Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXSystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers
A proxy network known as REM Proxy is powered by malware known as SystemBC, offering about 80% of the botnet to its users, according to new findings from the Black Lotus Labs team at Lumen Technologies. "REM Proxy is a sizeable network, which also markets a pool of 20,000 Mikrotik routers and a variety of open proxies it finds freely available online," the company said in a report shared with
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Plastic People, Plastic Cards: Synthetic Identities Plague Finance & Lending Sector
Following a pandemic-era respite, financial fraud linked to synthetic identities is rising again, with firms potentially facing $3.3 billion in damages from new accounts.
Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability
Fortra has disclosed details of a critical security flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution of arbitrary commands. The vulnerability, tracked as CVE-2025-10035, carries a CVSS score of 10.0, indicating maximum severity. "A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged
17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge
The phishing-as-a-service (PhaaS) offerings known as Lighthouse and Lucid has been linked to more than 17,500 phishing domains targeting 316 brands from 74 countries. "Phishing-as-a-Service (PhaaS) deployments have risen significantly recently," Netcraft said in a new report. "The PhaaS operators charge a monthly fee for phishing software with pre-installed templates impersonating, in some cases
Transforming Cyber Frameworks to Take Control of Cyber-Risk
Frameworks may seem daunting to implement β especially for government IT teams that may not have an abundance of resources and expertise. But beginning implementation is better than never starting.
Iranian State APT Blitzes Telcos & Satellite Companies
A Charming Kitten subgroup is performing some of the most bespoke cyberattacks ever witnessed in the wild, to down select high-value targets.
Critical Azure Entra ID Flaw Highlights Microsoft IAM Issues
While the cloud vulnerability was fixed prior to disclosure, the researcher who discovered it says it could have led to catastrophic attacks, alarming some in the security community.
Turla and Gamaredon Working Together in Fresh Ukrainian Intrusions
Turla malware was deployed in February on select systems that Gamaredon had compromised in January. The post Turla and Gamaredon Working Together in Fresh Ukrainian Intrusions appeared first on SecurityWeek.
DOD official: We need to drop the cybersecurity talent hiring window to 25 days
Mark Gorak outlined that the department has seen a drop in the time it takes to hire, but much more work is needed. The post DOD official: We need to drop the cybersecurity talent hiring window to 25 days appeared first on CyberScoop.
ChatGPT Tricked Into Solving CAPTCHAs
The AI agent was able to solve different types of CAPTCHAs and adjusted its cursor movements to better mimic human behavior. The post ChatGPT Tricked Into Solving CAPTCHAs appeared first on SecurityWeek.
Surveying the Global Spyware Market
The Atlantic Council has published its second annual report: βMythical Beasts: Diving into the depths of the global spyware market.β Too much good detail to summarize, but here are two items: First, the authors found that the number of US-based investors in spyware has notably increased in the past year, when compared with the sample size of the spyware market captured in the first Mythical Beasts project. In the first...
How To Automate Alert Triage With AI Agents and Confluence SOPs Using Tines
Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition. The workflow we are highlighting streamlines security alert handling by automatically identifying and executing the appropriate Standard
Netskope Raises Over $908 Million in IPO
Netskope has debuted on Nasdaq and its shares soared more than 18%, bringing the companyβs value to $8.6 billion. The post Netskope Raises Over $908 Million in IPO appeared first on SecurityWeek.
Two Scattered Spider Suspects Arrested in UK; One Charged in US
Thalha Jubair and Owen Flowers were charged in the UK and the US with hacking critical infrastructure organizations. The post Two Scattered Spider Suspects Arrested in UK; One Charged in US appeared first on SecurityWeek.
Gamaredon X Turla collab
Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise highβprofile targets in Ukraine
Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine
Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and co-comprise Ukrainian entities. Slovak cybersecurity company ESET said it observed the Gamaredon tools PteroGraphin and PteroOdd being used to execute Turla group's Kazuar backdoor on an endpoint in Ukraine in February 2025, indicating that Turla is very likely
Unpatched Vulnerabilities Expose Novakon HMIs to Remote Hacking
Novakon HMIs are affected by remote code execution and information exposure vulnerabilities. The post Unpatched Vulnerabilities Expose Novakon HMIs to Remote Hacking appeared first on SecurityWeek.
