Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXIn Other News: CrowdStrike Vulnerabilities, CISA Layoffs, Mango Data Breach
Other noteworthy stories that might have slipped under the radar: Capita fined 14 million, ICTBroadcast vulnerability exploited, Spyware maker NSO acquired. The post In Other News: CrowdStrike Vulnerabilities, CISA Layoffs, Mango Data Breach appeared first on SecurityWeek.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware
The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset. That's according to new findings from Cisco Talos, which said recent campaigns undertaken by the hacking group have seen the functions of BeaverTail and OtterCookie coming
Email Bombs Exploit Lax Authentication in Zendesk
Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously.
Hackers Steal Sensitive Data From Auction House Sotheby’s
Sotheby's has disclosed a data breach impacting personal information, including SSNs. The post Hackers Steal Sensitive Data From Auction House Sotheby’s appeared first on SecurityWeek.
A Surprising Amount of Satellite Traffic Is Unencrypted
Here’s the summary: We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls and SMS, and consumer Internet traffic...
Identity Security: Your First and Last Line of Defense
The danger isn’t that AI agents have bad days — it’s that they never do. They execute faithfully, even when what they’re executing is a mistake. A single misstep in logic or access can turn flawless automation into a flawless catastrophe. This isn't some dystopian fantasy—it's Tuesday at the office now. We've entered a new phase where autonomous AI agents act with serious system privileges. They
‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability
CVE-2025-55315 is an HTTP request smuggling bug leading to information leaks, file content tampering, and server crashes. The post ‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability appeared first on SecurityWeek.
Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices
Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code. The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is described as an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including
Prosper Data Breach Impacts 17.6 Million Accounts
Hackers stole names, addresses, dates of birth, email addresses, Social Security numbers, government IDs, and other information. The post Prosper Data Breach Impacts 17.6 Million Accounts appeared first on SecurityWeek.
Vulnerabilities Allow Disruption of Phoenix Contact UPS Devices
An attacker can exploit the flaws to put devices into a permanent DoS condition that prevents remote restoration. The post Vulnerabilities Allow Disruption of Phoenix Contact UPS Devices appeared first on SecurityWeek.
Gladinet Patches Exploited CentreStack Vulnerability
The unauthenticated local file inclusion bug allows attackers to retrieve the machine key and execute code remotely via a ViewState deserialization issue. The post Gladinet Patches Exploited CentreStack Vulnerability appeared first on SecurityWeek.
North Korean operatives spotted using evasive techniques to steal data and cryptocurrency
Research from Cisco Talos and Google Threat Intelligence Group underscores the extent to which North Korea-aligned attackers attempt to avoid detection. The post North Korean operatives spotted using evasive techniques to steal data and cryptocurrency appeared first on CyberScoop.
Cyberattackers Target LastPass, Top Password Managers
Be aware: a rash of phishing campaigns are leveraging the anxiety and trust employees have in password vaults securing all of their credentials.
Leaks in Microsoft VS Code Marketplace Put Supply Chain at Risk
Researchers discovered more than 550 unique secrets exposed in Visual Studio Code marketplaces, prompting Microsoft to bolster security measures.
China Hackers Test AI-Optimized Attack Chains in Taiwan
AI might help some threat actors in certain respects, but one group is proving that its use for cyberattacks has its limits.
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
A threat actor with ties to the Democratic People's Republic of Korea (aka North Korea) has been observed leveraging the EtherHiding technique to distribute malware and enable cryptocurrency theft, marking the first time a state-sponsored hacking group has embraced the method. The activity has been attributed by Google Threat Intelligence Group (GTIG) to a threat cluster it tracks as UNC5342,
Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites
A financially motivated threat actor codenamed UNC5142 has been observed abusing blockchain smart contracts as a way to facilitate the distribution of information stealers, such as Atomic (AMOS), Lumma, Rhadamanthys (aka RADTHIEF), and Vidar, targeting both Windows and Apple macOS systems. "UNC5142 is characterized by its use of compromised WordPress websites and 'EtherHiding,' a technique used
Microsoft Revokes Over 200 Certificates to Disrupt Ransomware Campaign
The tech giant attributed the attacks to Vanilla Tempest, also known as Vice Spider and Vice Society. The post Microsoft Revokes Over 200 Certificates to Disrupt Ransomware Campaign appeared first on SecurityWeek.
LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets
An investigation into the compromise of an Amazon Web Services (AWS)-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dubbed LinkPro, according to findings from Synacktiv. "This backdoor features functionalities relying on the installation of two eBPF [extended Berkeley Packet Filter] modules, on the one hand to conceal itself, and on the other hand to be remotely
AISLE Emerges From Stealth With AI-Based Reasoning System to Remediate Vulnerabilities on the Fly
AISLE aims to automate the vulnerability remediation process by detecting, exploiting, and patching software vulnerabilities in real time. The post AISLE Emerges From Stealth With AI-Based Reasoning System to Remediate Vulnerabilities on the Fly appeared first on SecurityWeek.
Matters.AI Raises $6.25 Million to Safeguard Enterprise Data
The company’s AI Security Engineer autonomously keeps enterprise data protected across devices and environments. The post Matters.AI Raises $6.25 Million to Safeguard Enterprise Data appeared first on SecurityWeek.
Organizations Warned of Exploited Adobe AEM Forms Vulnerability
A public PoC existed when Adobe patched the Experience Manager Forms (AEM Forms) bug in early August. The post Organizations Warned of Exploited Adobe AEM Forms Vulnerability appeared first on SecurityWeek.
Architectures, Risks, and Adoption: How to Assess and Choose the Right AI-SOC Platform
Scaling the SOC with AI - Why now? Security Operations Centers (SOCs) are under unprecedented pressure. According to SACR’s AI-SOC Market Landscape 2025, the average organization now faces around 960 alerts per day, while large enterprises manage more than 3,000 alerts daily from an average of 28 different tools. Nearly 40% of those alerts go uninvestigated, and 61% of security teams admit
Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in "Zero Disco' Attacks
Cybersecurity researchers have disclosed details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems. The activity, codenamed Operation Zero Disco by Trend Micro, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple
Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in 'Zero Disco' Attacks
Cybersecurity researchers have disclosed details of a new campaign that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems. The activity, codenamed Operation Zero Disco by Trend Micro, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple
Cisco Routers Hacked for Rootkit Deployment
Threat actors are exploiting CVE-2025-20352, a recent Cisco zero-day, to deploy a rootkit on older networking devices. The post Cisco Routers Hacked for Rootkit Deployment appeared first on SecurityWeek.
Cryptocurrency ATMs
CNN has a great piece about how cryptocurrency ATMs are used to scam people out of their money. The fees are usurious, and they’re a common place for scammers to send victims to buy cryptocurrency for them. The companies behind the ATMs, at best, do not care about the harm they cause; the profits are just too good.
US Charges Cambodian Executive in Massive Crypto Scam and Seizes More Than $14 Billion in Bitcoin
In an indictment, federal prosecutors charged Prince Holding Group chairman Chen Zhi with wire fraud conspiracy and money laundering conspiracy. The post US Charges Cambodian Executive in Massive Crypto Scam and Seizes More Than $14 Billion in Bitcoin appeared first on SecurityWeek.
Beware the Hidden Costs of Pen Testing
Penetration testing helps organizations ensure IT systems are secure, but it should never be treated in a one-size-fits-all approach. Traditional approaches can be rigid and cost your organization time and money – while producing inferior results. The benefits of pen testing are clear. By empowering “white hat” hackers to attempt to breach your system using similar tools and techniques to
Why the web-hosting industry needs a trust seal
The internet has moved beyond SSL and requires better safeguards to protect against cyber threats. The post Why the web-hosting industry needs a trust seal appeared first on CyberScoop.
Four-Year Prison Sentence for PowerSchool Hacker
Matthew Lane pleaded guilty in May to extorting two companies after hacking into their networks and stealing information. The post Four-Year Prison Sentence for PowerSchool Hacker appeared first on SecurityWeek.
ThreatsDay Bulletin: $15B Crypto Bust, Satellite Spying, Billion-Dollar Smishing, Android RATs & More
The online world is changing fast. Every week, new scams, hacks, and tricks show how easy it’s become to turn everyday technology into a weapon. Tools made to help us work, connect, and stay safe are now being used to steal, spy, and deceive. Hackers don’t always break systems anymore — they use them. They hide inside trusted apps, copy real websites, and trick people into giving up control
F5 Hack: Attack Linked to China, BIG-IP Flaws Patched, Governments Issue Alerts
More information has come to light on the cyberattack disclosed this week by F5, including on attribution and potential risks. The post F5 Hack: Attack Linked to China, BIG-IP Flaws Patched, Governments Issue Alerts appeared first on SecurityWeek.
CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-54253 (CVSS score: 10.0), a maximum-severity misconfiguration bug that could result in arbitrary code execution.
LevelBlue Announces Plans to Acquire XDR Provider Cybereason
The deal, which builds on LevelBlue's recent acquisition of Trustwave and Aon, aims to provide customers with a broad portfolio of extended detection and response, managed detection and response, and forensic services.