Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
The Critical Flaw in CVE Scoring
With informed decision-making, organizations can strengthen their overall resilience and maintain the agility needed to adapt to emerging threats, without sacrificing innovation or productivity.
Published on: August 07, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Chanel Alerts Clients of Third-Party Breach
The fashion house is added to a list of other companies that have been impacted by similar breaches, including Tiffany & Co. and Louis Vuitton.
Published on: August 07, 2025 | Source:Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes
Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems. "At runtime the code silently spawns a shell, pulls a second-stage payload from an interchangeable set of .icu and .tech command-and-control (C2) endpoints, and executes it in memory," Socket security
Published on: August 07, 2025 | Source:Black Hat USA 2025 β Summary of Vendor Announcements (Part 3)
Many companies are showcasing their products and services this week at the 2025 edition of the Black Hat conference in Las Vegas. The post Black Hat USA 2025 β Summary of Vendor Announcements (Part 3) appeared first on SecurityWeek.
Published on: August 07, 2025 | Source:Air France, KLM Say Hackers Accessed Customer Data
Airlines Air France and KLM have disclosed a data breach stemming from unauthorized access to a third-party platform. The post Air France, KLM Say Hackers Accessed Customer Data appeared first on SecurityWeek.
Published on: August 07, 2025 | Source:Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment
CISA and Microsoft have issued advisories for CVE-2025-53786, a high-severity flaw allowing privilege escalation in cloud environments. The post Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment appeared first on SecurityWeek.
Published on: August 07, 2025 | Source:China Accuses Nvidia of Putting Backdoors into Their Chips
The government of China has accused Nvidia of inserting a backdoor into their H20 chips: Chinaβs cyber regulator on Thursday said it had held a meeting with Nvidia over what it called βserious security issuesβ with the companyβs artificial intelligence chips. It said US AI experts had βrevealed that Nvidiaβs computing chips have location tracking and can remotely shut down the technology.β
Published on: August 07, 2025 | Source:The AI-Powered Security Shift: What 2025 Is Teaching Us About Cloud Defense
Now that we are well into 2025, cloud attacks are evolving faster than ever and artificial intelligence (AI) is both a weapon and a shield. As AI rapidly changes how enterprises innovate, security teams are now tasked with a triple burden: Secure AI embedded in every part of the business. Use AI to defend faster and smarter. Fight AI-powered threats that execute in minutesβor seconds. Security
Published on: August 07, 2025 | Source:Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups
Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions. The vulnerability, tracked as CVE-2025-53786, carries a CVSS score of 8.0. Dirk-jan Mollema with Outsider Security has been acknowledged for reporting the bug. "In an Exchange hybrid deployment, an
Published on: August 07, 2025 | Source:6,500 Axis Servers Expose Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits
Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks. "The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to configure and manage fleets of cameras, and the Axis Camera Station, client software used to view
Published on: August 07, 2025 | Source:SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day
SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and password reuse. "We now have high confidence that the recent SSL VPN activity is not connected to a zero-day vulnerability," the company said. "Instead, there is a significant correlation with threat activity related to CVE-2024-40766."
Published on: August 07, 2025 | Source:New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites
A desync attack method leveraging HTTP/1.1 vulnerabilities impacted many websites and earned researchers more than $200,000 in bug bounties. The post New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites appeared first on SecurityWeek.
Published on: August 07, 2025 | Source:Nigerian accused of hacking tax preparation businesses extradited to US
Prosecutors accuse Chukwuemeka Victor Amachukwu, who was arrested in France, of multiple fraud schemes, including tax refund fraud and identity theft. The post Nigerian accused of hacking tax preparation businesses extradited to US appeared first on CyberScoop.
Published on: August 07, 2025 | Source:Researcher Deploys Fuzzer to Test Autonomous Vehicle Safety
As autonomous vehicles continue to evolve, new research highlights the importance of rigorous security testing to protect against both intentional attacks and unintentional unsafe commands in teleoperation systems.
Published on: August 07, 2025 | Source:Major Enterprise AI Assistants Can Be Abused for Data Theft, Manipulation
Zenity has shown how AI assistants such as ChatGPT, Copilot, Cursor, Gemini, and Salesforce Einstein can be abused using specially crafted prompts. The post Major Enterprise AI Assistants Can Be Abused for Data Theft, Manipulation appeared first on SecurityWeek.
Published on: August 06, 2025 | Source:Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities
CyberArk has patched several vulnerabilities that could be chained for unauthenticated remote code execution. The post Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities appeared first on SecurityWeek.
Published on: August 06, 2025 | Source:Startup Spotlight: Twine Security Tackles the Execution Gap
The company, one of four finalists in this year's Black Hat USA Startup Spotlight competition, uses multi-agent system to build AI Digital Employees.
