Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks
A now-patched critical security flaw in the Wazur Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct distributed denial-of-service (DDoS) attacks. Akamai, which first discovered the exploitation efforts in late March 2025, said the malicious campaign targets CVE-2025-24016 (CVSS score: 9.9), an unsafe deserialization vulnerability that
Published on: June 09, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Guardz Banks $56M Series B for All-in-One SMB Security
The Israeli company said the Series B raise was led by ClearSky and included equity stakes for new backer Phoenix Financial. The post Guardz Banks $56M Series B for All-in-One SMB Security appeared first on SecurityWeek.
Published on: June 09, 2025 | Source:React Native Aria Packages Backdoored in Supply Chain Attack
A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack. The post React Native Aria Packages Backdoored in Supply Chain Attack appeared first on SecurityWeek.
Published on: June 09, 2025 | Source:Next-Gen Developers Are a Cybersecurity Powder Keg
AI coding tools promise productivity but deliver security problems, too. As developers embrace "vibe coding," enterprises face mounting risks from insecure code generation that security teams can't keep pace with.
Published on: June 09, 2025 | Source:Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems
Two malicious NPM packages contain code that would delete production systems when triggered with the right credentials. The post Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems appeared first on SecurityWeek.
Published on: June 09, 2025 | Source:iMessage Zero-Click Attacks Suspected in Targeting of High-Value Individuals
iVerify links iPhone crashes to sophisticated zero-click attacks via iMessage targeting individuals involved in politics in the EU and US. The post iMessage Zero-Click Attacks Suspected in Targeting of High-Value Individuals appeared first on SecurityWeek.
Published on: June 09, 2025 | Source:China-Backed Hackers Target SentinelOne in 'PurpleHaze' Attack Spree
Known threat groups APT15 and UNC5174 unleashed attacks against SentinelOne and more than 70 other high-value targets, as part of ongoing cyber-espionage and other malicious activity involving ShadowPad malware.
Published on: June 09, 2025 | Source:โก Weekly Recap: Chrome 0-Day, Data Wipers, Misused Tools and Zero-Click iPhone Attacks
Behind every security alert is a bigger story. Sometimes itโs a system being tested. Sometimes itโs trust being lost in quiet waysโthrough delays, odd behavior, or subtle gaps in control. This week, weโre looking beyond the surface to spot what really matters. Whether itโs poor design, hidden access, or silent misuse, knowing where to look can make all the difference. If you're responsible for
Published on: June 09, 2025 | Source:Think Your IdP or CASB Covers Shadow IT? These 5 Risks Prove Otherwise
You donโt need a rogue employee to suffer a breach. All it takes is a free trial that someone forgot to cancel. An AI-powered note-taker quietly syncing with your Google Drive. A personal Gmail account tied to a business-critical tool. Thatโs shadow IT. And today, itโs not just about unsanctioned apps, but also dormant accounts, unmanaged identities, over-permissioned SaaS
Published on: June 09, 2025 | Source:Unverified code is the next national security threat
Congress and federal agencies can take some simple steps to better protect open-source software. The post Unverified code is the next national security threat appeared first on CyberScoop.
Published on: June 09, 2025 | Source:New Way to Track Covertly Android Users
Researchers have discovered a new way to covertly track Android users. Both Meta and Yandex were using it, but have suddenly stopped now that they have been caught. The details are interesting, and worth reading in detail: Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to...
Published on: June 09, 2025 | Source:New Way to Covertly Track Android Users
Researchers have discovered a new way to covertly track Android users. Both Meta and Yandex were using it, but have suddenly stopped now that they have been caught. The details are interesting, and worth reading in detail: Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to...
Published on: June 09, 2025 | Source:US Seeks Forfeiture of $7.74M in Cryptocurrency Tied to North Korean IT Workers
The US is seeking the forfeiture of $7.74 million in cryptocurrency in frozen wallets tied to North Korean fake IT workers schemes. The post US Seeks Forfeiture of $7.74M in Cryptocurrency Tied to North Korean IT Workers appeared first on SecurityWeek.
Published on: June 09, 2025 | Source:Nigerian Involved in Hacking US Tax Preparation Firms Sentenced to Prisonย
Kingsley Uchelue Utulu has been sentenced to more than 5 years in prison for his role in a scheme that involved hacking, fraud and identity theft. The post Nigerian Involved in Hacking US Tax Preparation Firms Sentenced to Prison appeared first on SecurityWeek.
Published on: June 09, 2025 | Source:Trump Cybersecurity Executive Order Targets Digital Identity, Sanctions Policies
President Trump says his new cybersecurity executive order amends problematic elements of Biden- and Obama-era executive orders. The post Trump Cybersecurity Executive Order Targets Digital Identity, Sanctions Policies appeared first on SecurityWeek.
Published on: June 09, 2025 | Source:OpenAI Bans ChatGPT Accounts Used by Russian, Iranian, and Chinese Hacker Groups
OpenAI has revealed that it banned a set of ChatGPT accounts that were likely operated by Russian-speaking threat actors and two Chinese nation-state hacking groups to assist with malware development, social media automation, and research about U.S. satellite communications technologies, among other things. "The [Russian-speaking] actor used our models to assist with developing and refining
Published on: June 09, 2025 | Source:New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally
Cybersecurity researchers have flagged a supply chain attack targeting over a dozen packages associated with GlueStack to deliver malware. The malware, introduced via a change to "lib/commonjs/index.js," allows an attacker to run shell commands, take screenshots, and upload files to infected machines, Aikido Security told The Hacker News, stating these packages collectively account for nearly 1
Published on: June 08, 2025 | Source:Malicious Browser Extensions Infect Over 700 Users Across Latin America Since Early 2025
Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data. "Some of the phishing emails were sent from the servers of compromised companies, increasing the chances of a successful attack," Positive Technologies security researcher
Published on: June 08, 2025 | Source:Trump cyber executive order takes aim at prior orders, secure software, identity
President Donald Trump signed an executive order Friday that rolls back parts of two executive orders from the Biden and Obama administrations. The post Trump cyber executive order takes aim at prior orders, secure software, identity appeared first on CyberScoop.
Published on: June 06, 2025 | Source:Trump cyber executive order takes aim at prior orders, secure software, more
The administration has yet to release the text of the order, instead summarizing it in a fact sheet. The post Trump cyber executive order takes aim at prior orders, secure software, more appeared first on CyberScoop.
Published on: June 06, 2025 | Source:Friday Squid Blogging: Squid Run in Southern New England
Southern New England is having the best squid run in years. As usual, you can also use this squid post to talk about the security stories in the news that I havenโt covered.
Published on: June 06, 2025 | Source:Cutting-Edge ClickFix Tactics Snowball, Pushing Phishing Forward
Several widespread ClickFix campaigns are underway, bent on delivering malware to business targets, and they represent a new level of phishing sophistication that defenders need to be prepared for, researchers warn.
Published on: June 06, 2025 | Source:Hearing on the Federal Government and AI
On Thursday I testified before the House Committee on Oversight and Government Reform at a hearing titled โThe Federal Government in the Age of Artificial Intelligence.โ The other speakers mostly talked about how cool AI wasโand sometimes about how cool their own company wasโbut I was asked by the Democrats to specifically talk about DOGE and the risks of exfiltrating our data from government agencies and feeding it...
Published on: June 06, 2025 | Source:F5 Acquires Agentic AI Security Startup Fletch
Agentic AI technology will be integrated into the recently launched F5 Application Delivery and Security Platform.
Published on: June 06, 2025 | Source:Docuseries Explores Mental, Physical Hardships of CISOs
During "CISO: The Worst Job I Ever Wanted," several chief information security officers reveal how difficult it is to be in a role that, despite being around for decades, remains undefined.
Published on: June 06, 2025 | Source:New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users
Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer (AMOS) on Apple macOS systems. The campaign, according to CloudSEK, has been found to leverage typosquat domains mimicking U.S.-based telecom provider Spectrum. "macOS users are served a
Published on: June 06, 2025 | Source:Report on the Malicious Uses of AI
OpenAI just published its annual report on malicious uses of AI. By using AI as a force multiplier for our expert investigative teams, in the three months since our last report weโve been able to detect, disrupt and expose abusive activity including social engineering, cyber espionage, deceptive employment schemes, covert influence operations and scams. These operations originated in many parts of the world, acted in...
Published on: June 06, 2025 | Source:Synthetic Data Is Here to Stay, but How Secure Is It?
Synthetic data offers organizations a way to develop AI while maintaining privacy compliance but requires careful management to prevent re-identification risks and ensure model accuracy.
Published on: June 06, 2025 | Source:Empower Users and Protect Against GenAI Data Loss
When generative AI tools became widely available in late 2022, it wasnโt just technologists who paid attention. Employees across all industries immediately recognized the potential of generative AI to boost productivity, streamline communication and accelerate work. Like so many waves of consumer-first IT innovation before itโfile sharing, cloud storage and collaboration platformsโAI landed in
Published on: June 06, 2025 | Source:Microsoft Helps CBI Dismantle Indian Call Centers Behind Japanese Tech Support Scam
India's Central Bureau of Investigation (CBI) has revealed that it has arrested six individuals and dismantled two illegal call centers that were found to be engaging in a sophisticated transnational tech support scam targeting Japanese citizens. The law enforcement agency said it conducted coordinated searches at 19 locations across Delhi, Haryana, and Uttar Pradesh on May 28, 2025, as part of
Published on: June 06, 2025 | Source:MSFT-CrowdStrike 'Rosetta Stone' for Naming APTs: Meh?
Microsoft and CrowdStrike announced an effort to deconflict the overlapping names of threat groups and reduce confusion for companies, but we've been here before.
Published on: June 06, 2025 | Source:Cybersecurity M&A Roundup: 42 Deals Announced in May 2025
The number of cybersecurity-related merger and acquisition (M&A) announcements surged in May 2025. The post Cybersecurity M&A Roundup: 42 Deals Announced in May 2025 appeared first on SecurityWeek.
Published on: June 06, 2025 | Source:MIND Raises $30 Million for Data Loss Prevention
Data security firm MIND has raised $30 million in Series A funding to expand its R&D and go-to-market teams. The post MIND Raises $30 Million for Data Loss Prevention appeared first on SecurityWeek.
Published on: June 06, 2025 | Source:Inside the Mind of the Adversary: Why More Security Leaders Are Selecting AEV
Cybersecurity involves both playing the good guy and the bad guy. Diving deep into advanced technologies and yet also going rogue in the Dark Web. Defining technical policies and also profiling attacker behavior. Security teams cannot be focused on just ticking boxes, they need to inhabit the attackerโs mindset. This is where AEV comes in. AEV (Adversarial Exposure Validation) is an advanced
Published on: June 06, 2025 | Source:Destructive โPathWiperโ Targeting Ukraineโs Critical Infrastructure
A Russia-linked threat actor has used the destructive malware dubbed PathWiper against a critical infrastructure organization in Ukraine. The post Destructive โPathWiperโ Targeting Ukraineโs Critical Infrastructure appeared first on SecurityWeek.
Published on: June 06, 2025 | Source: