain access to devices and accounts with Microsoftβs Azure OpenAI service, which they then used to generate βthousandsβ of images that violated content restrictions. The post Microsoft moves to disrupt hacking-as-a-service scheme thatβsbypassing AI safety measures appeared first on CyberScoop.
Chinese APT Group Is Ransacking Japan's Secrets
Since 2019, MirrorFace has been stealing information from myriad Japanese organizations to gain leverage over Japan in the event of hostilities between the two countries, experts said.
Banshee 2.0 Malware Steals Apple's Encryption to Hide on Macs
The most recent iteration of the open source infostealer skates by antivirus programs on Macs, using an encryption mechanism stolen from Apple's own antivirus product.
Hacking Group 'Silk Typhoon' Linked to US Treasury Breach
The attack used a stolen remote support SaaS API key to exfiltrate data fromworkstations in the Treasury Department's Office of Foreign Assets Control.
FCC moves to tighten industry reporting rules for robocalls
The new rules are designed to ensure voice service providers are actually confirming the identity of callers using their network. The post FCC moves to tighten industry reporting rules for robocalls appeared first on CyberScoop.
Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers
Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data. "Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool enable an attacker to read Expedition database contents and arbitrary files, as well as create and
Zero-Day Vulnerability in Ivanti VPN
Itβs being actively exploited.
New zero-day exploit targets Ivanti VPN product
After Ivanti detected the activity, Mandiant says it found malware in impacted devices associated with a Chinese-linked threat group. The post New zero-day exploit targets Ivanti VPN product appeared first on CyberScoop.
New AI Challenges Will Test CISOs & Their Teams in 2025
CISOs need to recognize the new threats AI can present β while also embracing AI-powered solutions to stay ahead of those threats.
New Banshee Stealer Variant Bypasses Antivirus with Appleβs XProtect-Inspired Encryption
Cybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-stealing malware called Banshee Stealer. "Once thought dormant after its source code leak in late 2024, this new iteration introduces advanced string encryption inspired by Apple's XProtect," Check Point Research said in a new analysis shared with The Hacker News. "This development allows it to
Product Walkthrough: How Reco Discovers Shadow AI in SaaS
As SaaS providers race to integrate AI into their product offerings to stay competitive and relevant, a new challenge has emerged in the world of AI: shadow AI. Shadow AI refers to the unauthorized use of AI tools and copilots at organizations. For example, a developer using ChatGPT to assist with writing code, a salesperson downloading an AI-powered meeting transcription tool, or a
Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions
Ransomware isnβt slowing downβitβs getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection.The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking ransom payouts in history, including a $75 million ransom in 2024. Are you prepared to fight back? Join
MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan
Japan's National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accused a China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019. The primary objective of the attack campaign is to steal information related to Japan's national
Crypto is soaring, but so are threats: Hereβs how to keep your wallet safe
As detections of cryptostealers surge across Windows, Android and macOS, it's time for a refresher on how to keep your bitcoin or other crypto safe
Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection
Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE). The vulnerability in question, CVE-2024-52875, refers to a carriage return line feed (CRLF) injection attack, paving the way for HTTP response splitting, which could then
Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure
Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024. The security vulnerability in question is CVE-2025-0282 (CVSS score: 9.0), a stack-based buffer overflow that affects Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2
E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws
The European General Court on Wednesday fined the European Commission, the primary executive arm of the European Union responsible for proposing and enforcing laws for member states, for violating the bloc's own data privacy regulations. The development marks the first time the Commission has been held liable for infringing stringent data protection laws in the region. The court determined that
India Readies Overhauled National Data Privacy Rules
The country awaits implementation guidelines for a framework that gives Indians greater autonomy and security over their personal data β and recognizes a right to personal privacy.