Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXFCC tightens rules on foreign firms building undersea cables, citing security
The agency said the cables responsible for powering that data explosion must be protected from acts of foreign sabotage. The post FCC tightens rules on foreign firms building undersea cables, citing security appeared first on CyberScoop.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Researchers Warn of 'Hidden Risks' in Passwordless Account Recovery
Passwordless authentication is becoming more common, but account recovery poses increased risks that can lead to account takeovers. It's especially dangerous because even low-skilled attackers can achieve success.
House lawmakers seek better tech for Commerce in fight against foreign powers
A bipartisan bill from Reps. Crow and Kean would give the Bureau of Industry and Security IT upgrades to help keep U.S. dual-use technologies away from Russia, China and others. The post House lawmakers seek better tech for Commerce in fight against foreign powers appeared first on CyberScoop.
Echo Chamber, Prompts Used to Jailbreak GPT-5 in 24 Hours
Researchers paired the jailbreaking technique with storytelling in an attack flow that used no inappropriate language to guide the LLM into producing directions for making a Molotov cocktail.
New TETRA Radio Encryption Flaws Expose Law Enforcement Communications
Cybersecurity researchers have discovered a fresh set of security issues in the Terrestrial Trunked Radio (TETRA) communications protocol, including in its proprietary end-to-end encryption (E2EE) mechanism that exposes the system to replay and brute-force attacks, and even decrypt encrypted traffic. Details of the vulnerabilities β dubbed 2TETRA:2BURST β were presented at the Black Hat USA
Utilities, Factories at Risk From Encryption Holes in Industrial Protocol
The OPC UA communication protocol is widely used in industrial settings, but despite its complex cryptography, the open source protocol appears to be vulnerable in a number of different ways.
Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls
Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform (OTP) SSH as early as beginning of May 2025, with about 70% of detections originating from firewalls protecting operational technology (OT) networks. The vulnerability in question is CVE-2025-32433 (CVSS score: 10.0), a missing authentication issue that could be abused by an
Announcing the winners of the 2025 CyberScoop 50 awards
Scoop News Group is thrilled to honor the standout winners of the 2025 CyberScoop 50 Awards, recognizing the leaders who protect our networks, data, and infrastructure while driving innovation across cybersecurity. Over three months, voters nationwide nominated and selected trailblazers who demonstrated exceptional dedication, creativity, and resilience. With more than 800,000 votes across five categories, [β¦] The post...
Chrome Sandbox Escape Earns Researcher $250,000
A researcher has been given the highest reward in Googleβs Chrome bug bounty program for a sandbox escape with remote code execution. The post Chrome Sandbox Escape Earns Researcher $250,000 appeared first on SecurityWeek.
Managing the Trust-Risk Equation in AI: Predicting Hallucinations Before They Strike
New physics-based research suggests large language models could predict when their own answers are about to go wrong β a potential game changer for trust, risk, and security in AI-driven systems. The post Managing the Trust-Risk Equation in AI: Predicting Hallucinations Before They Strike appeared first on SecurityWeek.
Will Secure AI Be the Hottest Career Path in Cybersecurity?
Securing AI systems represents cybersecurity's next frontier, creating specialized career paths as organizations grapple with novel vulnerabilities, regulatory requirements, and cross-functional demands.
Connex Credit Union Data Breach Impacts 172,000 People
Hackers targeted Connex, one of the largest credit unions in Connecticut, and likely stole files containing personal information. The post Connex Credit Union Data Breach Impacts 172,000 People appeared first on SecurityWeek.
β‘ Weekly Recap: BadCam Attack, WinRAR 0-Day, EDR Killer, NVIDIA Flaws, Ransomware Attacks & More
This week, cyber attackers are moving quickly, and businesses need to stay alert. Theyβre finding new weaknesses in popular software and coming up with clever ways to get around security. Even one unpatched flaw could let attackers in, leading to data theft or even taking control of your systems. The clock is tickingβif defenses arenβt updated regularly, it could lead to serious damage. The
Flaws in Major Automakerβs Dealership Systems Allowed Car Hacking, Personal Data Theft
A researcher has demonstrated how a platform used by over 1,000 dealerships in the US could have been used to hack cars. The post Flaws in Major Automakerβs Dealership Systems Allowed Car Hacking, Personal Data Theft appeared first on SecurityWeek.
6 Lessons Learned: Focusing Security Where Business Value Lives
The Evolution of Exposure Management Most security teams have a good sense of whatβs critical in their environment. Whatβs harder to pin down is whatβs business-critical. These are the assets that support the processes the business canβt function without. Theyβre not always the loudest or most exposed. Theyβre the ones tied to revenue, operations, and delivery. If one goes down, itβs more than a
Automatic License Plate Readers Are Coming to Schools
Fears around children is opening up a new market for automatic license place readers.
Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability
ESET Research discovered a zero-day vulnerability in WinRAR being exploited in the wild in the guise of job application documents; the weaponized archives exploited a path traversal flaw to compromise their targets
BadCam: New BadUSB Attack Turns Linux Webcams Into Persistent ThreatsΒ
Eclypsium researchers have demonstrated a BadCam attack against Lenovo cameras, but others may be impacted as well. The post BadCam: New BadUSB Attack Turns Linux Webcams Into Persistent Threats appeared first on SecurityWeek.
Google Chrome Enterprise: Keeping Businesses Safe From Threats on the Web
Dark Reading's Terry Sweeney and Google Cloud Security's Jason Kemmerer discuss how organizations can secure the modern workplace with zero trust browser protection for remote and hybrid teams.
How Maclaren Racing Gets From the Browser to the Track
In a conversation with Dark Reading's Terry Sweeney, Dr. Lisa Jarman from McLaren Racing says cutting-edge innovation must coexist with rigorous security protocols.
WinRAR Zero-Day Under Active Exploitation β Update to Latest Version Immediately
The maintainers of the WinRAR file archiving utility have released an update to address an actively exploited zero-day vulnerability. Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been described as a case of path traversal affecting the Windows version of the tool that could be exploited to obtain arbitrary code execution by crafting malicious archive files. "When extracting a file,
New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP
A novel attack technique could be weaponized to rope thousands of public domain controllers (DCs) around the world to create a malicious botnet and use it to conduct powerful distributed denial-of-service (DDoS) attacks. The approach has been codenamed Win-DDoS by SafeBreach researchers Or Yair and Shahak Morag, who presented their findings at the DEF CON 33 security conference today. "As we
Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation
Cybersecurity researchers have presented new findings related to a now-patched security issue in Microsoft's Windows Remote Procedure Call (RPC) communication protocol that could be abused by an attacker to conduct spoofing attacks and impersonate a known server. The vulnerability, tracked as CVE-2025-49760 (CVSS score: 3.5), has been described by the tech giant as a Windows Storage spoofing bug
Linux-Based Lenovo Webcamsβ Flaw Can Be Remotely Exploited for BadUSB Attacks
Cybersecurity researchers have disclosed vulnerabilities in select model webcams from Lenovo that could turn them into BadUSB attack devices. "This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system," Eclypsium researchers Paul Asadoorian, Mickey Shkatov, and Jesse Michael said in a report shared with The Hacker News. The
Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models
Cybersecurity researchers have uncovered multiple security flaws in Dell's ControlVault3 firmware and its associated Windows APIs that could have been abused by attackers to bypass Windows login, extract cryptographic keys, as well as maintain access even after a fresh operating system install by deploying undetectable malicious implants into the firmware. The vulnerabilities have been codenamed
Researchers Uncover GPT-5 Jailbreak and Zero-Click AI Agent Attacks Exposing Cloud and IoT Systems
Cybersecurity researchers have uncovered a jailbreak technique to bypass ethical guardrails erected by OpenAI in its latest large language model (LLM) GPT-5 and produce illicit instructions. Generative artificial intelligence (AI) security platform NeuralTrust said it combined a known technique called Echo Chamber with narrative-driven steering to trick the model into producing undesirable
Free Wi-Fi Leaves Buses Vulnerable to Remote Hacking
Researchers showed how flaws in a busβ onboard and remote systems can be exploited by hackers for tracking, control and spying. The post Free Wi-Fi Leaves Buses Vulnerable to Remote Hacking appeared first on SecurityWeek.
CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials
Cybersecurity researchers have discovered over a dozen vulnerabilities in enterprise secure vaults from CyberArk and HashiCorp that, if successfully exploited, can allow remote attackers to crack open corporate identity systems and extract enterprise secrets and tokens from them. The 14 vulnerabilities, collectively named Vault Fault, affect CyberArk Secrets Manager, Self-Hosted, and
Friday Squid Blogging: New Vulnerability in Squid HTTP Proxy Server
In a rare squid/security combined post, a new vulnerability was discovered in the Squid HTTP proxy server.
DARPAβs AI Cyber Challenge reveals winning models for automated vulnerability discovery and patching
The initiative seeks to patch vulnerabilities in open-source code before they are exploited by would-be attackers. Now comes the hard part β putting the systems to the test in the real world. The post DARPAβs AI Cyber Challenge reveals winning models for automated vulnerability discovery and patching appeared first on CyberScoop.
KrebsOnSecurity in New βMost Wantedβ HBO Max Series
A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly. The four-part series follows the exploits of Julius KivimΓ€ki, a prolific Finnish hacker recently convicted of leaking tens of thousands of patient records from an online psychotherapy practice while attempting to extort the clinic and its patients.
60 RubyGems Packages Steal Data From Annoying Spammers
A cybercrime antihero has been stealing and then reselling credentials from unsavory online characters. Their motives are questionable, but the schadenfreude is irresistible.
BigID Launches Shadow AI Discovery to Uncover Rogue Models and Risky AI Data
PwC Announces Addition of Morgan Adamski to Leadership of Cyber, Data & Technology Risk Platform