Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXChina-Linked APT41 Hackers Target U.S. Trade Officials Amid 2025 Negotiations
The House Select Committee on China has formally issued an advisory warning of an "ongoing" series of highly targeted cyber espionage campaigns linked to the People's Republic of China (PRC) amid contentious U.S.βChina trade talks. "These campaigns seek to compromise organizations and individuals involved in U.S.-China trade policy and diplomacy, including U.S. government agencies, U.S. business
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories
Advisories have also been published by Siemens, Schneider Electric, Phoenix Contact and CISA. The post ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories appeared first on SecurityWeek.
Southeast Asian Scam Centers Face More Financial Sanctions
Firms cooperating with cybercrime syndicates in Burma and Cambodia face sanctions by the US government and enforcement actions by China, but the scams continue to grow.
Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts
Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts. The vulnerability, tracked as CVE-2025-54236 (aka SessionReaper), carries a CVSS score of 9.1 out of a maximum of 10.0. It has been described as an improper input validation flaw. Adobe said it's not aware of
SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws
SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files. The vulnerabilities are listed below - CVE-2025-42944 (CVSS score: 10.0) - A deserialization vulnerability in SAP NetWeaver that could allow an unauthenticated attacker to submit a malicious
Critical infrastructure security tech needs to be as good as our smartphones, top NSC cyber official says
Alexei Bulazel said that even as the Trump administration is aiming to ratchet up cyber offense, thereβs still a vital role for defense. The post Critical infrastructure security tech needs to be as good as our smartphones, top NSC cyber official says appeared first on CyberScoop.
Microsoft Patch Tuesday addresses 81 vulnerabilities, none actively exploited
The company is ahead of pace, disclosing about 100 more vulnerabilities at this point in the year than it did in 2024, according to a researcher. The post Microsoft Patch Tuesday addresses 81 vulnerabilities, none actively exploited appeared first on CyberScoop.
Microsoft Patch Tuesday, September 2025 Edition
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft's most-dire "critical" label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in...
EoP Flaws Again Lead Microsoft Patch Day
Nearly half the CVEs Microsoft disclosed in its September security update, including one publicly known bug, enable escalation of privileges.
EoP Flaws Again Lead Microsoft Patch Tuesday
Nearly half the CVEs Microsoft disclosed in its September security update, including one publicly known bug, enable escalation of privileges.
U.S. indicts Ukrainian national for hundreds of ransomware attacks using multiple variants
The Department of Justice unsealed an indictment against a Ukrainian national alleged to be central to a ransomware campaign affecting hundreds of companies worldwide. Volodymyr Viktorovych Tymoshchuk, known online as βdeadforz,β βBoba,β βmsfv,β and βfarnetwork,β is accused of developing and deploying ransomware variants Nefilim, LockerGoga, and MegaCortex, all of which have been used in attacks [β¦] The post U.S....
Is the Browser Becoming the New Endpoint?
While the jury is still out, it's clear that use has skyrocketed and security needs to align.
Qantas Reduces Executive Pay Following Cyberattack
The data breach, which occurred earlier this year, saw threat actors compromise a third-party platform to obtain Qantas customers' personal information.
Huge NPM Supply-Chain Attack Goes Out With Whimper
Threat actors phished Qix's NPM account, then used their access to publish poisoned versions of 18 popular open-source packages accounting for more than 2 billion weekly downloads.
Huge NPM Supply Chain Attack Goes Out With Whimper
Threat actors phished Qix's NPM account, then used their access to publish poisoned versions of 18 popular open source packages accounting for more than 2 billion weekly downloads.
Adobe Patches Critical ColdFusion and Commerce Vulnerabilities
Adobe has patched nearly two dozen vulnerabilities across nine of its products with its September 2025 Patch Tuesday updates. The post Adobe Patches Critical ColdFusion and Commerce Vulnerabilities appeared first on SecurityWeek.
Former WhatsApp security manager sues company for privacy violations, professional retaliation
Attaullah Baig alleges that the social media giant fired him for raising security concerns about its WhatsApp messaging platform. The post Former WhatsApp security manager sues company for privacy violations, professional retaliation appeared first on CyberScoop.
Salty2FA Takes Phishing Kits to Enterprise Level
Cybercriminal operations use the same strategy and planning as legitimate organizations as they arm adversarial phishing kits with advanced features.
National cyber director: U.S. strategy needs to shift cyber risk from Americans to its adversaries
Sean Cairncross also talked about near-term priorities in his first public speech since being confirmed. The post National cyber director: U.S. strategy needs to shift cyber risk from Americans to its adversaries appeared first on CyberScoop.
Mitsubishi Electric to acquire Nozomi Networks in $1 billion deal
The acquisition represents the Japanese industrial giantβs largest to date. The post Mitsubishi Electric to acquire Nozomi Networks in $1 billion deal appeared first on CyberScoop.
Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks
Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft's Direct Send feature to form a "highly efficient attack pipeline" in recent phishing campaigns, according to new findings from ReliaQuest. "Axios user agent activity surged 241% from June to August 2025, dwarfing the 85% growth of all other flagged user agents combined," the cybersecurity company said in a
Exposed Docker APIs Likely Exploited to Build Botnet
Hackers mount the hostβs file system into fresh containers, fetch malicious scripts over the Tor network, and block access to the Docker API. The post Exposed Docker APIs Likely Exploited to Build Botnet appeared first on SecurityWeek.
SAP Patches Critical NetWeaver Vulnerabilities
The critical-severity NetWeaver flaws could be exploited for remote code execution and privilege escalation. The post SAP Patches Critical NetWeaver Vulnerabilities appeared first on SecurityWeek.
Ransomware Losses Climb as AI Pushes Phishing to New Heights
Based on real-world insurance claims, Resilienceβs midyear report shows vendor risk is declining but costly, ransomware is evolving with triple extortion, and social engineering attacks are accelerating through AI. The post Ransomware Losses Climb as AI Pushes Phishing to New Heights appeared first on SecurityWeek.
Ex-WhatsApp Employee Sues Meta Over Vulnerabilities, Retaliation
Attaullah Baig has filed a lawsuit against Meta and its executives, accusing them of retaliation over critical cybersecurity failures. The post Ex-WhatsApp Employee Sues Meta Over Vulnerabilities, Retaliation appeared first on SecurityWeek.
160,000 Impacted by Wayne Memorial Hospital Data Breach
In May 2024, hackers stole names, Social Security numbers, financial information, and protected health information from the hospitalβs systems. The post 160,000 Impacted by Wayne Memorial Hospital Data Breach appeared first on SecurityWeek.
RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities
A new Android malware called RatOnhas evolved from a basic tool capable of conducting Near Field Communication (NFC) relay attacksto a sophisticated remote access trojan with Automated Transfer System (ATS) capabilities to conduct device fraud. "RatOn merges traditional overlay attacks with automatic money transfers and NFC relay functionality β making it a uniquely powerful threat,"
New Cryptanalysis of the Fiat-Shamir Protocol
A couple of months ago, a new paper demonstrated some new attacks against the Fiat-Shamir transformation. Quanta published a good article that explains the results. This is a pretty exciting paper from a theoretical perspective, but I donβt see it leading to any practical real-world cryptanalysis. The fact that there are some weird circumstances that result in Fiat-Shamir insecurities isnβt newβmany dozens of papers...
[Webinar] Shadow AI Agents Multiply Fast β Learn How to Detect and Control Them
One click is all it takes. An engineer spins up an βexperimentalβ AI Agent to test a workflow. A business unit connects to automate reporting. A cloud platform quietly enables a new agent behind the scenes. Individually, they look harmless. But together, they form an invisible swarm of Shadow AI Agentsβoperating outside securityβs line of sight, tied to identities you donβt even know exist.
From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks
Cybersecurity researchers have disclosed details of a phishing campaign that delivers a stealthy banking malware-turned-remote access trojan called MostereRAT. The phishing attack incorporates a number of advanced evasion techniques to gain complete control over compromised systems, siphon sensitive data, and extend its functionality by serving secondary plugins, Fortinet FortiGuard Labs said. "
How Leading CISOs are Getting Budget Approval
Itβs budget season. Once again, security is being questioned, scrutinized, or deprioritized. If you're a CISO or security leader, you've likely found yourself explaining why your program matters, why a given tool or headcount is essential, and how the next breach is one blind spot away. But these arguments often fall short unless they're framed in a way the board can understand and appreciate.
Mitsubishi Electric to Acquire Nozomi Networks for Nearly $1 Billion
The industrial cybersecurity firm will become a wholly owned subsidiary of Mitsubishi Electric. The post Mitsubishi Electric to Acquire Nozomi Networks for Nearly $1 Billion appeared first on SecurityWeek.
TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs
Cybersecurity researchers have discovered a variant of a recently disclosed campaign that abuses the TOR network for cryptojacking attacks targeting exposed Docker APIs. Akamai, which discovered the latest activity last month, said it's designed to block other actors from accessing the Docker API from the internet. The findings build on a prior report from Trend Micro in late June 2025, which
Preventing business disruption and building cyber-resilience with MDR
Given the serious financial and reputational risks of incidents that grind business to a halt, organizations need to prioritize a prevention-first cybersecurity strategy
Plex Urges Password Resets Following Data Breach
Hackers accessed emails, usernames, password hashes, and authentication data stored in a Plex database. The post Plex Urges Password Resets Following Data Breach appeared first on SecurityWeek.