Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Cloudflare Tunnels Abused in New Malware Campaign
A threat actor is abusing Cloudflare Tunnels for the delivery of a Python loader as part of a complex infection chain. The post Cloudflare Tunnels Abused in New Malware Campaign appeared first on SecurityWeek.
Published on: June 20, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
161,000 People Impacted by Krispy Kreme Data Breach
Krispy Kreme is sharing more information on the data breach resulting from the ransomware attack targeting the company in 2024. The post 161,000 People Impacted by Krispy Kreme Data Breach appeared first on SecurityWeek.
Published on: June 20, 2025 | Source:200+ Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
Cybersecurity researchers have uncovered a new campaign in which the threat actors have published more than 67 GitHub repositories that claim to offer Python-based hacking tools, but deliver trojanized payloads instead. The activity, codenamed Banana Squad by ReversingLabs, is assessed to be a continuation of a rogue Python campaign that was identified in 2023 as targeting the Python Package
Published on: June 20, 2025 | Source:Hackers Access Legacy Systems in Oxford City Council Cyberattack
Personal data of former and current council workers, including election staff, may have been accessed by hackers. The post Hackers Access Legacy Systems in Oxford City Council Cyberattack appeared first on SecurityWeek.
Published on: June 20, 2025 | Source:New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud, and NFC Theft
Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique campaigns. "Operated by the financially motivated threat actor LARVA-398, AntiDot is actively sold as a Malware-as-a-Service (MaaS) on underground forums and has been linked to a wide range of mobile campaigns," PRODAFT said in a report
Published on: June 19, 2025 | Source:New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique campaigns. "Operated by the financially motivated threat actor LARVA-398, AntiDot is actively sold as a Malware-as-a-Service (MaaS) on underground forums and has been linked to a wide range of mobile campaigns," PRODAFT said in a report
Published on: June 19, 2025 | Source:Predatory Sparrow Burns $90 Million on Iranian Crypto Exchange in Cyber Shadow War
Israel-linked Predatory Sparrow hackers torched more than $90 million at Iranβs largest cryptobank as Israel-Iran cyberwar escalates. The post Predatory Sparrow Burns $90 Million on Iranian Crypto Exchange in Cyber Shadow War appeared first on SecurityWeek.
Published on: June 19, 2025 | Source:Security Evolution: From Pothole Repair to Road Building
Instead of constantly fixing security vulnerabilities, organizations should proactively build secure foundations that enable businesses to move faster while reducing risk.
Published on: June 19, 2025 | Source:Scammers Spread False Support Info Using Legitimate Websites
In a new wrinkle on the tech support scam front, these search parameter injection attacks dupe victims into believing they are receiving technical help when they are actually speaking to fraudsters.
Published on: June 19, 2025 | Source:Paragon Commercial Spyware Infects Prominent Journalists
An unnamed customer of Paragon's Graphite product used the commercial spyware to target at least two prominent European journalists in recent months.
Published on: June 19, 2025 | Source:New Campaigns Distribute Malware via Open Source Hacking Tools
Trend Micro and ReversingLabs uncovered over 100 GitHub accounts distributing malware embedded in open source hacking tools. The post New Campaigns Distribute Malware via Open Source Hacking Tools appeared first on SecurityWeek.
Published on: June 19, 2025 | Source:BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with macOS Backdoor Malware
The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices. Huntress, which revealed details of the cyber intrusion, said the attack targeted an unnamed cryptocurrency foundation employee, who received a
Published on: June 19, 2025 | Source:Secure Vibe Coding: The Complete New Guide
DALL-E for coders? Thatβs the promise behind vibe coding, a term describing the use of natural language to create software. While this ushers in a new era of AI-generated code, it introduces "silent killer" vulnerabilities: exploitable flaws that evade traditional security tools despite perfect test performance. A detailed analysis of secure vibe coding practices is available here. TL;DR: Secure
Published on: June 19, 2025 | Source:Self-Driving Car Video Footage
Two articles crossed my path recently. First, a discussion of all the video Waymo has from outside its cars: in this case related to the LA protests. Second, a discussion of all the video Tesla has from inside its cars. Lots of things are collecting lots of video of lots of other things. How and under what rules that video is used and reused will be a continuing source of debate.
Published on: June 19, 2025 | Source:Chain IQ, UBS Data Stolen in Ransomware Attack
A ransomware group has claimed the theft of millions of files from procurement service provider Chain IQ and 19 other companies. The post Chain IQ, UBS Data Stolen in Ransomware Attack appeared first on SecurityWeek.
Published on: June 19, 2025 | Source:Encryption Backdoors: The Security Practitionersβ View
After decades of failed attempts to access encrypted communications, governments are shifting from persuasion to coercionβsecurity experts say the risks are too high. The post Encryption Backdoors: The Security Practitionersβ View appeared first on SecurityWeek.
Published on: June 19, 2025 | Source:Krispy Kreme Confirms Data Breach After Ransomware Attack
Krispy Kreme is sending notifications to thousands of people impacted by the data breach that came to light at the end of 2024. The post Krispy Kreme Confirms Data Breach After Ransomware Attack appeared first on SecurityWeek.
Published on: June 19, 2025 | Source:Choosing a Clear Direction in the Face of Growing Cybersecurity Demands
In a rapidly changing AI environment, CISOs are worried about investing in the wrong solution or simply not investing because they canβt decide what the best option is. The post Choosing a Clear Direction in the Face of Growing Cybersecurity Demands appeared first on SecurityWeek.
Published on: June 19, 2025 | Source:Uncover LOTS Attacks Hiding in Trusted Tools β Learn How in This Free Expert Session
Most cyberattacks today donβt start with loud alarms or broken firewalls. They start quietlyβinside tools and websites your business already trusts. Itβs called βLiving Off Trusted Sitesβ (LOTS)βand itβs the new favorite strategy of modern attackers. Instead of breaking in, they blend in. Hackers are using well-known platforms like Google, Microsoft, Dropbox, and Slack as launchpads. They hide
Published on: June 19, 2025 | Source:Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign
Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords (or app passwords) as part of a novel social engineering tactic designed to gain access to victims' emails. Details of the highly targeted campaign were disclosed by Google Threat Intelligence Group (GTIG) and the Citizen Lab, stating the activity
Published on: June 19, 2025 | Source:Swedish Truck Giant Scania Investigating Hack
A hacker is selling allegedly valuable data stolen from Scania, but the truck maker believes impact is very limited. The post Swedish Truck Giant Scania Investigating Hack appeared first on SecurityWeek.
Published on: June 19, 2025 | Source:Meta Adds Passkey Login Support to Facebook for Android and iOS Users
Meta Platforms on Wednesday announced that it's adding support for passkeys, the next-generation password standard, on Facebook. "Passkeys are a new way to verify your identity and login to your account that's easier and more secure than traditional passwords," the tech giant said in a post. Support for passkeys is expected to be available "soon" on Android and iOS mobile devices. The feature is
Published on: June 19, 2025 | Source:Iran-Israel War Triggers a Maelstrom in Cyberspace
As Iran closes its cyberspace to the outside world, hacktivists are picking sides, while attacks against Israel surge and spread across the region.
Published on: June 19, 2025 | Source:New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions
Cybersecurity researchers have uncovered two local privilege escalation (LPE) flaws that could be exploited to gain root privileges on machines running major Linux distributions. The vulnerabilities, discovered by Qualys, are listed below - CVE-2025-6018 - LPE from unprivileged to allow_active in SUSE 15's Pluggable Authentication Modules (PAM) CVE-2025-6019 - LPE from allow_active to root in
Published on: June 19, 2025 | Source:OpenAI Awarded $200M Contract to Work With DoD
OpenAI intends to help streamline the Defense Department's administrative processes using artificial intelligence.
Published on: June 18, 2025 | Source:The Triple Threat of Burnout: Overworked, Unsatisfied, Trapped
Many cybersecurity professionals still don't feel comfortable admitting when they need a break. Yet their pressures continue to expand and involve, often leading to burnout and organizational risks.
Published on: June 18, 2025 | Source:GodFather Banking Trojan Debuts Virtualization Tactic
The Android malware is targeting Turkish financial institutions, completely taking over legitimate banking and crypto apps by creating an isolated virtualized environment on a device.
Published on: June 18, 2025 | Source:Russian Hackers Bypass Gmail MFA With App-Specific Password Ruse
Russian hackers posed as US State Department staff and convinced targets to generate and give up Google app-specific passwords. The post Russian Hackers Bypass Gmail MFA With App-Specific Password Ruse appeared first on SecurityWeek.
Published on: June 18, 2025 | Source:Russian Hackers Bypass Gmail MFA with App Specific Password Ruse
Russian hackers posed as US State Department staff and convinced targets to generate and give up Google app-specific passwords. The post Russian Hackers Bypass Gmail MFA with App Specific Password Ruse appeared first on SecurityWeek.
Published on: June 18, 2025 | Source:Iranβs financial sector takes another hit as largest crypto exchange is targeted
A $90 million crypto theft from Nobitex marks the second cyberattack on Iranβs financial systems in as many days. Predatory Sparrow claimed responsibility for both attacks. The post Iranβs financial sector takes another hit as largest crypto exchange is targeted appeared first on CyberScoop.
Published on: June 18, 2025 | Source:Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection
Misconfigured permissions in Googleβs Gerrit code collaboration platform could have led to the compromise of ChromiumOS and other Google projects. The post Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection appeared first on SecurityWeek.
Published on: June 18, 2025 | Source:Unusually patient suspected Russian hackers pose as State Department in βsophisticatedβ attacks on researchers
They werenβt in any hurry, according to Citizen Lab, and used an interesting attack vector. Google Threat Intelligence Group also provided details on the attacks. The post Unusually patient suspected Russian hackers pose as State Department in βsophisticatedβ attacks on researchers appeared first on CyberScoop.
Published on: June 18, 2025 | Source:New Tool Traps Jitters to Detect Beacons
Concerned by rapidly evolving evasion tactics, the new Jitter-Trap tool from Varonis aims to help organizations detect beacons that help attackers establish communication inside a victim network.
Published on: June 18, 2025 | Source:New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains
A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments embedded in phishing emails. The ongoing campaign has been codenamed SERPENTINE#CLOUD by Securonix. It leverages "the Cloudflare Tunnel infrastructure and Python-based loaders to deliver memory-injected payloads through a chain of shortcut files and obfuscated
Published on: June 18, 2025 | Source:Ghostwriting Scam
The variations seem to be endless. Hereβs a fake ghostwriting scam that seems to be making boatloads of money. This is a big story about scams being run from Texas and Pakistan estimated to run into tens if not hundreds of millions of dollars, viciously defrauding Americans with false hopes of publishing bestseller books (a scam youβd not think many people would fall for but is surprisingly huge). In January, three...
Published on: June 18, 2025 | Source: