Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress. The vulnerability, tracked as CVE-2025-47812 (CVSS score: 10.0), is a case of improper handling of null ('\0') bytes in the server's web interface, which allows for remote code execution. It has been addressed in version 7.4.4. "The user and
Published on: July 11, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
An Iranian-backed ransomware-as-a-service (RaaS) named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month, offering bigger payouts to cybercriminals who launch attacks against Israel and the U.S. The financially motivated scheme, now operating under the moniker Pay2Key.I2P, is assessed to be linked to a hacking group tracked as Fox Kitten (aka Lemon Sandstorm). "
Published on: July 11, 2025 | Source:EU Unveils AI Code of Practice to Help Businesses Comply With Blocβs Rules
The EU code is voluntary and complements the EUβs AI Act, a comprehensive set of regulations that was approved last year and is taking effect in phases. The post EU Unveils AI Code of Practice to Help Businesses Comply With Blocβs Rules appeared first on SecurityWeek.
Published on: July 11, 2025 | Source:McDonaldβs Chatbot Recruitment Platform Exposed 64 Million Job Applications
Two vulnerabilities in an internal API allowed unauthorized access to contacts and chats, exposing the information of 64 million McDonaldβs applicants. The post McDonaldβs Chatbot Recruitment Platform Exposed 64 Million Job Applications appeared first on SecurityWeek.
Published on: July 11, 2025 | Source:Critical Wing FTP Server Vulnerability Exploited
Wing FTP Server vulnerability CVE-2025-47812 can be exploited for arbitrary command execution with root or system privileges. The post Critical Wing FTP Server Vulnerability Exploited appeared first on SecurityWeek.
Published on: July 11, 2025 | Source:TikTok Faces Fresh European Privacy Investigation Over China Data Transfers
The Irish Data Privacy Commission announced that TikTok is facing a new European Union privacy investigation into user data sent to China. The post TikTok Faces Fresh European Privacy Investigation Over China Data Transfers appeared first on SecurityWeek.
Published on: July 11, 2025 | Source:July 2025 Breaks a Decade of Monthly Android Patches
Since August 2015, Google has delivered a constant stream of monthly security patches for Android. Until July 2025. The post July 2025 Breaks a Decade of Monthly Android Patches appeared first on SecurityWeek.
Published on: July 11, 2025 | Source:Customer, Employee Data Exposed in Nippon Steel Breach
Information from the company's NS Solutions subsidiary has yet to show up on any Dark Web sites, but it doesn't rule out the possibility that the data may have been stolen.
Published on: July 11, 2025 | Source:Digital Fingerprints Test Privacy Concerns in 2025
Digital fingerprinting technology creates detailed user profiles by combining device data with location and demographics, which increases the risks of surveillance.
Published on: July 10, 2025 | Source:eSIM Bug in Millions of Phones Enables Spying, Takeover
eSIMs around the world may be fundamentally vulnerable to physical and network attacks because of a 6-year-old Oracle vulnerability in technology that underlies billions of cards.
Published on: July 10, 2025 | Source:Ingram Micro Up and Running After Ransomware Attack
Customers were the first to notice the disruption on the distributor's website when they couldn't place orders online.
Published on: July 10, 2025 | Source:Agentic AI's Risky MCP Backbone Opens Brand-New Attack Vectors
Critical security vulnerabilities affect different parts of the Model Context Protocol (MCP) ecosystem, which many organizations are rapidly adopting in order to integrate AI models with external data sources.
Published on: July 10, 2025 | Source:4 Arrested in UK Over M&S, Co-op, Harrods Hacks
The UK's National Crime Agency arrested four people, who some experts believe are connected to the notorious cybercriminal collective known as Scattered Spider.
Published on: July 10, 2025 | Source:UK Arrests Four in βScattered Spiderβ Ransom Group
Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlinesand the U.K. retail chain Marks & Spencer.
Published on: July 10, 2025 | Source:Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
Cybersecurity researchers have discovered a critical vulnerability in the open-source mcp-remote project that could result in the execution of arbitrary operating system (OS) commands. The vulnerability, tracked as CVE-2025-6514, carries a CVSS score of 9.6 out of 10.0. "The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it
Published on: July 10, 2025 | Source:Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
Cryptocurrency users are the target of an ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can drain digital assets from both Windows and macOS systems. "These malicious operations impersonate AI, gaming, and Web3 firms using spoofed social media accounts and project documentation hosted on legitimate platforms like Notion and
Published on: July 10, 2025 | Source:French police arrest Russian pro basketball player on behalf of US over ransomware suspicions
Daniil Kasatkin played briefly for Penn State University. Itβs the second European arrest on cyber allegations at the request of the United States to be revealed this week. The post French police arrest Russian pro basketball player on behalf of US over ransomware suspicions appeared first on CyberScoop.
Published on: July 10, 2025 | Source:eSIM Hack Allows for Cloning, SpyingΒ
Details have been disclosed for an eSIM hacking method that could impact many, but the industry is taking action. The post eSIM Hack Allows for Cloning, Spying appeared first on SecurityWeek.
Published on: July 10, 2025 | Source:UK arrests four for cyberattacks on major British retailers
The U.K.βs National Crime Agency claims the four were involved in attacks on Marks & Spencer. The cybersecurity industry attributed those attacks to Scattered Spider. The post UK arrests four for cyberattacks on major British retailers appeared first on CyberScoop.
Published on: July 10, 2025 | Source:Ingram Micro Restores Systems Impacted by Ransomware
Ingram Micro has restored operations across all countries and regions after disconnecting systems to contain a ransomware attack. The post Ingram Micro Restores Systems Impacted by Ransomware appeared first on SecurityWeek.
Published on: July 10, 2025 | Source:SIM Swap Fraud Is Surging β and That's a Good Thing
Now it's time to build systems that attackers can't reroute with a phone call.
Published on: July 10, 2025 | Source:Qantas Confirms 5.7 Million Impacted by Data Breach
Hackers compromised names, addresses, email address, phone numbers, and other information pertaining to Qantas customers. The post Qantas Confirms 5.7 Million Impacted by Data Breach appeared first on SecurityWeek.
Published on: July 10, 2025 | Source:Four Arrested in Β£440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
The U.K. National Crime Agency (NCA) on Thursday announced that four people have been arrested in connection with cyber attacks targeting major retailers Marks & Spencer, Co-op, and Harrods. The arrested individuals include two men aged 19, a third aged 17, and a 20-year-old woman. They were apprehended in the West Midlands and London on suspicion of Computer Misuse Act offenses, blackmail,
Published on: July 10, 2025 | Source:Booz Allen Invests in Machine Identity Firm Corsha
βMachine identitiesβ, often used interchangeably with βnon-human identitiesβ (NHIs), have been increasing rapidly since the start of digital transformation. The post Booz Allen Invests in Machine Identity Firm Corsha appeared first on SecurityWeek.
Published on: July 10, 2025 | Source:Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack
PCA Cyber Security has discovered critical vulnerabilities in the BlueSDK Bluetooth stack that could have allowed remote code execution on car systems. The post Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack appeared first on SecurityWeek.
Published on: July 10, 2025 | Source:What Security Leaders Need to Know About AI Governance for SaaS
Generative AI is not arriving with a bang, itβs slowly creeping into the software that companies already use on a daily basis. Whether it is video conferencing or CRM, vendors are scrambling to integrate AI copilots and assistants into their SaaS applications. Slack can now provide AI summaries of chat threads, Zoom can provide meeting summaries, and office suites such as Microsoft 365 contain
Published on: July 10, 2025 | Source:What Can Businesses Do About Ethical Dilemmas Posed by AI?
AI-made decisions are in many ways shaping and governing human lives. Companies have a moral, social, and fiduciary duty to responsibly lead its take-up. The post What Can Businesses Do About Ethical Dilemmas Posed by AI? appeared first on SecurityWeek.
Published on: July 10, 2025 | Source:New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App
Cybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via trojanized versions of legitimate software. SentinelOne, in a new report shared with The Hacker News, said the malware has been observed masquerading as the crossβplatform SSH client and serverβmanagement tool Termius in late May 2025. "ZuRu malware
Published on: July 10, 2025 | Source:AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs
Semiconductor company AMD is warning of a new set of vulnerabilities affecting a broad range of chipsets that could lead to information disclosure. The flaws, collectively called Transient Scheduler Attacks (TSA), manifest in the form of a speculative side channel in its CPUs that leverage execution timing of instructions under specific microarchitectural conditions. "In some cases, an attacker
Published on: July 10, 2025 | Source:ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs
A high-severity security flaw has been disclosed in ServiceNow's platform that, if successfully exploited, could result in data exposure and exfiltration. The vulnerability, tracked as CVE-2025-3648 (CVSS score: 8.2), has been described as a case of data inference in Now Platform through conditional access control list (ACL) rules. It has been codenamed Count(er) Strike. "A vulnerability has
Published on: July 10, 2025 | Source:North American APT Uses Exchange Zero-Day to Attack China
Stories about Chinese APTs attacking the US and Canada are plentiful. In a turnabout, researchers found what they believe is a North American entity attacking a Chinese entity, thanks to a mysterious issue in Microsoft Exchange.
Published on: July 10, 2025 | Source:Browser Exploits Wane as Users Become the Attack Surface
For browsers, exploitation is out β and getting users to compromise their own systems is in. Improved browser security has forced attackers to adapt their tactics, and they've accepted the challenge.
Published on: July 09, 2025 | Source:Trump bill will have major impact on health care cybersecurity, experts warn Congress
Witnesses at a Senate hearing Wednesday connected One Big Beautiful Bill provisions to potential cyber issues in the health care sector, much to GOP Sen. Bill Cassidyβs chagrin. The post Trump bill will have major impact on health care cybersecurity, experts warn Congress appeared first on CyberScoop.
Published on: July 09, 2025 | Source:An NVIDIA Container Bug & Chance to Harden Kubernetes
A container escape flaw involving the NVIDIA Container Toolkit could have enabled a threat actor to access AI datasets across tenants.
Published on: July 09, 2025 | Source:New AI Malware PoC Reliably Evades Microsoft Defender
Worried about hackers employing LLMs to write powerful malware? Using targeted reinforcement learning (RL) to train open source models in specific tasks has yielded the capability to do just that.
Published on: July 09, 2025 | Source: