Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Friday Squid Blogging: What to Do When You Find a Squid βEgg Mopβ
Tips on what to do if you find a mop of squid eggs. As usual, you can also use this squid post to talk about the security stories in the news that I havenβt covered. Blog moderation policy.
Published on: June 27, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Top Apple, Google VPN Apps May Help China Spy on Users
Apple and Google espouse strong values about data privacy, but they allow programs from a Big Brother state to thrive on their app stores, researchers allege.
Published on: June 27, 2025 | Source:Slavery, torture, human trafficking discovered at 53 Cambodian online scamming compounds
Pig butchering scams were the most common activity carried out at the facilities identified in the Amnesty International investigation. The post Slavery, torture, human trafficking discovered at 53 Cambodian online scamming compounds appeared first on CyberScoop.
Published on: June 27, 2025 | Source:Microsoft security updates address CrowdStrike crash, kill βBlue Screen of Deathβ
Third-party antivirus software will no longer have access to the Windows kernel as Microsoft rolls out changes to reduce IT downtime from unexpected crashes or disruptions. The post Microsoft security updates address CrowdStrike crash, kill βBlue Screen of Deathβ appeared first on CyberScoop.
Published on: June 27, 2025 | Source:Scattered Spider strikes again? Aviation industry appears to be next target for criminal group
Hawaiian Airlines announced a cybersecurity incident Friday as security experts warned of a sector-wide threat. The post Scattered Spider strikes again? Aviation industry appears to be next target for criminal group appeared first on CyberScoop.
Published on: June 27, 2025 | Source:'CitrixBleed 2' Shows Signs of Active Exploitation
If exploited, the critical vulnerability allows attackers to maintain access for longer periods of time than the original CitrixBleed flaw, all while remaining undetected.
Published on: June 27, 2025 | Source:Scattered Spider Taps CFO Credentials in 'Scorched Earth' Attack
In a recent intrusion, the notorious cybercriminal collective accessed CyberArk vaults and obtained more 1,400 secrets, subverted Azure, VMware, and Snowflake environments, and for the first known time, actively fought back against incident response teams.
Published on: June 27, 2025 | Source:Windowsβ Infamous βBlue Screen of Deathβ Will Soon Turn Black
After more than 40 years of being set against a very recognizable blue, the updated error message will soon be displayed across a black background. The post Windowsβ Infamous βBlue Screen of Deathβ Will Soon Turn Black appeared first on SecurityWeek.
Published on: June 27, 2025 | Source:Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign
Threat hunters have discovered a network of more than 1,000 compromised small office and home office (SOHO) devices that have been used to facilitate a prolonged cyber espionage infrastructure campaign for China-nexus hacking groups. The Operational Relay Box (ORB) network has been codenamed LapDogs by SecurityScorecard's STRIKE team. "The LapDogs network has a high concentration of victims
Published on: June 27, 2025 | Source:Hackers Make Hay? Smart Tractors Vulnerable to Full Takeover
Hackers can spy on tens of thousands of connected tractors in the latest IoT threat, and brick them too, thanks to poor security in an aftermarket steering system.
Published on: June 27, 2025 | Source:In Other News: Norway Dam Hacked, $177M Data Breach Settlement, UNFI Attack Update
Noteworthy stories that might have slipped under the radar: Norwegian dam hacked, AT&T agrees to $177 million data breach settlement, Whole Foods distributor restores systems after attack. The post In Other News: Norway Dam Hacked, $177M Data Breach Settlement, UNFI Attack Update appeared first on SecurityWeek.
Published on: June 27, 2025 | Source:Vulnerability Debt: How Do You Put a Price on What to Fix?
Putting a vulnerability debt figure together involves work, but having vulnerability debt figures lets you measure real-world values against your overall security posture.
Published on: June 27, 2025 | Source:PUBLOAD and Pubshell Malware Used in Mustang Panda's Tibet-Specific Attack
A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community. The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians' Convention on Tibet (WPCT), China's education policy in the Tibet Autonomous Region (TAR), and a recently published book by the 14th Dalai Lama,
Published on: June 27, 2025 | Source:US Falling Behind China in Exploit Production
Cyber operations have become critical to national security, but the United States has fallen behind in one significant area β exploit production βwhile China has built up a significant lead.
Published on: June 27, 2025 | Source:Microsoft to Preview New Windows Endpoint Security Platform After CrowdStrike OutageΒ
Microsoft is preparing a private preview of new Windows endpoint security platform capabilities to help antimalware vendors create solutions that run outside the kernel. The post Microsoft to Preview New Windows Endpoint Security Platform After CrowdStrike Outage appeared first on SecurityWeek.
Published on: June 27, 2025 | Source:The Age of Integrity
We need to talk about data integrity. Narrowly, the term refers to ensuring that data isnβt tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations about allergies from medical records are all integrity attacks. More broadly, integrity refers to ensuring that data is correct and accurate from the point it...
Published on: June 27, 2025 | Source:Business Case for Agentic AI SOC Analysts
Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Todayβs security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending. At the same time, SOC inefficiencies are draining resources. Studies show that up to half of all
Published on: June 27, 2025 | Source:Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit
A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit. The activity has been attributed with medium confidence to a Chinese hacking group called Silver Fox (aka Void Arachne), citing similarities in tradecraft with previous campaigns attributed to the threat actor.
Published on: June 27, 2025 | Source:RevEng.ai Raises $4.15 Million to Secure Software Supply Chain
RevEng.ai has raised $4.15 million in seed funding for an AI platform that automatically detects malicious code and vulnerabilities in software. The post RevEng.ai Raises $4.15 Million to Secure Software Supply Chain appeared first on SecurityWeek.
Published on: June 27, 2025 | Source:Chinese Hackers Target Chinese Users With RAT, Rootkit
China-linked Silver Fox hacking group is targeting Chinese users with fake installers carrying a RAT and a rootkit. The post Chinese Hackers Target Chinese Users With RAT, Rootkit appeared first on SecurityWeek.
Published on: June 27, 2025 | Source:Evidence Suggests Exploitation of CitrixBleed 2 Vulnerability
The Citrix NetScaler vulnerability tracked as CitrixBleed 2 and CVE-2025β5777 may be exploited in the wild for initial access. The post Evidence Suggests Exploitation of CitrixBleed 2 Vulnerability appeared first on SecurityWeek.
Published on: June 27, 2025 | Source:Vulnerability Exposed All Open VSX Repositories to Takeover
A vulnerability in the extension publishing mechanism of Open VSX could have allowed attackers to tamper with any repository. The post Vulnerability Exposed All Open VSX Repositories to Takeover appeared first on SecurityWeek.
Published on: June 27, 2025 | Source:Microsoft 365 Direct Send Abused for Phishing
Hackers are abusing the Microsoft 365 Direct Send feature to deliver phishing emails that bypass email security controls. The post Microsoft 365 Direct Send Abused for Phishing appeared first on SecurityWeek.
Published on: June 27, 2025 | Source:MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted
Threat intelligence firm GreyNoise is warning of a "notable surge" in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025βsuggesting that attackers may be preparing for another mass exploitation campaign or probing for unpatched systems.MOVEit Transfer is a popular managed file transfer solution used by businesses and government agencies to share sensitive data
Published on: June 27, 2025 | Source:OneClik Red Team Campaign Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors
Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft's ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors. "The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious," Trellix researchers Nico Paulo
Published on: June 27, 2025 | Source:'Cyber Fattah' Hacktivist Group Leaks Saudi Games Data
As tensions in the Middle East rise, hacktivist groups are coming out of the woodwork with their own agendas, leading to notable shifts in the hacktivist threat landscape.
Published on: June 27, 2025 | Source:'IntelBroker' Suspect Arrested, Charged in High-Profile Breaches
A British national arrested earlier this year in France was charged by the US Department of Justice in connection with a string of major cyberattacks.
Published on: June 26, 2025 | Source:Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks
Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry ("open-vsx[.]org") that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk. "This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full control
Published on: June 26, 2025 | Source:Bipartisan Bill Aims to Block Chinese AI From Federal Agencies
The proposal seeks to ban all use of the technology in the U.S. government, with exceptions for use in research and counterterrorism efforts. The post Bipartisan Bill Aims to Block Chinese AI From Federal Agencies appeared first on SecurityWeek.
Published on: June 26, 2025 | Source:Notorious cybercriminal βIntelBrokerβ arrested in France, awaits extradition to US
Kai West, a 25-year-old British national, is accused of stealing data from more than 40 organizations during a two-year spree. The post Notorious cybercriminal βIntelBrokerβ arrested in France, awaits extradition to US appeared first on CyberScoop.
Published on: June 26, 2025 | Source:[Virtual Event] Strategic Security for the Modern Enterprise
Published on: June 26, 2025 | Source:
How Geopolitical Tensions Are Shaping Cyber Warfare
In today's cyber battlefield, resilience starts with readiness, and the cost of falling short increases by the day.
Published on: June 26, 2025 | Source:Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access
Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry a CVSS score of 10.0 each. A description of the defects is
Published on: June 26, 2025 | Source:New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks
The ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517% between the second half of 2024 and the first half of this year, according to data from ESET. "The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans, cryptominers, post-exploitation tools, and even
Published on: June 26, 2025 | Source:Man Who Hacked Organizations to Advertise Security Services Pleads Guilty
Nicholas Michael Kloster has pleaded guilty to computer hacking after targeting at least two organizations. The post Man Who Hacked Organizations to Advertise Security Services Pleads Guilty appeared first on SecurityWeek.
Published on: June 26, 2025 | Source: