Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXMoxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Routers
Taiwan-based Moxa has warned of two security vulnerabilities impacting its cellular routers, secure routers, and network security appliances that could allow privilege escalation and command execution. The list of vulnerabilities is as follows - CVE-2024-9138 (CVSS 4.0 score: 8.6) - A hard-coded credentials vulnerability that could allow an authenticated user to escalate privileges and gain
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Veracode Buys Package Analysis Technology From Phylum
The deal adds Phylum's technology for malicious package analysis, detection, and mitigation to Veracode's software composition analysis portfolio.
In Appreciation: Amit Yoran, Tenable CEO, Passes Away
Cybersecurity industry visionary and renowned executive Amit Yoran has passed away after an almost one-year battle with cancer.
China's Salt Typhoon Adds Charter, Windstream to Telecom Victim List
These latest attacks follow a long string of cyberattacks and breaches targeting US and global telecom and ISP companies.
FireScam Android Spyware Campaign Poses 'Significant Threat Worldwide'
A fake Telegram Premium app delivers information-stealing malware, in a prime example of the rising threat of adversaries leveraging everyday applications, researchers say.
Industrial networking manufacturer Moxa reports βcriticalβ router bugs
Moxa says the flaws can be used to bypass user authentication, escalate privileges and gain root access to devices. The post Industrial networking manufacturer Moxa reports βcriticalβ router bugs appeared first on CyberScoop.
EagerBee Backdoor Takes Flight Against Mideast ISPs, Government Targets
The malware, operated by China-backed cyberattackers, has been significantly fortified with new evasive and post-infection capabilities.
IoT's Regulatory Reckoning Is Overdue
New security regulations are more than compliance hurdles β they're opportunities to build better products, restore trust, and lead the next chapter of innovation.
Will AI Code Generators Overcome Their Insecurities This Year?
In just two years, LLMs have become standard for developers β and non-developers β to generate code, but companies still need to improve security processes to reduce software vulnerabilities.
India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements
The Indian government has published a draft version of the Digital Personal Data Protection (DPDP) Rules for public consultation. "Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent," India's Press Information Bureau (PIB) said in a statement released Sunday. "Citizens are empowered with rights to demand data erasure,
Privacy of Photos.appβs Enhanced Visual Search
Initial speculation about a new Apple feature.
β‘ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan]
Every tap, click, and swipe we make online shapes our digital lives, but it also opens doorsβsome we never meant to unlock. Extensions we trust, assistants we rely on, and even the codes we scan are turning into tools for attackers. The line between convenience and vulnerability has never been thinner. This week, we dive into the hidden risks, surprising loopholes, and the clever tricks
From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch
In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)βa 75% increase from last yearβand phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024). SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns. The cyber threat arena saw standout
FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices
An Android information stealing malware named FireScam has been found masquerading as a premium version of the Telegram messaging app to steal data and maintain persistent remote control over compromised devices. "Disguised as a fake 'Telegram Premium' app, it is distributed through a GitHub.io-hosted phishing site that impersonates RuStore β a popular app store in the Russian Federation,"
AI moves to your PC with its own special hardware
Seeking to keep sensitive data private and accelerate AI workloads? Look no further than AI PCs powered by Intel Core Ultra processors with a built-in NPU.
Cybercriminals Target Ethereum Developers with Fake Hardhat npm Packages
Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from developer systems. "By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics,
Tenable CEO Amit Yoran dies at 54
Yoran had stepped away from his job in December, announcing he was fighting cancer. The post Tenable CEO Amit Yoran dies at 54 appeared first on CyberScoop.
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
A high-severity security flaw has been disclosed in ProjectDiscovery's Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out of a maximum of 10.0. It impacts all versions of Nuclei later than 3.0.0. "The
PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps
Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution. The backdoor, according to Google's Mandiant Managed Defense team, shares functional overlaps with a known remote administration tool referred to as Gh0st RAT, which had
U.S. Sanctions Chinese Cybersecurity Firm for State-Backed Hacking Campaigns
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims. These attacks have been publicly attributed to a Chinese state-sponsored threat actor tracked as Flax Typhoon (aka Ethereal Panda or
Thousands of BeyondTrust Systems Remain Exposed
Weeks after the critical vulnerability was reported and a hacking of the Treasury Department, nearly 9,000 BeyondTrust instances remain wide open to the Internet, researchers say β though it's impossible to tell how many are still vulnerable.
Thousands of Buggy BeyondTrust Systems Remain Exposed
Weeks after the critical vulnerability was reported and a hacking of the Treasury Department, nearly 9,000 BeyondTrust instances remain wide open to the Internet, researchers say.
Friday Squid Blogging: Anniversary Post
I made my first squid post nineteen years ago this week. Between then and now, I posted something about squid every week (with maybe only a few exceptions). There is a lot out there about squid, even more if you count the other meanings of the word. Blog moderation policy.
New HIPAA Cybersecurity Rules Pull No Punches
Healthcare organizations of all shapes and sizes will be held to a stricter standard of cybersecurity starting in 2025 with new proposed rules, but not all have the budget for it.
Treasury Dept. Sanctions Chinese Tech Vendor for Complicity
Integrity Technology Group was found complicit with Flax Typhoon as part of a broader Chinese strategy to infiltrate the IT systems of US critical infrastructure.
U.S. sanctions take aim at Chinese company said to aid hackersβ massive botnet
A joint takedown operation last year sought to disrupt Flax Typhoonβs compromise of hundreds of thousands of devices. The post U.S. sanctions take aim at Chinese company said to aid hackersβ massive botnet appeared first on CyberScoop.
Exit interview: FCCβs Jessica Rosenworcel discusses her legacy on cybersecurity, AI and regulation
The outgoing chair weighs in on how the FCC has addressed newer technologies, efforts to respond to Chinese intrusions into U.S. telecom networks, and regulating AI in political ads. The post Exit interview: FCCβs Jessica Rosenworcel discusses her legacy on cybersecurity, AI and regulation appeared first on CyberScoop.
Apple Offers $95M to Settle Siri Privacy Lawsuit
The proposed settlement would amount to roughly $20 per Apple product that has Siri enabled, for each plaintiff.
Why Small Businesses Can't Rely Solely on AI to Combat Threats
The growing complexity of cyber threats, paired with limited resources, makes it essential for companies to adopt a more comprehensive approach that combines human vigilance with AI's capabilities.
ShredOS
ShredOS is a stripped-down operating system designed to destroy data. GitHub page here.
Chrome Extension Compromises Highlight Software Supply Challenges
The Christmas Eve compromise of data-security firm Cyberhaven's Chrome extension spotlights the challenges in shoring up third-party software supply chains.
New AI Jailbreak Method 'Bad Likert Judge' Boosts Attack Success Rates by Over 60%
Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model's (LLM) safety guardrails and produce potentially harmful or malicious responses. The multi-turn (aka many-shot) attack strategy has been codenamed Bad Likert Judge by Palo Alto Networks Unit 42 researchers Yongzhe Huang, Yang Ji, Wenjun Hu, Jay Chen, Akshata Rao, and
Gary Marcus: Taming Silicon Valley | Starmus highlights
The prominent AI researcher explores the societal impact of artificial intelligence and outlines his vision for a future in which AI upholds human rights, dignity, and fairness
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers
A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (
Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption
Microsoft has announced that it's making an "unexpected change" to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure. "We expect that most users will not be directly affected, however, it is critical that you validate if you are affected and to watch for downtime or other kinds of breakage," Richard Lander, a program