Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXPowerSchool hacker sentenced to 4 years in prison
Matthew Lane pleaded guilty to crimes stemming from attacks on PowerSchool and a U.S. telecom company earlier this year. His sentence is half the amount prosecutors sought in the cause. The post PowerSchool hacker sentenced to 4 years in prison appeared first on CyberScoop.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
'Mysterious Elephant' Moves Beyond Recycled Malware
The cyber-espionage group has been using sophisticated custom tools to target government and diplomatic entities in South Asia since early 2025.
F5 BIG-IP Environment Breached by Nation-State Actor
F5 disclosed a breach this week that included zero-day bugs, source code, and some customer information.
CISA warns of imminent risk posed by thousands of F5 products in federal agencies
Cyber authorities issued their second emergency directive in three weeks. This one requires agencies to mitigate or disconnect potentially compromised F5 devices and services. The post CISA warns of imminent risk posed by thousands of F5 products in federal agencies appeared first on CyberScoop.
Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months
A threat actor with ties to China has been attributed to a five-month-long intrusion targeting a Russian IT service provider, marking the hacking group's expansion to the country beyond Southeast Asia and South America. The activity, which took place from January to May 2025, has been attributed by Broadcom-owned Symantec to a threat actor it tracks as Jewelbug, which it said overlaps with
SecurityWeek to Host 2025 ICS Cybersecurity Conference October 27-30 in Atlanta
Premier industrial cybersecurity conference Offers 70+ sessions, five training courses, and and ICS Village CTF competition. The post SecurityWeek to Host 2025 ICS Cybersecurity Conference October 27-30 in Atlanta appeared first on SecurityWeek.
F5 Breach Exposes BIG-IP Source Code β Nation-State Hackers Behind Massive Intrusion
U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information related to undisclosed vulnerabilities in the product. It attributed the activity to a "highly sophisticated nation-state threat actor," adding the adversary maintained long-term, persistent access to its network. The
Harvard University Breached in Oracle Zero-Day Attack
The Clop ransomware group claimed responsibility for stealing the university's data as part of a broader campaign against Oracle customers.
F5 Says Nation-State Hackers Stole Source Code and Vulnerability Data
F5 shared few details on the threat actor, but the attack profile seems to point to China. The post F5 Says Nation-State Hackers Stole Source Code and Vulnerability Data appeared first on SecurityWeek.
F5 discloses breach tied to nation-state threat actor
F5, a company that specializes in application security and delivery technology, disclosed Wednesday that it had been the target of what itβs calling a βhighly sophisticatedβ cyberattack, which it attributes to a nation-state actor. The announcement follows authorization from the U.S. Department of Justice, which allowed F5 to delay public disclosure of the breach under [β¦] The post F5 discloses breach tied to...
Webinar Today: Fact vs. Fiction β The Truth About API Security
Get practical guidance to protect APIs against the threats attackers are using right now. The post Webinar Today: Fact vs. Fiction β The Truth About API Security appeared first on SecurityWeek.
Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks
New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk. "A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension update across the entire install base,"
Customer Service Firm 5CA Denies Responsibility for Discord Data Breach
After being named by Discord as the third-party responsible for the breach, 5CA said none of its systems were involved. The post Customer Service Firm 5CA Denies Responsibility for Discord Data Breach appeared first on SecurityWeek.
How Attackers Bypass Synced Passkeys
TLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys. Synced passkeys inherit the risk of the cloud accounts and recovery processes that protect them, which creates material enterprise exposure. Adversary-in-the-middle (AiTM) kits can force authentication fallbacks that circumvent strong
Appleβs Bug Bounty Program
Apple is now offering a $2M bounty for a zero-click exploit. According to the Apple website: Today weβre announcing the next major chapter for Apple Security Bounty, featuring the industryβs highest rewards, expanded research categories, and a flag system for researchers to objectively demonstrate vulnerabilities and obtain accelerated awards. Weβre doubling our top award to $2 million for exploit chains that can...
Two New Windows Zero-Days Exploited in the Wild β One Affects Every Version Ever Shipped
Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant officially ended support for its Windows 10 operating system unless the PCs are enrolled in the Extended Security Updates (ESU) program. Of the 183 vulnerabilities, eight of them are non-Microsoft
Africa Remains Top Global Target, Even as Attacks Decline
Organizations across the continent saw 10% fewer attacks in September, but Africa remains the most attacked region in the world, leading the Global South.
High-Severity Vulnerabilities Patched by Fortinet and Ivanti
Fortinet and Ivanti have announced their October 2025 Patch Tuesday updates, which patch many vulnerabilities across their products. The post High-Severity Vulnerabilities Patched by Fortinet and Ivanti appeared first on SecurityWeek.
Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control
Cybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixnet remote terminal unit (RTU) products that, if successfully exploited, could result in code execution with the highest privileges. The shortcomings, tracked as CVE-2023-40151 and CVE-2023-42770, are both rated 10.0 on the CVSS scoring system. "The vulnerabilities affect Red Lion SixTRAK and VersaTRAK
Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access
Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-2611 (CVSS score: 9.3), relates to improper input validation that can result in unauthenticated remote code execution due to the fact that the call center
New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login
SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution. The vulnerability, tracked as CVE-2025-42944, carries a CVSS score of 10.0. It has been described as a case of insecure deserialization. "Due to a deserialization vulnerability in SAP NetWeaver, an
Adobe Patches Critical Vulnerability in Connect Collaboration Suite
Adobe has published a dozen security advisories detailing over 35 vulnerabilities across its product portfolio. The post Adobe Patches Critical Vulnerability in Connect Collaboration Suite appeared first on SecurityWeek.
Patch Tuesday, October 2025 βEnd of 10β Edition
Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least three vulnerabilities that are already being actively exploited. October's Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems. If you're running a Windows 10 PC and you're unable or unwilling to migrate to Windows 11, read on for...
Microsoft Drops Terrifyingly Large October Patch Update
October 2025's enormous Patch Tuesday offers plenty of nightmares for admins, including actively exploited zero-days and insidious high-severity privilege-escalation bugs β and it spells curtains for Windows 10 updates.
Swalwell seeks answers from CISA on workforce cuts
Rep. Eric Swalwell, D-Calif., sent a letter Tuesday to acting CISA Director Madhu Gottumukkala raising concerns about staffing levels and the direction of the nationβs primary cybersecurity agency, writing that the βTrump Administration has undertaken multiple efforts to decimate CISAβs workforce, undermining our nationβs cybersecurity.β Swalwell, the ranking member on the House Homeland Security Subcommittee [β¦] The...
China's Flax Typhoon Turns Geo-Mapping Server into a Backdoor
Chinese APT threat actors compromised an organization's ArcGIS server, modifying the widely used geospatial mapping software for stealth access.
Pixnapping Attack Lets Attackers Steal 2FA on Android
The proof-of-concept exploit allows an attacker to steal sensitive data from Gmail, Google Accounts, Google Authenticator, Google Maps, Signal, and Venmo.
Researchers find a startlingly cheap way to steal your secrets from spaceΒ
Using commercially available equipment, researchers scanned 39 satellites and observed sensitive, encrypted communications from telecoms, businesses and the U.S. military. The post Researchers find a startlingly cheap way to steal your secrets from space appeared first on CyberScoop.
Microsoftβs Patch Tuesday fixes 175 vulnerabilities, including two actively exploited zero-days
The tech giant addressed a record-high number of defects for the year in its latest update. The post Microsoftβs Patch Tuesday fixes 175 vulnerabilities, including two actively exploited zero-days appeared first on CyberScoop.
Officials crack down on Southeast Asia cybercrime networks, seize $15B
The cryptocurrency seizure and sanctions targeting the Prince Group, associates and affiliated businesses mark the most extensive action taken against cybercrime operations in the region to date. The post Officials crack down on Southeast Asia cybercrime networks, seize $15B appeared first on CyberScoop.
Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year
Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The activity, per ReliaQuest, is the handiwork of a Chinese state-sponsored hacking group called Flax Typhoon, which is also tracked as Ethereal Panda and RedJuliett. According to the U.S. government, it's assessed to be a publicly-traded
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: Nathan E. Sanders and I will be giving a book talk onRewiring Democracy at the Harvard Kennedy Schoolβs Ash Center in Cambridge, Massachusetts, USA, on October 22, 2025, at noon ET. Nathan E. Sanders and I will be speaking and signing books at the Cambridge Public Library in Cambridge, Massachusetts, USA, on October 22, 2025, at 6:00 PM ET. The event is...
LevelBlue to acquire Cybereason in latest cybersecurity industry consolidation
For Cybereason, the acquisition bookends a turbulent seven-year period that saw the company swing from near-IPO status to dramatic valuation declines and multiple restructurings. The post LevelBlue to acquire Cybereason in latest cybersecurity industry consolidation appeared first on CyberScoop.
Cybereason to be Acquired by MSSP Giant LevelBlue
This is LevelBlueβs third acquisition this year, after Trustwave and Aonβs Cybersecurity & IP Litigation Consulting groups. The post Cybereason to be Acquired by MSSP Giant LevelBlue appeared first on SecurityWeek.
Fraud Prevention Firm Resistant AI Raises $25 Million
Resistant AI will use the funding to expand its fraud detection and transaction monitoring offerings to new markets. The post Fraud Prevention Firm Resistant AI Raises $25 Million appeared first on SecurityWeek.