Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Security teams aren't patching firmware promptly, no one's vetting the endpoints before purchase, and visibility into potential dangers is limited β despite more and more cyberattackers targeting printers as a matter of course.
Published on: July 17, 2025 | Source:The suspect faces three charges for his alleged crimes that could earn him up to five years in federal prison, and a heap of fines.
Published on: July 17, 2025 | Source:Threat actors are leveraging public GitHub repositories to host malicious payloads and distribute them via Amadey as part of a campaign observed in April 2025. "The MaaS [malware-as-a-service] operators used fake GitHub accounts to host payloads, tools, and Amadey plug-ins, likely as an attempt to bypass web filtering and for ease of use," Cisco Talos researchers Chris Neal and Craig Jackson
Published on: July 17, 2025 | Source:Virtual event brings together leading experts, practitioners, and innovators for a full day of insightful discussions and tactical guidance on evolving threats and real-world defense strategies in cloud security. The post Watch on Demand: Cloud & Data Security Summit β Tackling Exposed Attack Surfaces in the Cloud appeared first on SecurityWeek.
Published on: July 17, 2025 | Source:Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryptocurrency miner called Linuxsys. The vulnerability in question is CVE-2021-41773 (CVSS score: 7.5), a high-severity path traversal vulnerability in Apache HTTP Server version 2.4.49 that could result in remote code execution. "The attacker leverages
Published on: July 17, 2025 | Source:Cyberattacks on educational institutions are growing. But with budget constraints and funding shortfalls, leadership teams are questioning whether β and how β they can keep their institutions safe.
Published on: July 17, 2025 | Source:Cybersecurity startup Empirical Security has raised $12 million in seed funding for its vulnerability management platform. The post Empirical Security Raises $12 Million for AI-Driven Vulnerability Management appeared first on SecurityWeek.
Published on: July 17, 2025 | Source:Between March and December of last year, infamous Chinese state-sponsored APT Salt Typhoon gained access to sensitive US National Guard data.
Published on: July 17, 2025 | Source:Karen Serobovich Vardanyan pleaded not guilty to charges related to his alleged role in the Ryuk ransomware operation. The post Armenian Man Extradited to US Over Ryuk Ransomware Attacks appeared first on SecurityWeek.
Published on: July 17, 2025 | Source:Deployed on mobile devices confiscated by Chinese law enforcement, Massistant can collect user information, files, and location. The post Mobile Forensics Tool Used by Chinese Law Enforcement Dissected appeared first on SecurityWeek.
Published on: July 17, 2025 | Source:An international operation coordinated by Europol has disrupted the infrastructure of a pro-Russian hacktivist group known as NoName057(16) that has been linked to a string of distributed denial-of-service (DDoS) attacks against Ukraine and its allies. The actions have led to the dismantling of a major part of the group's central server infrastructure and more than 100 systems across the world.
Published on: July 17, 2025 | Source:The ICEBlock tool has vulnerabilities: The developer of ICEBlock, an iOS app for anonymously reporting sightings of US Immigration and Customs Enforcement (ICE) officials, promises that it βensures user privacy by storing no personal data.β But that claim has come under scrutiny. ICEBlock creator Joshua Aaron has been accused of making false promises regarding user anonymity and privacy, being βmisguidedβ about the...
Published on: July 17, 2025 | Source:The modern-day threat landscape requires enterprise security teams to think and act beyond traditional cybersecurity measures that are purely passive and reactive, and in most cases, ineffective against emerging threats and sophisticated threat actors. Prioritizing cybersecurity means implementing more proactive, adaptive, and actionable measures that can work together to effectively address the
Published on: July 17, 2025 | Source:An $8 billion class action investorsβ lawsuit against Meta stemming from the 2018 privacy scandal involving the Cambridge Analytica political consulting firm. The post Trial Opens Against Meta CEO Mark Zuckerberg and Other Leaders Over Facebook Privacy Violations appeared first on SecurityWeek.
Published on: July 17, 2025 | Source:Four CVEs disclosed at the Pwn2Own Berlin 2025 hacking competition have been patched in VMware products. The post VMware Flaws That Earned Hackers $340,000 at Pwn2Own Patched appeared first on SecurityWeek.
Published on: July 17, 2025 | Source:Cisco has released patches for multiple vulnerabilities, including a critical flaw in Cisco ISE that leads to remote code execution (RCE). The post Cisco Patches Another Critical ISE Vulnerability appeared first on SecurityWeek.
Published on: July 17, 2025 | Source:The Taiwanese semiconductor industry has become the target of spear-phishing campaigns undertaken by three previously undocumented Chinese state-sponsored threat actors. "Targets of these campaigns ranged from organizations involved in the manufacturing, design, and testing of semiconductors and integrated circuits, wider equipment and services supply chain entities within this sector, as well
Published on: July 17, 2025 | Source:Cisco has disclosed a new maximum-severity security vulnerability impacting Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) that could permit an attacker to execute arbitrary code on the underlying operating system with elevated privileges. Tracked as CVE-2025-20337, the shortcoming carries a CVSS score of 10.0 and is similar to CVE-2025-20281, which was patched
Published on: July 17, 2025 | Source:More than 1,000 suspects were arrested in raids in at least five provinces between Monday and Wednesday, according to Information Minister Neth Pheaktra and police. The post Cambodia Makes 1,000 Arrests in Latest Crackdown on Cybercrime appeared first on SecurityWeek.
Published on: July 17, 2025 | Source:After years of hanging out in the wild, confidential computing is getting closer to an AI model near you.
Published on: July 16, 2025 | Source:The bug allowed an attacker an easy way to compromise a full suite of developer tools in Oracle Cloud Infrastructure.
Published on: July 16, 2025 | Source:While many organizations are eagerly integrating AI into their workflows and cybersecurity practices, some remain undecided and even concerned about potential drawbacks of AI deployment.
Published on: July 16, 2025 | Source:The House Homeland Committee will revisit the malware to use the knowledge from the spy effort to explore the domestic threats facing the U.S. in 2025. The post House hearing will use Stuxnet to search for novel ways to confront OT cyberthreats appeared first on CyberScoop.
Published on: July 16, 2025 | Source:An upgraded cybercrime tool is designed to make targeted ransomware attacks as easy and effective as possible, with features like EDR-spotting and DNS-based C2 communication.
Published on: July 16, 2025 | Source:A group of female cybersecurity pioneers will share what they've learned about navigating a field dominated by men, in order to help other women empower themselves and pursue successful cybersecurity careers.
Published on: July 16, 2025 | Source:Google Threat Intelligence Group said a financially motivated threat group is abusing the outdated remote access VPN devices, underscoring a continued pattern of threats confronting SonicWall customers. The post SonicWall customers hit by fresh, ongoing attacks targeting fully patched SMA 100 devices appeared first on CyberScoop.
Published on: July 16, 2025 | Source:Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and evade detection. Matanbuchus is the name given to a malware-as-a-service (MaaS) offering that can act as a conduit for next-stage payloads, including Cobalt Strike beacons and ransomware. First advertised in February 2021 on
Published on: July 16, 2025 | Source:Codenamed Eastwood, the operation targeted the so-called NoName057(16) group, which was identified as being behind a series of DDoS attacks on municipalities and organizations linked to a NATO summit. The post Europol-Coordinated Global Operation Takes Down Pro-Russian Cybercrime Network appeared first on SecurityWeek.
Published on: July 16, 2025 | Source:Published on: July 16, 2025 | Source:
A threat actor with likely links to the Abyss ransomware group is leveraging an apparent zero-day vulnerability to deploy the "Overstep" backdoor on fully up-to-date appliances.
Published on: July 16, 2025 | Source:Seems like an old system system that predates any care about security: The flaw has to do with the protocol used in a train system known as the End-of-Train and Head-of-Train. A Flashing Rear End Device (FRED), also known as an End-of-Train (EOT) device, is attached to the back of a train and sends data via radio signals to a corresponding device in the locomotive called the Head-of-Train (HOT). Commands can also be...
Published on: July 16, 2025 | Source:The lawmakers say the potential is high for such a system to return false positives, blocking citizens from voting. The post Senate Democrats seek answers on Trump overhaul of immigrant database to find noncitizen voters appeared first on CyberScoop.
Published on: July 16, 2025 | Source:Over a dozen law enforcement agencies took action earlier this week, resulting in multiple arrests. The post Pro-Russian DDoS group NoName057(16) disrupted by international law enforcement operation appeared first on CyberScoop.
Published on: July 16, 2025 | Source:Cyberattack disrupted UNFIβs operations in June; company estimates $50β$60 million net income hit but anticipates insurance will cover most losses. The post United Natural Foods Projects Up to $400M Sales Hit from June Cyberattack appeared first on SecurityWeek.
Published on: July 16, 2025 | Source:A threat actor that may be financially motivated is targeting SonicWall devices with a backdoor and user-mode rootkit. The post SonicWall SMA Appliances Targeted With New βOverstepβ Malware appeared first on SecurityWeek.
Published on: July 16, 2025 | Source: