Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce
Patch Tuesday: Adobe documents hundreds of bugs across multiple products and warns of code execution, feature bypass risks. The post Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce appeared first on SecurityWeek.
Published on: June 10, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Red Canary Expands AI Innovations to Cut Alert Overload
Published on: June 10, 2025 | Source:
GitHub: How Code Provenance Can Prevent Supply Chain Attacks
Through artifact attestation and the SLSA framework, GitHub's Jennifer Schelkopf argues that at least some supply chain attacks can be stopped in their tracks.
Published on: June 10, 2025 | Source:Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps
Adobe on Tuesday pushed security updates to address a total of 254 security flaws impacting its software products, a majority of which affect Experience Manager (AEM). Of the 254 flaws, 225 reside in AEM, impacting AEM Cloud Service (CS) as well as all versions prior to and including 6.5.22. The issues have been resolved in AEM Cloud Service Release 2025.5 and version 6.5.23. "Successful
Published on: June 10, 2025 | Source:Microsoft Patch Tuesday Covers WebDAV Flaw Marked as โAlready Exploitedโ
Redmond warns that external control of a file name or path in WebDAV "allows an unauthorized attacker to execute code over a network." The post Microsoft Patch Tuesday Covers WebDAV Flaw Marked as โAlready Exploitedโ appeared first on SecurityWeek.
Published on: June 10, 2025 | Source:Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud
Cybersecurity researchers have uncovered over 20 configuration-related risks affecting Salesforce Industry Cloud (aka Salesforce Industries), exposing sensitive data to unauthorized internal and external parties. The weaknesses affect various components like FlexCards, Data Mappers, Integration Procedures (IProcs), Data Packs, OmniOut, and OmniScript Saved Sessions. "Low-code platforms such as
Published on: June 10, 2025 | Source:House committee sets CISA budget cut at $135M, not Trumpโs $495M
The move indicated at least some resistance to the presidentโs CISA reduction goal, but Democrats still said that was too steep for the agencyโs fiscal 2026 funding legislation. The post House committee sets CISA budget cut at $135M, not Trumpโs $495M appeared first on CyberScoop.
Published on: June 10, 2025 | Source:United Natural Food's Operations Limp Through Cybersecurity Incident
It's unclear what kind of cyberattack occurred, but UNFI proactively took certain systems offline, which has disrupted the company's operations.
Published on: June 10, 2025 | Source:FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware
The financially motivated threat actor known as FIN6 has been observed leveraging fake resumes hosted on Amazon Web Services (AWS) infrastructure to deliver a malware family called More_eggs. "By posing as job seekers and initiating conversations through platforms like LinkedIn and Indeed, the group builds rapport with recruiters before delivering phishing messages that lead to malware," the
Published on: June 10, 2025 | Source:Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users
Cybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that's being propagated via fraudulent gaming websites. "Upon execution, the malware displays a fake window to appear legitimate while simultaneously decrypting and executing malicious code in the background," Trellix security researchers Niranjan Hegde, Vasantha Lakshmanan
Published on: June 10, 2025 | Source:Poisoned npm Packages Disguised as Utilities Aim for System Wipeout
Backdoors lurking in legitimate-looking code contain file-deletion commands that can destroy production systems and cause massive disruptions to software supply chains.
Published on: June 10, 2025 | Source:SSH Keys: The Most Powerful Credential You're Probably Ignoring
SSH keys enable critical system access but often lack proper management. This security blind spot creates significant risk through untracked, unrotated credentials that persist across your infrastructure.
Published on: June 10, 2025 | Source:Hackers Stole 300,000 Crash Reports From Texas Department of Transportation
The Texas Department of Transportation has disclosed a data breach impacting the personal information included in 300,000 crash reports. The post Hackers Stole 300,000 Crash Reports From Texas Department of Transportation appeared first on SecurityWeek.
Published on: June 10, 2025 | Source:Swimlane Raises $45 Million for Security Automation Platform
Swimlane has raised $45 million in a growth funding round to fuel its global channel expansion and product innovation. The post Swimlane Raises $45 Million for Security Automation Platform appeared first on SecurityWeek.
Published on: June 10, 2025 | Source:Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud
Security researchers uncover critical flaws and widespread misconfigurations in Salesforceโs industry-specific CRM solutions. The post Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud appeared first on SecurityWeek.
Published on: June 10, 2025 | Source:Critical Vulnerability Patched in SAP NetWeaver
SAP has fixed a critical NetWeaver vulnerability allowing attackers to bypass authorization checks and escalate their privileges. The post Critical Vulnerability Patched in SAP NetWeaver appeared first on SecurityWeek.
Published on: June 10, 2025 | Source:The Hidden Threat in Your Stack: Why Non-Human Identity Management is the Next Cybersecurity Frontier
Modern enterprise networks are highly complex environments that rely on hundreds of apps and infrastructure services. These systems need to interact securely and efficiently without constant human oversight, which is where non-human identities (NHIs) come in. NHIs โ including application secrets, API keys, service accounts, and OAuth tokens โ have exploded in recent years, thanks to an
Published on: June 10, 2025 | Source:Sensitive Information Stolen in Sensata Ransomware Attack
Sensor manufacturer Sensata said a ransomware group had access to its network for more than a week and stole personal information. The post Sensitive Information Stolen in Sensata Ransomware Attack appeared first on SecurityWeek.
Published on: June 10, 2025 | Source:Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account
Google has stepped in to address a security flaw that could have made it possible to brute-force an account's recovery phone number, potentially exposing them to privacy and security risks. The issue, according to Singaporean security researcher "brutecat," leverages an issue in the company's account recovery feature. That said, exploiting the vulnerability hinges on several moving parts,
Published on: June 10, 2025 | Source:Exploited Vulnerability Impacts Over 80,000 Roundcube Servers
Exploitation of a critical-severity RCE vulnerability in Roundcube started only days after a patch was released. The post Exploited Vulnerability Impacts Over 80,000 Roundcube Servers appeared first on SecurityWeek.
Published on: June 10, 2025 | Source:Vulnerabilities Exposed Phone Number of Any Google User
Google has awarded $5,000 to a researcher who found security holes that enabled brute-forcing the phone number of any user. The post Vulnerabilities Exposed Phone Number of Any Google User appeared first on SecurityWeek.
Published on: June 10, 2025 | Source:Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises
The threat actor known as Rare Werewolf (formerly Rare Wolf) has been linked to a series of cyber attacks targeting Russia and the Commonwealth of Independent States (CIS) countries. "A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries," Kaspersky said. "The malicious functionality of the campaign
Published on: June 10, 2025 | Source:Whole Foods Distributor United Natural Foods Hit by Cyberattack
United Natural Foods has taken some systems offline after detecting unauthorized activity on its IT systems, causing disruptions to operations. The post Whole Foods Distributor United Natural Foods Hit by Cyberattack appeared first on SecurityWeek.
Published on: June 10, 2025 | Source:CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-32433 (CVSS score: 10.0) - A missing authentication for a critical
Published on: June 10, 2025 | Source:United Natural Foods, distributor for Whole Foods Market, hit by cyberattack
The incident follows a spree of ransomware and extortion attacks targeting multiple U.S.- and U.K.-based retailers, including grocery stores. The logistics company said its operations are impacted. The post United Natural Foods, distributor for Whole Foods Market, hit by cyberattack appeared first on CyberScoop.
Published on: June 09, 2025 | Source:New Trump Cybersecurity Order Reverses Biden, Obama Priorities
The White House put limits on cyber sanctions, killed the digital ID program, and refocused the government's cyber activities to enabling AI, rolling out post-quantum cryptography, and promoting secure software design.
Published on: June 09, 2025 | Source:OpenAI Bans ChatGPT Accounts Linked to Nation-State Threat Actors
The AI company's investigative team found that many accounts were using the program to engage in malicious activity around the world, such as employment schemes, social engineering, and cyber espionage.
Published on: June 09, 2025 | Source:'Librarian Ghouls' Cyberattackers Strike at Night
Since at least December, the advanced persistent threat (APT) group has been using legit tools to steal data, dodge detection, and drop cryptominers on systems belonging to organizations in Russia.
Published on: June 09, 2025 | Source:Gartner: How Security Teams Can Turn Hype Into Opportunity
During the opening keynote at Gartner Security & Risk Management Summit 2025, analysts weighed in on how CISOs and security teams can use security fervor around AI and other tech to the betterment of their security posture.
Published on: June 09, 2025 | Source:SIEMs Missing the Mark on MITRE ATT&CK Techniques
CardinalOps' report shows that organizations are struggling to keep up with the evolution of the latest threats while a significant number of detection rules remain non-functional.
Published on: June 09, 2025 | Source:Chinese Hackers and User Lapses Turn Smartphones Into a โMobile Security Crisisโ
Foreign hackers have increasingly identified smartphones, other mobile devices and the apps they use as a weak link in U.S. cyberdefenses. The post Chinese Hackers and User Lapses Turn Smartphones Into a โMobile Security Crisisโ appeared first on SecurityWeek.
Published on: June 09, 2025 | Source:Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign
Anti-malware vendor said it spent the past twelve months deflecting a stream of network reconnaissance probes from China-nexus threat actors The post Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign appeared first on SecurityWeek.
Published on: June 09, 2025 | Source:FBI veteran Brett Leatherman to lead Cyber division
Leatherman, a 22-year FBI veteran, has been heavily involved in cyber investigations as section chief and deputy assistant director over the past three years. The post FBI veteran Brett Leatherman to lead Cyber division appeared first on CyberScoop.
Published on: June 09, 2025 | Source:Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group
The reconnaissance activity targeting American cybersecurity company SentinelOne was part of a broader set of partially-related intrusions into several targets between July 2024 and March 2025. "The victimology includes a South Asian government entity, a European media organization, and more than 70 organizations across a wide range of sectors," SentinelOne security researchers Aleksandar
Published on: June 09, 2025 | Source:Internet infamy drives The Comโs crime sprees
Unit 221Bโs Allison Nixon said crackdowns have effectively shown the group that their actions carry real consequences. The post Internet infamy drives The Comโs crime sprees appeared first on CyberScoop.
Published on: June 09, 2025 | Source: