Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors
A hacking group with ties other than Pakistan has been found targeting Indian government organizations with a modified variant of a remote access trojan (RAT) called DRAT. The activity has been attributed by Recorded Future's Insikt Group to a threat actor tracked as TAG-140, which it said overlaps with SideCopy, an adversarial collective assessed to be an operational sub-cluster within
Published on: July 07, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Police in Brazil Arrest a Suspect Over $100M Banking Hack
Officials identified the suspect as JoΓ£o Roque, a C&M employee who worked in information technology and allegedly helped others gain unauthorized access to PIX systems. The post Police in Brazil Arrest a Suspect Over $100M Banking Hack appeared first on SecurityWeek.
Published on: July 05, 2025 | Source:Taiwan NSB Alerts Public on Data Risks from Douyin, Weibo, and RedNote Over China Ties
Taiwan's National Security Bureau (NSB) has warned that China-developed applications like RedNote (aka Xiaohongshu), Weibo, Douyin, WeChat, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China. The alert comes following an inspection of these apps carried out in coordination with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal
Published on: July 05, 2025 | Source:Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties
Taiwan's National Security Bureau (NSB) has warned that China-developed applications like RedNote (aka Xiaohongshu), Weibo, TikTok, WeChat, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China. The alert comes following an inspection of these apps carried out in coordination with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal
Published on: July 05, 2025 | Source:Alert: Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS
Threat actors are weaponizing exposed Java Debug Wire Protocol (JDWP) interfaces to obtain code execution capabilities and deploy cryptocurrency miners on compromised hosts. "The attacker used a modified version of XMRig with a hard-"coded configuration, allowing them to avoid suspicious command-line arguments that are often flagged by defenders," Wiz researchers Yaara Shriki and Gili
Published on: July 05, 2025 | Source:Friday Squid Blogging: How Squid Skin Distorts Light
New research. As usual, you can also use this squid post to talk about the security stories in the news that I havenβt covered. Blog moderation policy.
Published on: July 04, 2025 | Source:NightEagle APT Exploits Microsoft Exchange Flaw to Target China's Military and Tech Sectors
Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to target government, defense, and technology sectors in China. According to QiAnXin's RedDrip Team, the threat actor has been active since 2023 and has switched network
Published on: July 04, 2025 | Source:In Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ransomware Negotiator Probed
Noteworthy stories that might have slipped under the radar: drug cartel hires hacker to identify FBI informants, prison time for Russian ransomware developer, ransomware negotiator investigated. The post In Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ransomware Negotiator Probed appeared first on SecurityWeek.
Published on: July 04, 2025 | Source:How to get into cybersecurity | Unlocked 403 cybersecurity podcast (S2E3)
Cracking the code of a successful cybersecurity career starts here. Hear from ESET's Robert Lipovsky as he reveals how to break into and thrive in this fast-paced field.
Published on: July 04, 2025 | Source:Your AI Agents Might Be Leaking Data β Watch this Webinar to Learn How to Stop It
Generative AI is changing how businesses work, learn, and innovate. But beneath the surface, something dangerous is happening. AI agents and custom GenAI workflows are creating new, hidden ways for sensitive enterprise data to leakβand most teams donβt even realize it. If youβre building, deploying, or managing AI systems, now is the time to ask: Are your AI agents exposing confidential data
Published on: July 04, 2025 | Source:Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros
Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines. A brief description of the vulnerabilities is below - CVE-2025-32462 (CVSS score: 2.8) - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host
Published on: July 04, 2025 | Source:Task scams: Why you should never pay to get paid
Some schemes might sound unbelievable, but theyβre easier to fall for than you think. Hereβs how to avoid getting played by gamified job scams.
Published on: July 04, 2025 | Source:Google Ordered to Pay $314M for Misusing Android Users' Cellular Data Without Permission
Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users' cellular data when they were idle to passively send information to the company. The verdict marks an end to a legal class-action complaint that was originally filed in August 2019. In their lawsuit, the plaintiffs argued that Google's Android operating system
Published on: July 04, 2025 | Source:Big Techβs Mixed Response to U.S. Treasury Sanctions
In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But more than a month later, the accused continues to openly operate accounts at a slew of American tech companies, including Facebook, Github, LinkedIn, PayPal and Twitter/X.
Published on: July 03, 2025 | Source:Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams
A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps were designed to load out-of-context ads on a user's screen and hide their icons from the device home screen launcher, making it harder for victims to remove them, per the company's Satori Threat Intelligence and Research Team. The apps have
Published on: July 03, 2025 | Source:China-linked attacker hit Franceβs critical infrastructure via trio of Ivanti zero-days last year
French authorities said government agencies and businesses spanning telecom, media, finance and transportation were impacted by the widely exploited Ivanti vulnerabilities. The post China-linked attacker hit Franceβs critical infrastructure via trio of Ivanti zero-days last year appeared first on CyberScoop.
Published on: July 03, 2025 | Source:New Cyber Blueprint Aims to Guide Organizations on AI Journey
Deloitte's new blueprint looks to bridge the gap between the massive push for AI adoption and a lack of preparedness among leaders and employees.
Published on: July 03, 2025 | Source:Dark Web Vendors Shift to Third Parties, Supply Chains
As attacks on software supply chains and third parties increase, more data on critical software and infrastructure services is being advertised and sold on the Dark Web.
Published on: July 03, 2025 | Source:IDE Extensions Pose Hidden Risks to Software Supply Chain
Malicious extensions can be engineered to bypass verification checks for popular integrated development environments, according to research from OX Security.
Published on: July 03, 2025 | Source:Attackers Impersonate Top Brands in Callback Phishing
Microsoft, PayPal, Docusign, and others are among the trusted brands threat actors use in socially engineered scams that try to get victims to call adversary-controlled phone numbers.
Published on: July 03, 2025 | Source:Undetectable Android Spyware Backfires, Leaks 62,000 User Logins
A vulnerability in the Catwatchful spyware allowed a security researcher to retrieve the usernames and passwords of over 62,000 accounts. The post Undetectable Android Spyware Backfires, Leaks 62,000 User Logins appeared first on SecurityWeek.
Published on: July 03, 2025 | Source:Cisco Warns of Hardcoded Credentials in Enterprise Software
Hardcoded SSH credentials in Cisco Unified CM and Unified CM SME could allow attackers to execute commands as root. The post Cisco Warns of Hardcoded Credentials in Enterprise Software appeared first on SecurityWeek.
Published on: July 03, 2025 | Source:Surveillance Used by a Drug Cartel
Once you build a surveillance system, you canβt control who will use it: A hacker working for the Sinaloa drug cartel was able to obtain an FBI officialβs phone records and use Mexico Cityβs surveillance cameras to help track and kill the agencyβs informants in 2018, according to a new US justice department report. The incident was disclosed in a justice department inspector generalβs audit of the FBIβs efforts to...
Published on: July 03, 2025 | Source:Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets
Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users' digital assets at risk. "These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox
Published on: July 03, 2025 | Source:The Hidden Weaknesses in AI SOC Tools that No One Talks About
If youβre evaluating AI-powered SOC platforms, youβve likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a handful of specific use cases. While that might work for yesterdayβs SOC, today's reality is different. Modern security operations teams face a
Published on: July 03, 2025 | Source:North Korean Hackers Use Fake Zoom Updates to Install macOSΒ Malware
SentinelOne says the fake Zoom update scam delivers βNimDoorβ, a rare Nim-compiled backdoor. The post North Korean Hackers Use Fake Zoom Updates to Install macOSMalware appeared first on SecurityWeek.
Published on: July 03, 2025 | Source:Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. The campaign, detected at the beginning of
Published on: July 03, 2025 | Source:How government cyber cuts will affect you and your business
Deep cuts in cybersecurity spending risk creating ripple effects that will put many organizations at a higher risk of falling victim to cyberattacks
Published on: July 03, 2025 | Source:Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges. The vulnerability, tracked as CVE-2025-20309, carries a CVSS score
Published on: July 03, 2025 | Source:Qantas Airlines Breached, Impacting 6M Customers
Passengers' personal information was likely accessed via a third-party platform used at a call center, but didn't include passport or credit card info.
Published on: July 02, 2025 | Source:Browser Extensions Pose Heightened, but Manageable, Security Risks
Attackers can abuse malicious extensions to access critical data, including credentials, but organizations can reduce the risks by raising awareness and enforcing strict policy controls.
Published on: July 02, 2025 | Source:Initial Access Broker Self-Patches Zero Days as Turf Control
A likely China-nexus threat actor has been exploiting unpatched Ivanti vulnerabilities to gain initial access to victim networks and then patching the systems to block others from breaking into the same network.
Published on: July 02, 2025 | Source:US Treasury Sanctions BPH Provider Aeza Group
In the past, the bulletproof group has been affiliated with many well-known ransomware and malware groups, such as BianLian and Lumma Stealer.
Published on: July 02, 2025 | Source:AI Tackles Binary Code Challenges to Fortify Supply Chain Security
Analyzing binary code helps vendors and organizations detect security threats and zero-day vulnerabilities in the software supply chain, but it doesn't come without challenges. It looks like AI has come to the rescue.
Published on: July 02, 2025 | Source:Russian APT 'Gamaredon' Hits Ukraine With Fierce Phishing
A Russian APT known as "Gamaredon" is using spear-phishing attacks and network-drive weaponization to target government entities in Ukraine.
Published on: July 02, 2025 | Source: