Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXDormant macOS Backdoor ChillyHell Resurfaces
With multiple persistence mechanisms, the modular malware can brute-force passwords, drop payloads, and communicate over different protocols.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Apple Unveils iPhone Memory Protections to Combat Sophisticated Attacks
Appleβs new Memory Integrity Enforcement (MIE) brings always-on memory-safety protection covering key attack surfaces β including the kernel and over 70 userland processes. The post Apple Unveils iPhone Memory Protections to Combat Sophisticated Attacks appeared first on SecurityWeek.
Hush Security Emerges Stealth to Eliminate Credential Threats With No-Secrets Platform
Tel Avivβbased startup replaces vaults and secrets managers with just-in-time policies, aiming to eliminate credentials entirely. The post Hush Security Emerges Stealth to Eliminate Credential Threats With No-Secrets Platform appeared first on SecurityWeek.
Apple iPhone Air and iPhone 17 Feature A19 Chips With Spyware-Resistant Memory Safety
Apple on Tuesday revealed a new security feature called Memory Integrity Enforcement (MIE) that's built into its newly introduced iPhone models, including iPhone 17 and iPhone Air. MIE, per the tech giant, offers "always-on memory safety protection" across critical attack surfaces such as the kernel and over 70 userland processes without sacrificing device performance by designing its A19 and
Fortinet, Ivanti, Nvidia Release Security Updates
High-severity vulnerabilities could lead to remote code execution, privilege escalation, information disclosure, and configuration tampering. The post Fortinet, Ivanti, Nvidia Release Security Updates appeared first on SecurityWeek.
The Time-Saving Guide for Service Providers: Automating vCISO and Compliance Services
Introduction Managed service providers (MSPs) and managed security service providers (MSSPs) are under increasing pressure to deliver strong cybersecurity outcomes in a landscape marked by rising threats and evolving compliance requirements. At the same time, clients want better protection without managing cybersecurity themselves. Service providers must balance these growing demands with the
US Offers $10 Million Reward for Ukrainian Ransomware Operator
Volodymyr Tymoshchuk allegedly hit hundreds of organizations with the LockerGoga, MegaCortex, and Nefilim ransomware families. The post US Offers $10 Million Reward for Ukrainian Ransomware Operator appeared first on SecurityWeek.
Highly Popular NPM Packages Poisoned in New Supply Chain Attack
Designed to intercept cryptocurrency transactions, the malicious code reached 10% of cloud environments. The post Highly Popular NPM Packages Poisoned in New Supply Chain Attack appeared first on SecurityWeek.
Watch Out for Salty2FA: New Phishing Kit Targeting US and EU Enterprises
Phishing-as-a-Service (PhaaS) platforms keep evolving, giving attackers faster and cheaper ways to break into corporate accounts. Now, researchers at ANY.RUN has uncovered a new entrant: Salty2FA, a phishing kit designed to bypass multiple two-factor authentication methods and slip past traditional defenses. Already spotted in campaigns across the US and EU, Salty2FA puts enterprises at
China-Linked APT41 Hackers Target U.S. Trade Officials Amid 2025 Negotiations
The House Select Committee on China has formally issued an advisory warning of an "ongoing" series of highly targeted cyber espionage campaigns linked to the People's Republic of China (PRC) amid contentious U.S.βChina trade talks. "These campaigns seek to compromise organizations and individuals involved in U.S.-China trade policy and diplomacy, including U.S. government agencies, U.S. business
ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories
Advisories have also been published by Siemens, Schneider Electric, Phoenix Contact and CISA. The post ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories appeared first on SecurityWeek.
Southeast Asian Scam Centers Face More Financial Sanctions
Firms cooperating with cybercrime syndicates in Burma and Cambodia face sanctions by the US government and enforcement actions by China, but the scams continue to grow.
Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts
Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts. The vulnerability, tracked as CVE-2025-54236 (aka SessionReaper), carries a CVSS score of 9.1 out of a maximum of 10.0. It has been described as an improper input validation flaw. Adobe said it's not aware of
SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws
SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files. The vulnerabilities are listed below - CVE-2025-42944 (CVSS score: 10.0) - A deserialization vulnerability in SAP NetWeaver that could allow an unauthenticated attacker to submit a malicious
Critical infrastructure security tech needs to be as good as our smartphones, top NSC cyber official says
Alexei Bulazel said that even as the Trump administration is aiming to ratchet up cyber offense, thereβs still a vital role for defense. The post Critical infrastructure security tech needs to be as good as our smartphones, top NSC cyber official says appeared first on CyberScoop.
Microsoft Patch Tuesday addresses 81 vulnerabilities, none actively exploited
The company is ahead of pace, disclosing about 100 more vulnerabilities at this point in the year than it did in 2024, according to a researcher. The post Microsoft Patch Tuesday addresses 81 vulnerabilities, none actively exploited appeared first on CyberScoop.
Microsoft Patch Tuesday, September 2025 Edition
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft's most-dire "critical" label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in...
EoP Flaws Again Lead Microsoft Patch Tuesday
Nearly half the CVEs Microsoft disclosed in its September security update, including one publicly known bug, enable escalation of privileges.
EoP Flaws Again Lead Microsoft Patch Day
Nearly half the CVEs Microsoft disclosed in its September security update, including one publicly known bug, enable escalation of privileges.
U.S. indicts Ukrainian national for hundreds of ransomware attacks using multiple variants
The Department of Justice unsealed an indictment against a Ukrainian national alleged to be central to a ransomware campaign affecting hundreds of companies worldwide. Volodymyr Viktorovych Tymoshchuk, known online as βdeadforz,β βBoba,β βmsfv,β and βfarnetwork,β is accused of developing and deploying ransomware variants Nefilim, LockerGoga, and MegaCortex, all of which have been used in attacks [β¦] The post U.S....
Is the Browser Becoming the New Endpoint?
While the jury is still out, it's clear that use has skyrocketed and security needs to align.
Qantas Reduces Executive Pay Following Cyberattack
The data breach, which occurred earlier this year, saw threat actors compromise a third-party platform to obtain Qantas customers' personal information.
Huge NPM Supply Chain Attack Goes Out With Whimper
Threat actors phished Qix's NPM account, then used their access to publish poisoned versions of 18 popular open source packages accounting for more than 2 billion weekly downloads.
Huge NPM Supply-Chain Attack Goes Out With Whimper
Threat actors phished Qix's NPM account, then used their access to publish poisoned versions of 18 popular open-source packages accounting for more than 2 billion weekly downloads.
Adobe Patches Critical ColdFusion and Commerce Vulnerabilities
Adobe has patched nearly two dozen vulnerabilities across nine of its products with its September 2025 Patch Tuesday updates. The post Adobe Patches Critical ColdFusion and Commerce Vulnerabilities appeared first on SecurityWeek.
Former WhatsApp security manager sues company for privacy violations, professional retaliation
Attaullah Baig alleges that the social media giant fired him for raising security concerns about its WhatsApp messaging platform. The post Former WhatsApp security manager sues company for privacy violations, professional retaliation appeared first on CyberScoop.
Salty2FA Takes Phishing Kits to Enterprise Level
Cybercriminal operations use the same strategy and planning as legitimate organizations as they arm adversarial phishing kits with advanced features.
National cyber director: U.S. strategy needs to shift cyber risk from Americans to its adversaries
Sean Cairncross also talked about near-term priorities in his first public speech since being confirmed. The post National cyber director: U.S. strategy needs to shift cyber risk from Americans to its adversaries appeared first on CyberScoop.
Mitsubishi Electric to acquire Nozomi Networks in $1 billion deal
The acquisition represents the Japanese industrial giantβs largest to date. The post Mitsubishi Electric to acquire Nozomi Networks in $1 billion deal appeared first on CyberScoop.
Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks
Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft's Direct Send feature to form a "highly efficient attack pipeline" in recent phishing campaigns, according to new findings from ReliaQuest. "Axios user agent activity surged 241% from June to August 2025, dwarfing the 85% growth of all other flagged user agents combined," the cybersecurity company said in a
Exposed Docker APIs Likely Exploited to Build Botnet
Hackers mount the hostβs file system into fresh containers, fetch malicious scripts over the Tor network, and block access to the Docker API. The post Exposed Docker APIs Likely Exploited to Build Botnet appeared first on SecurityWeek.
SAP Patches Critical NetWeaver Vulnerabilities
The critical-severity NetWeaver flaws could be exploited for remote code execution and privilege escalation. The post SAP Patches Critical NetWeaver Vulnerabilities appeared first on SecurityWeek.
Ransomware Losses Climb as AI Pushes Phishing to New Heights
Based on real-world insurance claims, Resilienceβs midyear report shows vendor risk is declining but costly, ransomware is evolving with triple extortion, and social engineering attacks are accelerating through AI. The post Ransomware Losses Climb as AI Pushes Phishing to New Heights appeared first on SecurityWeek.
Ex-WhatsApp Employee Sues Meta Over Vulnerabilities, Retaliation
Attaullah Baig has filed a lawsuit against Meta and its executives, accusing them of retaliation over critical cybersecurity failures. The post Ex-WhatsApp Employee Sues Meta Over Vulnerabilities, Retaliation appeared first on SecurityWeek.
160,000 Impacted by Wayne Memorial Hospital Data Breach
In May 2024, hackers stole names, Social Security numbers, financial information, and protected health information from the hospitalβs systems. The post 160,000 Impacted by Wayne Memorial Hospital Data Breach appeared first on SecurityWeek.