U.K. Arrests Two Teen Scattered Spider Hackers Linked to August 2024 TfL Cyber Attack
Law enforcement authorities in the U.K. have arrested two teen members of the Scattered Spider hacking group in connection with their alleged participation in an August 2024 cyber attack targeting Transport for London (TfL), the city's public transportation agency. Thalha Jubair (aka EarthtoStar, Brad, Austin, and @autistic), 19, from East London and Owen Flowers, 18, from Walsall, West Midlands
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of two sets of malware that were discovered in an unnamed organization's network following the exploitation of security flaws in Ivanti Endpoint Manager Mobile (EPMM). "Each set contains loaders for malicious listeners that enable cyber threat actors to run arbitrary code on the compromised server,"
7 Lessons for Securing AI Transformation From Digital Guru Jennifer Ewbank
The former CIA deputy director for digital innovation discusses resilience, cultural shifts, and cyber fundamentals in the AI era.
Agencies increasingly dive into AI for cyber defense, acting federal CISO says
Mike Duffy said feds are looking at ways to use it even more for cybersecurity. The post Agencies increasingly dive into AI for cyber defense, acting federal CISO says appeared first on CyberScoop.
TikTok Deal Won't End Enterprise Risks
The proposed restructuring plan would address many concerns related to the social media platform, but risks remain for security teams.
SonicWall Breached, Firewall Backup Data Exposed
Threat actors breached the MySonicWall service and accessed backup firewall configuration files belonging to "fewer than 5%" of its install base, according to the company.
UK arrests two teens accused of heavy involvement in yearslong Scattered Spider attack spree
One suspect faces separate charges in the United States linking him to at least 120 cyberattacks. The post UK arrests two teens accused of heavy involvement in yearslong Scattered Spider attack spree appeared first on CyberScoop.
ChatGPT Targeted in Server-Side Data Theft Attack
OpenAI has fixed this zero-click attack method called ShadowLeak by researchers. The post ChatGPT Targeted in Server-Side Data Theft Attack appeared first on SecurityWeek.
SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers
SonicWall is urging customers to reset credentials after their firewall configuration backup files were exposed in a security breach impacting MySonicWall accounts. The company said it recently detected suspicious activity targeting the cloud backup service for firewalls, and that unknown threat actors accessed backup firewall preference files stored in the cloud for less than 5% of its
CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader
Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to deliver post-exploitation tools like Cobalt Strike and AdaptixC2, and a remote access trojan known as PureHVNC RAT. "CountLoader is being used either as part of an Initial Access Broker's (IAB) toolset or by a ransomware affiliate with ties to the LockBit,
Watch Now: Attack Surface Management Summit β All Sessions Available
Videos from SecurityWeek'sAttack Surface Management Virtual Summit are now available to watch on demand. The post Watch Now: Attack Surface Management Summit β All Sessions Available appeared first on SecurityWeek.
Tiffany Data Breach Impacts Thousands of Customers
The high-end jewelry retailer is informing customers in the United States and Canada that hackers accessed information related to gift cards. The post Tiffany Data Breach Impacts Thousands of Customers appeared first on SecurityWeek.
SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers
Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows systems. "SilentSync is capable of remote command execution, file exfiltration, and screen capturing," Zscaler ThreatLabz's Manisha Ramcharan Prajapati and Satyam Singh said. "SilentSync also extracts
How CISOs Can Drive Effective AI Governance
AIβs growing role in enterprise environments has heightened the urgency for Chief Information Security Officers (CISOs) to drive effective AI governance. When it comes to any emerging technology, governance is hard β but effective governance is even harder. The first instinct for most organizations is to respond with rigid policies. Write a policy document, circulate a set of restrictions, and
Threat Actor Infests Hotels With New RAT
RevengeHotels has been targeting hotels in Brazil and Spanish-speaking regions with VenomRAT implants in 2025. The post Threat Actor Infests Hotels With New RAT appeared first on SecurityWeek.
Time-of-Check Time-of-Use Attacks Against LLMs
This is a nice piece of research: βMind the Gap: Time-of-Check to Time-of-Use Vulnerabilities in LLM-Enabled Agentsβ.: Abstract: Large Language Model (LLM)-enabled agents are rapidly emerging across a wide range of applications, but their deployment introduces vulnerabilities with security implications. While prior work has examined prompt-based attacks (e.g., prompt injection) and data-oriented threats (e.g., data...
SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations
The company sent a new preferences file to less than 5% of customers, urging them to import it into firewalls and reset their passwords. The post SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations appeared first on SecurityWeek.
Small businesses, big targets: Protecting your business against ransomware
Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprises