Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs
A high-severity security flaw has been disclosed in ServiceNow's platform that, if successfully exploited, could result in data exposure and exfiltration. The vulnerability, tracked as CVE-2025-3648 (CVSS score: 8.2), has been described as a case of data inference in Now Platform through conditional access control list (ACL) rules. It has been codenamed Count(er) Strike. "A vulnerability has
Published on: July 10, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
North American APT Uses Exchange Zero-Day to Attack China
Stories about Chinese APTs attacking the US and Canada are plentiful. In a turnabout, researchers found what they believe is a North American entity attacking a Chinese entity, thanks to a mysterious issue in Microsoft Exchange.
Published on: July 10, 2025 | Source:Browser Exploits Wane as Users Become the Attack Surface
For browsers, exploitation is out — and getting users to compromise their own systems is in. Improved browser security has forced attackers to adapt their tactics, and they've accepted the challenge.
Published on: July 09, 2025 | Source:Trump bill will have major impact on health care cybersecurity, experts warn Congress
Witnesses at a Senate hearing Wednesday connected One Big Beautiful Bill provisions to potential cyber issues in the health care sector, much to GOP Sen. Bill Cassidy’s chagrin. The post Trump bill will have major impact on health care cybersecurity, experts warn Congress appeared first on CyberScoop.
Published on: July 09, 2025 | Source:An NVIDIA Container Bug & Chance to Harden Kubernetes
A container escape flaw involving the NVIDIA Container Toolkit could have enabled a threat actor to access AI datasets across tenants.
Published on: July 09, 2025 | Source:New AI Malware PoC Reliably Evades Microsoft Defender
Worried about hackers employing LLMs to write powerful malware? Using targeted reinforcement learning (RL) to train open source models in specific tasks has yielded the capability to do just that.
Published on: July 09, 2025 | Source:Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets
The Initial Access Broker (IAB) known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized access to organizations and peddle that access to other threat actors. The activity is being tracked by Palo Alto Networks Unit 42 under the moniker TGR-CRI-0045, where "TGR" stands for "temporary group" and "CRI" refers to "criminal motivation."
Published on: July 09, 2025 | Source:AirMDR Tackles Security Burdens for SMBs With AI
The security startup provides managed detection and response services for small to midsize businesses to detect and address modern threats, such as ransomware, phishing attacks, and malicious insiders.
Published on: July 09, 2025 | Source:Rubio Impersonator Signals Growing Security Threat From Deepfakes
An impostor who posed as the secretary of state in text and voice communications with diplomats and politicians demonstrates the increased sophistication of and national security threat posed by the AI technology.
Published on: July 09, 2025 | Source:Know Your Enemy: Understanding Dark Market Dynamics
To help counter crime, today's organizations require a cyber-defense strategy that incorporates the mindset of the cybercriminal.
Published on: July 09, 2025 | Source:DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware
A threat actor with suspected ties to India has been observed targeting a European foreign affairs ministry with malware capable of harvesting sensitive data from compromised hosts. The activity has been attributed by Trellix Advanced Research Center to an advanced persistent threat (APT) group called DoNot Team, which is also known as APT-C-35, Mint Tempest, Origami Elephant, SECTOR02, and
Published on: July 09, 2025 | Source:Nippon Steel Subsidiary Blames Data Breach on Zero-Day Attack
Nippon Steel Solutions has disclosed a data breach that resulted from the exploitation of a zero-day in network equipment. The post Nippon Steel Subsidiary Blames Data Breach on Zero-Day Attack appeared first on SecurityWeek.
Published on: July 09, 2025 | Source:SatanLock Next in Line for Ransomware Group Shutdowns
Though the victims list on its site has since been taken down, the group plans on leaking the rest of the files stolen from its victims.
Published on: July 09, 2025 | Source:Samsung Announces Security Improvements for Galaxy Smartphones
New Samsung Galaxy features include protections for on-device AI, expanded cross-device threat detection, and quantum-resistant encryption for network security. The post Samsung Announces Security Improvements for Galaxy Smartphones appeared first on SecurityWeek.
Published on: July 09, 2025 | Source:U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology (IT) worker scheme. The Treasury said Song Kum Hyok, a 38-year-old North Korean national with an address in the Chinese province of Jilin, enabled the fraudulent operation by using
Published on: July 09, 2025 | Source:Yet Another Strava Privacy Leak
This time it’s the Swedish prime minister’s bodyguards. (Last year, it was the US Secret Service and Emmanuel Macron’s bodyguards. in 2018, it was secret US military bases.) This is ridiculous. Why do people continue to make their data public?
Published on: July 09, 2025 | Source:How To Automate Ticket Creation, Device Identification and Threat Triage With Tines
Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform’s Community Edition. A recent standout is a workflow that handles malware alerts with CrowdStrike, Oomnitza, GitHub, and PagerDuty. Developed by Lucas Cantor at
Published on: July 09, 2025 | Source:Unpatched Ruckus Vulnerabilities Allow Wireless Environment Hacking
Multiple vulnerabilities in Ruckus Wireless management products could be exploited to fully compromise the managed environments. The post Unpatched Ruckus Vulnerabilities Allow Wireless Environment Hacking appeared first on SecurityWeek.
Published on: July 09, 2025 | Source:Canadian Electric Utility Says Power Meters Disrupted by Cyberattack
Nova Scotia Power is notifying individuals affected by the recent data breach, including in the United States. The post Canadian Electric Utility Says Power Meters Disrupted by Cyberattack appeared first on SecurityWeek.
Published on: July 09, 2025 | Source:Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks
A Chinese national has been arrested in Milan, Italy, for his alleged links to a state-sponsored hacking group known as Silk Typhoon and for carrying out cyber attacks against American organizations and government agencies. The 33-year-old, Xu Zewei, has been charged with nine counts of wire fraud and conspiracy to cause damage to and obtain information by unauthorized access to protected
Published on: July 09, 2025 | Source:Ivanti, Fortinet, Splunk Release Security Updates
Ivanti, Fortinet, and Splunk have released patches for critical- and high-severity vulnerabilities in their products. The post Ivanti, Fortinet, Splunk Release Security Updates appeared first on SecurityWeek.
Published on: July 09, 2025 | Source:Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server
For the first time in 2025, Microsoft's Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but the company acknowledged one of the addressed flaws had been publicly known. The patches resolve a whopping 130 vulnerabilities, along with 10 other non-Microsoft CVEs that affect Visual Studio, AMD, and its Chromium-based Edge browser. Of these, 10 are rated Critical
Published on: July 09, 2025 | Source:Alleged Chinese State Hacker Wanted by US Arrested in Italy
Xu Zewei has been arrested on charges that he is a member of the Chinese state-sponsored hacking group Hafnium (Silk Typhoon). The post Alleged Chinese State Hacker Wanted by US Arrested in Italy appeared first on SecurityWeek.
Published on: July 09, 2025 | Source:South Korean Government Imposes Penalties on SK Telecom for Breach
Following a breach at the country's top mobile provider that exposed 27 million records, the South Korean government imposed a small monetary penalty but stiff regulatory requirements.
Published on: July 09, 2025 | Source:Microsoft Patch Tuesday, July 2025 Edition
Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire "critical" rating, meaning they could be exploited to seize control over vulnerable Windows PCs with little or no help from users.
Published on: July 09, 2025 | Source:Unlock Security Operations Success With Data Analysis
From data fog to threat clarity: Automating security analytics helps security teams stop fighting phantoms and respond to what matters.
Published on: July 08, 2025 | Source:AI Trust Score Ranks LLM Security
Startup Tumeryk's AI Trust scorecard finds Google Gemini Pro 2.5 as the most trustworthy, with OpenAI's GPT-4o mini a close second and DeepSeek and Alibaba Qwen scoring lowest.
Published on: July 08, 2025 | Source:Appeals court clears path for El Salvadoran journos to sue spyware maker
The court vacated the district court’s decision to dismiss the case against NSO Group, saying it abused its discretion in doing so. The post Appeals court clears path for El Salvadoran journos to sue spyware maker appeared first on CyberScoop.
Published on: July 08, 2025 | Source:Microsoft Patch Tuesday addresses 130 vulnerabilities, none actively exploited
Researchers are especially concerned about a high-severity defect in SQL Server and a critical vulnerability in SPNEGO, a foundational protocol. The post Microsoft Patch Tuesday addresses 130 vulnerabilities, none actively exploited appeared first on CyberScoop.
Published on: July 08, 2025 | Source:Adobe Patches Critical Code Execution Bugs
Adobe patches were also released for medium-severity flaws in After Effects, Audition, Dimension, Experience Manager Screens, FrameMaker, Illustrator, Substance 3D Stager, and Substance 3D Viewer. The post Adobe Patches Critical Code Execution Bugs appeared first on SecurityWeek.
Published on: July 08, 2025 | Source:Microsoft Patches 137 CVEs in July, but No Zero-Days
Some 17 of the bugs are at high risk for exploits, including multiple remote code execution bugs in Office and SharePoint.
Published on: July 08, 2025 | Source:Microsoft Patches 130 Vulnerabilities for July 2025 Patch Tuesday
Patch Tuesday July 2025: Microsoft rolled out fixes for 130 vulnerabilities, including a zero-day in SQL Server. The post Microsoft Patches 130 Vulnerabilities for July 2025 Patch Tuesday appeared first on SecurityWeek.
Published on: July 08, 2025 | Source:Malicious Open Source Packages Spike 188% YoY
Data exfiltration was the most common malware in Sonatype report, with more than 4,400 packages designed to steal secrets, personally identifiable information, credentials, and API tokens.
Published on: July 08, 2025 | Source:Italian authorities arrest Chinese man over Microsoft Exchange Server hack, targeting of COVID-19 researchers
The arrest came at the request of the United States, which hailed the development as a sign that patience in pursuing cybercriminals in court is rewarded. The post Italian authorities arrest Chinese man over Microsoft Exchange Server hack, targeting of COVID-19 researchers appeared first on CyberScoop.
Published on: July 08, 2025 | Source:Impostor Uses AI to Impersonate Rubio and Contact Foreign and US Officials
The warning came after the department discovered that an impostor attempted to reach out to at least three foreign ministers, a U.S. senator and a governor. The post Impostor Uses AI to Impersonate Rubio and Contact Foreign and US Officials appeared first on SecurityWeek.
Published on: July 08, 2025 | Source: