Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXSenators, FBI Director Patel clash over cyber division personnel, arrests
The contentious hearing focused on other subjects, but lawmakers still had cyber questions and accusations for the head of the bureau. The post Senators, FBI Director Patel clash over cyber division personnel, arrests appeared first on CyberScoop.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
'Vane Viper' Threat Group Tied to PropellerAds, Commercial Entities
Researchers say the commercial adtech platform and several other companies form the infrastructure of a massive cybercrime operation.
Apple addresses dozens of vulnerabilities in latest software for iPhones, iPads and Macs
The tech giant doesnβt provide details about the severity of vulnerabilities it discloses, but none of the new defects are under active attack. The post Apple addresses dozens of vulnerabilities in latest software for iPhones, iPads and Macs appeared first on CyberScoop.
Check Point to Acquire AI Security Firm Lakera
Move highlights rising demand for AI-native security as enterprises face new risks from generative models and autonomous agents The post Check Point to Acquire AI Security Firm Lakera appeared first on SecurityWeek.
Check Point acquires AI security firm Lakera in push for enterprise AI protection
The acquisition comes during a flurry of larger cybersecurity firms looking to add AI security to their customer offerings. The post Check Point acquires AI security firm Lakera in push for enterprise AI protection appeared first on CyberScoop.
Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover
Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments. "Attackers need only minimal in-cluster network access to exploit these vulnerabilities, execute the platform's fault injections (such as shutting down pods or disrupting network communications), and perform
SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids
A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories. "These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks," HUMANβs Satori Threat Intelligence and
Self-Replicating Worm Hits 180+ Software Packages
At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn.The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.
Security Analytics Firm Vega Emerges From Stealth With $65M in FundingΒ
Vega provides security analytics and operations solutions designed to help organizations detect and respond to threats. The post Security Analytics Firm Vega Emerges From Stealth With $65M in Funding appeared first on SecurityWeek.
Ray Security Emerges From Stealth With $11M to Bring Real-Time, AI-Driven Data Protection
Tel Aviv, Israel-based Ray Security emerged from stealth with $11 million seed funding and a desire to change the way corporate data is protected. The funding was co-led by Venture Guides and Ibex Investors. The post Ray Security Emerges From Stealth With $11M to Bring Real-Time, AI-Driven Data Protection appeared first on SecurityWeek.
Security Industry Skeptical of Scattered Spider-ShinyHunters Retirement Claims
The notorious cybercrime groups claim they are going dark, but experts believe they will continue their activities. The post Security Industry Skeptical of Scattered Spider-ShinyHunters Retirement Claims appeared first on SecurityWeek.
New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site
Cybersecurity researchers have warned of a new campaign that's leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware. "The observed campaign uses a highly convincing, multilingual phishing site (e.g., fake Facebook Security page), with anti-analysis techniques and advanced obfuscation to evade detection," Acronis security researcher Eliad
Innovative FileFix Phishing Attack Proves Plenty Potent
Highly deceptive FileFix uses code obfuscation and steganography and has been translated into at least 16 languages to power a global campaign.
HybridPetya: The Petya/NotPetya copycat comes with a twist
HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality
Neon Cyber Emerges From Stealth, Shining a Light Into the Browser
Neon Cyber argues that phishing, social engineering, and insider threats demand protections that follow users into the browser, where most attacks now begin. The post Neon Cyber Emerges From Stealth, Shining a Light Into the Browser appeared first on SecurityWeek.
Rowhammer Attack Demonstrated Against DDR5
Researchers devise Phoenix, a new Rowhammer attack that achieves root on DDR5 systems in less than two minutes. The post Rowhammer Attack Demonstrated Against DDR5 appeared first on SecurityWeek.
Microsoft Still Uses RC4
Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft over its continued use of the RC4 encryption algorithm. The letter talks about a hacker technique called Kerberoasting, that exploits the Kerberos authentication system.
Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file. "Apple is aware of a report that this issue may have been exploited in an
Securing the Agentic Era: Introducing Astrix's AI Agent Control Plane
AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making decisions about which systems to access and how to use them. But as agents grow in power and autonomy, so do the risks and threats. Recent studies show 80% of companies have already experienced unintended AI agent actions, from unauthorized system
ChatGPTβs Calendar Integration Can Be Exploited to Steal Emails
Researchers show how a crafted calendar invite can trigger ChatGPT to exfiltrate sensitive emails. The post ChatGPTβs Calendar Integration Can Be Exploited to Steal Emails appeared first on SecurityWeek.
Fraud Prevention Company SEON Raises $80 Million in Series C Funding
The company will invest in its AI and real-time detection platform, in global expansion, and in strategic partnerships. The post Fraud Prevention Company SEON Raises $80 Million in Series C Funding appeared first on SecurityWeek.
Emerging Yurei Ransomware Claims First Victims
The cybercrime group, named after Japanese ghosts but believed to be from Morocco, uses a modified version of the Prince-Ransomware binary that includes a flaw allowing for partial data recovery. However, an extortion threat remains.
Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds
A team of academics from ETH ZΓΌrich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5) memory chips from South Korean semiconductor vendor SK Hynix. The RowHammer attack variant, codenamed Phoenix (CVE-2025-6202, CVSS score: 7.1), is capable of bypassing sophisticated protection mechanisms put in place to resist the attack. "We have proven that
Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. "The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling
SecurityScorecard Buys AI Automation Capabilities, Boosts Vendor Risk Management
The company acquired HyperComply to help enterprises automate vendor security reviews and gain a real-time picture of the security of their entire supply chain.
'HybridPetya' Ransomware Bypasses Secure Boot
The malware, which has traits of Petya ransomware and the infamous NotPetya wiper, is designed to target UEFI-based systems, according to researchers.
Top AI companies have spent months working with US, UK governments on model safety
OpenAI and Anthropic said they turned over their models to government researchers, who found an array of previously undiscovered vulnerabilities and attack techniques. The post Top AI companies have spent months working with US, UK governments on model safety appeared first on CyberScoop.
KillSec Ransomware Hits Brazilian Healthcare Software Provider
The ransomware gang breached a "major element" of the healthcare technology supply chain and stole sensitive patient data, according to researchers.
FBI Warns of Threat Actors Hitting Salesforce Customers
The FBI's IC3 recently warned of two threat actors, UNC6040 and UNC6395, targeting Salesforce customers, separately and in tandem.
Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs
The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk. "The worm only executes on devices with Thailand-based IP addresses and drops the Yokai backdoor," IBM X-Force researchers Golo MΓΌhr and Joshua Chung said in an analysis published last week. The tech giant's
689,000 Affected by Insider Breach at FinWise Bank
A former FinWise employee gained access to American First Finance customer information. The post 689,000 Affected by Insider Breach at FinWise Bank appeared first on SecurityWeek.
Zero Trust Is 15 Years Old β Why Full Adoption Is Worth the Struggle
Fifteen years after its debut, Zero Trust remains the gold standard in cybersecurity theory β but its uneven implementation leaves organizations both stronger and dangerously exposed. The post Zero Trust Is 15 Years Old β Why Full Adoption Is Worth the Struggle appeared first on SecurityWeek.
Silent Push Raises $10 Million for Threat Intelligence Platform
Silent Push, which provides Indicators of Future Attack, has raised a total of $32 million in funding. The post Silent Push Raises $10 Million for Threat Intelligence Platform appeared first on SecurityWeek.
Building Resilient IT Infrastructure From the Start
CISA's Secure by Design planted a flag. Now, it's on those who care about safeguarding systems to pick up the torch and take action to secure systems throughout the enterprise.
Terra Security Raises $30 Million for AI Penetration Testing Platform
The Israeli cybersecurity startup plans to expand its offensive security offering to cover more enterprise attack surface. The post Terra Security Raises $30 Million for AI Penetration Testing Platform appeared first on SecurityWeek.