Published on: August 06, 2025 | Source:'ReVault' Security Flaws Impact Millions of Dell Laptops
The now-patched vulnerabilities exist at the firmware level and enable deep persistence on compromised systems.
Published on: August 06, 2025 | Source:Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft
Cybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment. The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at the
Published on: August 06, 2025 | Source:VexTrio Cybercrime Outfit Run by Legit Ad Tech Firms
New research reveals that a malicious traffic distribution system (TDS) is run not by "hackers in hoodies," but by a series of corporations operating in the commercial digital advertising industry.
Published on: August 06, 2025 | Source:Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams
The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google's official app storefronts under the guise of seemingly useful applications. These apps masquerade as VPNs, device "monitoring" apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said in an exhaustive
Published on: August 06, 2025 | Source:New National Cyber Director Cairncross faces challenges on policy, bureaucracy, threats
Itβs a βpivotalβ moment for Sean Cairncross, fresh off his Senate confirmation in a changing federal cyber landscape. The post New National Cyber Director Cairncross faces challenges on policy, bureaucracy, threats appeared first on CyberScoop.
Published on: August 06, 2025 | Source:Google Gemini AI Bot Hijacks Smart Homes, Turns Off the Lights
Using invisible prompts, the attacks demonstrate a physical risk that could soon become reality as the world increasingly becomes more interconnected with artificial intelligence.
Published on: August 06, 2025 | Source:Google Discloses Data Breach via Salesforce HackΒ
A Google Salesforce instance may have been targeted as part of a ShinyHunters campaign that hit several major companies. The post Google Discloses Data Breach via Salesforce Hack appeared first on SecurityWeek.
Published on: August 06, 2025 | Source:Attackers Exploit Critical Trend Micro Apex One Zero-Day Flaw
Two critical vulnerabilities affect the security vendor's management console, one of which is under active exploitation. The company has updated cloud-based products but won't have a patch for its on-premises version until mid-August.
Published on: August 06, 2025 | Source:PLoB: A Behavioral Fingerprinting Framework to Hunt for Malicious Logins
Splunk researchers developed a system to fingerprint post-logon behavior, using AI to find subtle signals of intrusion. The post PLoB: A Behavioral Fingerprinting Framework to Hunt for Malicious Logins appeared first on SecurityWeek.
Published on: August 06, 2025 | Source:WhatsApp Takes Down 6.8 Million Accounts Linked to Criminal Scam Centers, Meta Says
Meta linked these scams to a criminal scam center in Cambodia β and said it disrupted the campaign in partnership with ChatGPT maker OpenAI. The post WhatsApp Takes Down 6.8 Million Accounts Linked to Criminal Scam Centers, Meta Says appeared first on SecurityWeek.
Published on: August 06, 2025 | Source:Trend Micro Patches Apex One Vulnerabilities Exploited in Wild
Trend Micro has rushed to fix two Apex One zero-days that may have been exploited by Chinese threat actors. The post Trend Micro Patches Apex One Vulnerabilities Exploited in Wild appeared first on SecurityWeek.
Published on: August 06, 2025 | Source:Microsoft Paid Out $17 Million in Bug Bounties in Past Year
Microsoft handed out $17 million in rewards to 344 security researchers through its bug bounty programs over the past year. The post Microsoft Paid Out $17 Million in Bug Bounties in Past Year appeared first on SecurityWeek.
Published on: August 06, 2025 | Source:What CMMC 3.0 Really Means for Government Contractors
The ultimate goal of CMMC 3.0 is not just compliance β it's resilience.
Published on: August 06, 2025 | Source:What 'CMMC 3.0' Really Means for Government Contractors
The ultimate goal is not just compliance β it's resilience.
Published on: August 06, 2025 | Source:Ox Security Launches AI Agent That Auto-Generates Code to Fix Vulnerabilities
An AI extension to the Ox Security platform automatically generates organization specific code to fix vulnerabilities in the codebase. The post Ox Security Launches AI Agent That Auto-Generates Code to Fix Vulnerabilities appeared first on SecurityWeek.
Published on: August 06, 2025 | Source:Phishers Abuse Microsoft 365 to Spoof Internal Users
The "Direct Send" feature simplifies internal message delivery for trusted systems, and the campaign successfully duped both Microsoft Defender and third-party secure email gateways.
Published on: August 06, 2025 | Source:Over 1 Million Impacted by DaVita Data Breach
DaVita has notified over 1 million individuals that their personal and health information was stolen in a ransomware attack. The post Over 1 Million Impacted by DaVita Data Breach appeared first on SecurityWeek.
Published on: August 06, 2025 | Source:Who Got Arrested in the Raid on the XSS Crime Forum?
On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS,a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the unnamed suspect, but the consensus is that he is a pivotal figure in...
Published on: August 06, 2025 | Source: