Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Cyberattacks on Humanitarian Orgs Jump Worldwide
These groups suffered three times the cyberattacks as the year previous, with DDoS attacks dominating and vulnerability scans and SQL injection also more common.
Published on: June 13, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
TeamFiltration Abused in Entra ID Account Takeover Campaign
Threat actors have abused the TeamFiltration pentesting framework to target over 80,000 Entra ID user accounts. The post TeamFiltration Abused in Entra ID Account Takeover Campaign appeared first on SecurityWeek.
Published on: June 13, 2025 | Source:Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday
Industry professionals comment on the Trump administration’s new executive order on cybersecurity. The post Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday appeared first on SecurityWeek.
Published on: June 13, 2025 | Source:Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of an unnamed utility billing software provider. "This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp
Published on: June 13, 2025 | Source:SimpleHelp Vulnerability Exploited Against Utility Billing Software Users
CISA warns that vulnerable SimpleHelp RMM instances have been exploited against a utility billing software provider’s customers. The post SimpleHelp Vulnerability Exploited Against Utility Billing Software Users appeared first on SecurityWeek.
Published on: June 13, 2025 | Source:CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
Introduction: Security at a Tipping Point Security Operations Centers (SOCs) were built for a different era, one defined by perimeter-based thinking, known threats, and manageable alert volumes. But today’s threat landscape doesn’t play by those rules. The sheer volume of telemetry, overlapping tools, and automated alerts has pushed traditional SOCs to the edge. Security teams are overwhelmed,
Published on: June 13, 2025 | Source:Paragon Spyware Used to Spy on European Journalists
Paragon is an Israeli spyware company, increasingly in the news (now that NSO Group seems to be waning). “Graphite” is the name of its product. Citizen Lab caught it spying on multiple European journalists with a zero-click iOS exploit: On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists that consented for the...
Published on: June 13, 2025 | Source:Fog Ransomware Attack Employs Unusual Tools
Multiple legitimate, unusual tools were used in a Fog ransomware attack, including one employed by Chinese hacking group APT41. The post Fog Ransomware Attack Employs Unusual Tools appeared first on SecurityWeek.
Published on: June 13, 2025 | Source:Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking
Mitel has announced patches for a MiCollab path traversal vulnerability that can be exploited remotely without authentication. The post Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking appeared first on SecurityWeek.
Published on: June 13, 2025 | Source:Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption
Trend Micro patches critical-severity Apex Central and Endpoint Encryption PolicyServer flaws leading to remote code execution. The post Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption appeared first on SecurityWeek.
Published on: June 13, 2025 | Source:ZeroRISC Raises $10 Million for Open Source Silicon Security Solutions
ZeroRISC has raised $10 million in seed funding for production-grade open source silicon security, built on OpenTitan designs. The post ZeroRISC Raises $10 Million for Open Source Silicon Security Solutions appeared first on SecurityWeek.
Published on: June 13, 2025 | Source:Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1,
Published on: June 13, 2025 | Source:Inside a Dark Adtech Empire Fed by Fake CAPTCHAs
Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more resilient and incestuous than...
Published on: June 12, 2025 | Source:Researchers Detail Zero-Click Copilot Exploit 'EchoLeak'
Researchers at Aim Security disclosed a Microsoft Copilot vulnerability of critical severity this week that could have enabled sensitive data exfiltration via prompt injection attacks.
Published on: June 12, 2025 | Source:New COPPA Rules to Take Effect Over Child Data Privacy Concerns
New regulations and compliance standards for the Children's Online Privacy Protection Act reflect how much technology has grown since the Federal Trade Commission last updated it in 2013.
Published on: June 12, 2025 | Source:Hacking the Hackers: When Bad Guys Let Their Guard Down
A string of threat-actor OpSec failures have yielded unexpected windfalls for security researchers and defenders.
Published on: June 12, 2025 | Source:Predator spyware activity surfaces in new places with new tricks
The spyware’s developer, Intellexa, has been under pressure due to sanctions and public disclosure, but Recorded Future uncovered fresh activity. The post Predator spyware activity surfaces in new places with new tricks appeared first on CyberScoop.
Published on: June 12, 2025 | Source:WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
The threat actors behind the VexTrio Viper Traffic Distribution Service (TDS) have been linked to other TDS services like Help TDS and Disposable TDS, indicating that the sophisticated cybercriminal operation is a sprawling enterprise of its own that's designed to distribute malicious content. "VexTrio is a group of malicious adtech companies that distribute scams and harmful software via
Published on: June 12, 2025 | Source:Airlines Secretly Selling Passenger Data to the Government
This is news: A data broker owned by the country’s major airlines, including Delta, American Airlines, and United, collected U.S. travellers’ domestic flight records, sold access to them to Customs and Border Protection (CBP), and then as part of the contract told CBP to not reveal where the data came from, according to internal CBP documents obtained by 404 Media. The data includes passenger names, their full flight...
Published on: June 12, 2025 | Source:Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones
Citizen Lab publishes forensic proof that spyware maker Paragon can compromise up-to-date iPhones. Journalists in Europe among victims. The post Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones appeared first on SecurityWeek.
Published on: June 12, 2025 | Source:The AI Arms Race: Deepfake Generation vs. Detection
AI-generated voice deepfakes have crossed the uncanny valley, fueling a surge in fraud that outpaces traditional security measures. Detection technology is racing to keep up. The post The AI Arms Race: Deepfake Generation vs. Detection appeared first on SecurityWeek.
Published on: June 12, 2025 | Source:Foundations of Cybersecurity: Reassessing What Matters
To truly future-proof your cybersecurity approach, it's vital to ensure that your security program is flexible and adaptable to both current and future business demands.
Published on: June 12, 2025 | Source:New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
Cybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model's (LLM) safety and content moderation guardrails with just a single character change. "The TokenBreak attack targets a text classification model's tokenization strategy to induce false negatives, leaving end targets vulnerable to attacks that the implemented
Published on: June 12, 2025 | Source:Paragon spyware found on the phones of Euro journos
They’re the first confirmed cases of Paragon spyware on Apple products, according to Citizen Lab. The post Paragon spyware found on the phones of Euro journos appeared first on CyberScoop.
Published on: June 12, 2025 | Source:AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
AI is changing everything — from how we code, to how we sell, to how we secure. But while most conversations focus on what AI can do, this one focuses on what AI can break — if you’re not paying attention. Behind every AI agent, chatbot, or automation script lies a growing number of non-human identities — API keys, service accounts, OAuth tokens — silently operating in the background. And here’s
Published on: June 12, 2025 | Source:Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior
Hirundo tackles AI hallucinations and bias by making trained models “forget” poisoned, malicious, and confidential data. The post Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior appeared first on SecurityWeek.
Published on: June 12, 2025 | Source:New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches
The new attack technique uses smartwatches to capture ultrasonic covert communication in air-gapped environments and exfiltrate data. The post New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches appeared first on SecurityWeek.
Published on: June 12, 2025 | Source:Webcast Video: Rethinking Endpoint Hardening for Today’s Attack Landscape
Learn how attackers hide in plain sight—and what you can do to stop them without slowing down your business. The post Webcast Video: Rethinking Endpoint Hardening for Today’s Attack Landscape appeared first on SecurityWeek.
Published on: June 12, 2025 | Source:Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
A novel attack technique named EchoLeak has been characterized as a "zero-click" artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 (M365) Copilot's context sans any user interaction. The critical-rated vulnerability has been assigned the CVE identifier CVE-2025-32711 (CVSS score: 9.3). It requires no customer action and has been
Published on: June 12, 2025 | Source:‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot
Microsoft recently patched CVE-2025-32711, a vulnerability that could have been used for zero-click attacks to steal data from Copilot. The post ‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot appeared first on SecurityWeek.
Published on: June 12, 2025 | Source:Non-Human Identities: How to Address the Expanding Security Risk
Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Non-human identities also referred to as machine identities. GitGuardian’s end-to-end NHI security platform is here to close the gap. Enterprises are Losing Track of Their Machine Identities Machine identities–service
Published on: June 12, 2025 | Source:The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce
It’s time for enterprises to stop treating unmanaged devices as an edge case and start securing them as part of a unified Zero Trust strategy. The post The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce appeared first on SecurityWeek.
Published on: June 12, 2025 | Source:ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks
ConnectWise has disclosed that it's planning to rotate the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management (RMM) executables due to security concerns. The company said it's doing so "due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions.
Published on: June 12, 2025 | Source:Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool
Cybersecurity researchers have uncovered a new account takeover (ATO) campaign that leverages an open-source penetration testing framework called TeamFiltration to breach Microsoft Entra ID (formerly Azure Active Directory) user accounts. The activity, codenamed UNK_SneakyStrike by Proofpoint, has targeted over 80,000 user accounts across hundreds of organizations' cloud tenants since a surge in
Published on: June 12, 2025 | Source:Digital rights groups sound alarm on Stop CSAM Act
The organizations say a reintroduced version of the bill would “break” encryption for most Americans and make it impossible for end-to-end encrypted service providers to avoid lawsuits. The post Digital rights groups sound alarm on Stop CSAM Act appeared first on CyberScoop.
Published on: June 12, 2025 | Source: