Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXScammers Are Using Grok to Spread Malicious Links on X
It's called "grokking," and gives spammers a way to skirt X's ban on links in promoted posts and reach larger audiences than ever before.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
How to Close the AI Governance Gap in Software Development
Widespread adoption of AI coding tools accelerates developmentβbut also introduces critical vulnerabilities that demand stronger governance and oversight. The post How to Close the AI Governance Gap in Software Development appeared first on SecurityWeek.
TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations
The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan known as CastleRAT. "Available in both Python and C variants, CastleRAT's core functionality consists of collecting system information, downloading and executing additional payloads, and executing commands via CMD and PowerShell," Recorded Future Insikt Group
Embracing the Next Generation of Cybersecurity Talent
Programs like student-run SOCs can expand our cybersecurity workforce and better secure our public and private entities for when, not if, cyberattacks occur.
Academics Build AI-Powered Android Vulnerability Discovery and Validation Tool
Called A2, the framework mimics human analysis to identify vulnerabilities in Android applications and then validates them. The post Academics Build AI-Powered Android Vulnerability Discovery and Validation Tool appeared first on SecurityWeek.
Federal Cuts Put Local, State Agencies at Cyber-Risk
Cyberattackers target local and state agencies, a problem as the Trump administration cuts cybersecurity funds and culls workers at federal security agencies.
FireCompass Raises $20 Million for Offensive Security Platform
The AI-powered automated penetration testing firm will invest the new funds in R&D, team expansion, and global scale. The post FireCompass Raises $20 Million for Offensive Security Platform appeared first on SecurityWeek.
In Other News: Scammers Abuse Grok, US Manufacturing Attacks, Gmail Security Claims Debunked
Noteworthy stories that might have slipped under the radar: Google fined 325 million, City of Baltimore sent $1.5 million to scammer, Bridgestone targeted in cyberattack. The post In Other News: Scammers Abuse Grok, US Manufacturing Attacks, Gmail Security Claims Debunked appeared first on SecurityWeek.
GPT-4o-mini Falls for Psychological Manipulation
Interesting experiment: To design their experiment, the University of Pennsylvania researchers tested 2024βs GPT-4o-mini model on two requests that it should ideally refuse: calling the user a jerk and giving directions for how to synthesize lidocaine. The researchers created experimental prompts for both requests using each of seven different persuasion techniques (examples of which are included here): Authority: βI...
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month. "SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module
North Korean Hackers Targeted Hundreds in Fake Job Interview Attacks
The hackers were seen actively monitoring cyber threat intelligence to discover and rebuild exposed infrastructure. The post North Korean Hackers Targeted Hundreds in Fake Job Interview Attacks appeared first on SecurityWeek.
Under lock and key: Safeguarding business data with encryption
As the attack surface expands and the threat landscape grows more complex, itβs time to consider whether your data protection strategy is fit for purpose
More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach
Proofpoint, SpyCloud, Tanium, and Tenable confirmed that hackers accessed information stored in their Salesforce instances. The post More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach appeared first on SecurityWeek.
Automation Is Redefining Pentest Delivery
Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn't kept pace. Most organizations still rely on traditional reporting methodsβstatic PDFs, emailed documents, and spreadsheet-based tracking. The problem? These outdated workflows introduce delays,
Recent SAP S/4HANA Vulnerability Exploited in Attacks
A critical SAP S/4HANA code injection flaw tracked as CVE-2025-42957 and allowing full system takeover has been exploited in the wild. The post Recent SAP S/4HANA Vulnerability Exploited in Attacks appeared first on SecurityWeek.
VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages
Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing attacks impersonating the Colombian judicial system. The SVG files, according to VirusTotal, are distributed via email and designed to execute an embedded JavaScript payload, which then decodes and injects a Base64-encoded HTML phishing page masquerading as a
Sitecore Zero-Day Sparks New Round of ViewState Threats
The vulnerability marks the latest example of threat actors weaponizing exposed ASP.NET machine keys for remote injection and deserialization attacks.
Bridgestone Americas Confirms Cyberattack
Reports of disruptions at North American plants emerged earlier this week, though the nature of the attack on the tire manufacturer remains unclear.
Chinese Hackers Game Google to Boost Gambling Sites
New threat actor "GhostRedirector" is using a malicious IIS module to inject links that try to artificially boost search engine ranking for target sites.
ISC2 Aims to Bridge DFIR Skill Gap with New Certificate
The Nonprofit organization launched the Threat Handling Foundations Certificate amid mounting incident and breach disclosures.
ISC2 Aims to Bridge DFIR Skills Gap With New Certificate
The nonprofit training organization's new program addresses digital forensics, incident management, and network threat hunting.
Phishing Empire Runs Undetected on Google, Cloudflare
What's believed to be a global phishing-as-a-service enterprise using cloaking techniques has been riding on public cloud infrastructure for more than 3 years.
Czech Warning Highlights China Stealing User Data
Czech cyber agency NΓKIB warned of the risks of using products and software that send data back to China.
Russian APT28 Deploys βNotDoorβ Outlook Backdoor Against Companies in NATO Countries
The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member countries. NotDoor "is a VBA macro for Outlook designed to monitor incoming emails for a specific trigger word," S2 Grupo's LAB52 threat intelligence team said. "When such an email is
GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam. The attacks, per Slovak cybersecurity company ESET, led to the deployment of a passive C++ backdoor called Rungan and a native Internet Information Services (IIS) module
AI can help track an ever-growing body of vulnerabilities, CISA official says
Artificial intelligence was a recurring theme among federal leaders who spoke at a GDIT event held Thursday. The post AI can help track an ever-growing body of vulnerabilities, CISA official says appeared first on CyberScoop.
Sitecore zero-day vulnerability springs up from exposed machine key
The actively exploited defect, triggered by an attackerβs use of a publicly available sample machine key, underscores the vendor and customersβ poor configuration practices. The post Sitecore zero-day vulnerability springs up from exposed machine key appeared first on CyberScoop.
Blast Radius of Salesloft Drift Attacks Remains Uncertain
Many high-profile Salesloft Drift customers have disclosed data breaches as a result of a recent supply chain attack, but the extent and severity of this campaign are unclear.
UltraViolet Expands AppSec Capabilities With Black Duck's Testing Business
The addition of Black Duck's application security testing offering to UltraViolet Cyber's portfolio helps security teams find and remediate issues earlier in the security lifecycle.
Why Threat Hunting Should Be Part of Every Security Program
The more you hunt, the more you learn.
How Gray-Zone Hosting Companies Protect Data the US Wants Erased
The digital refuge: Abortion clinics, activist groups, and other organizations are turning to overseas hosting providers willing to keep their data β and their work β safe.
AI Supply Chain Attack Method Demonstrated Against Google, Microsoft Products
An AI supply chain issue named Model Namespace Reuse can allow attackers to deploy malicious models and achieve code execution. The post AI Supply Chain Attack Method Demonstrated Against Google, Microsoft Products appeared first on SecurityWeek.
US Offers $10 Million for Three Russian Energy Firm Hackers
Marat Tyukov, Mikhail Gavrilov, and Pavel Akulov targeted US critical infrastructure and over 500 energy companies in 135 countries. The post US Offers $10 Million for Three Russian Energy Firm Hackers appeared first on SecurityWeek.
Sola Security Raises $35M to Bring No-Code App Building to Cybersecurity Teams
The Israeli startupβs AI-powered no-code platform helps security teams design and deploy custom apps in minutesβtackling tool sprawl without heavy engineering. The post Sola Security Raises $35M to Bring No-Code App Building to Cybersecurity Teams appeared first on SecurityWeek.
Generative AI as a Cybercrime Assistant
Anthropic reports on a Claude user: We recently disrupted a sophisticated cybercriminal that used Claude Code to commit large-scale theft and extortion of personal data. The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government and religious institutions. Rather than encrypt the stolen information with traditional ransomware, the actor threatened to expose...