Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Iranian APT 'BladedFeline' Hides in Network for 8 Years
ESET published research on the Iranian APT "BladedFeline," which researchers believe is a subgroup of the cyber-espionage entity APT34.
Published on: June 05, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
China Issues Warrants for Alleged Taiwanese Hackers and Bans a Business for Pro-Independence Links
China issued warrants for 20 Taiwanese people it said carried out hacking missions in the Chinese mainland on behalf of the islandβs ruling party. The post China Issues Warrants for Alleged Taiwanese Hackers and Bans a Business for Pro-Independence Links appeared first on SecurityWeek.
Published on: June 05, 2025 | Source:Cybersecurity Training in Africa Aims to Bolster Professionals' Ranks
The United Nations, Carnegie Mellon University, and private organizations are all aiming to train the next generation of cybersecurity experts, boost economies, and disrupt pipelines to armed groups.
Published on: June 05, 2025 | Source:Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI
Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow unauthenticated actors to carry out malicious actions on susceptible systems. The security defect, tracked as CVE-2025-20286, carries a CVSS score of 9.9 out of 10.0. It has been described as a static credential vulnerability. "A
Published on: June 05, 2025 | Source:Feds seize 145 domains associated with BidenCash cybercrime platform
The cybercrime marketplace was used by more than 117,000 customers and trafficked more than 15 million credit card numbers since March 2022, the Justice Department said. The post Feds seize 145 domains associated with BidenCash cybercrime platform appeared first on CyberScoop.
Published on: June 04, 2025 | Source:Vibe coding is here to stay. Can it ever be secure?Β
Research shows that AI-generated code is remarkably insecure. Yet experts tell CyberScoop it's up to industry to figure out a way to limit the issues the technology introduces. The post Vibe coding is here to stay. Can it ever be secure? appeared first on CyberScoop.
Published on: June 04, 2025 | Source:Vishing Crew Targets Salesforce Data
A group that Google is tracking as UNC6040 has been tricking users at many organizations into installing a malicious version of a Salesforce app to gain access and steal data from the platform.
Published on: June 04, 2025 | Source:Salesforce customers duped by series of social-engineering attacks
Google Threat Intelligence Group said about 20 organizations have been hit by a cybercrime group it tracks as UNC6040. The post Salesforce customers duped by series of social-engineering attacks appeared first on CyberScoop.
Published on: June 04, 2025 | Source:How Neuroscience Can Help Us Battle 'Alert Fatigue'
By understanding the neurological realities of human attention, organizations can build more sustainable security operations that protect not only their digital assets but also the well-being of those who defend them.
Published on: June 04, 2025 | Source:Researchers Bypass Deepfake Detection With Replay Attacks
An international group of researchers found that simply rerecording deepfake audio with natural acoustics in the background allows it to bypass detection models at a higher-than-expected rate.
Published on: June 04, 2025 | Source:Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App
Google has disclosed details of a financially motivated threat cluster that it said "specializes" in voice phishing (aka vishing) campaigns designed to breach organizations' Salesforce instances for large-scale data theft and subsequent extortion. The tech giant's threat intelligence team is tracking the activity under the moniker UNC6040, which it said exhibits characteristics that align with
Published on: June 04, 2025 | Source:Attackers Impersonate Ruby Packages to Steal Sensitive Telegram Data
Malicious RubyGems pose as a legitimate plug-in for the popular Fastlane rapid development platform in a geopolitically motivated attack with global supply chain reach.
Published on: June 04, 2025 | Source:Google Warns of Vishing, Extortion Campaign Targeting Salesforce Customers
A financially motivated threat actor employing vishing to compromise Salesforce customers, and extort them. The post Google Warns of Vishing, Extortion Campaign Targeting Salesforce Customers appeared first on SecurityWeek.
Published on: June 04, 2025 | Source:Beware of Device Code Phishing
Hackers are exploiting trusted authentication flows β like Microsoft Teams and IoT logins β to trick users into handing over access tokens, bypassing MFA and slipping undetected into corporate networks.
Published on: June 04, 2025 | Source:Going Into the Deep End: Social Engineering and the AI Flood
AI is transforming the cybersecurity landscapeβempowering attackers with powerful new tools while offering defenders a chance to fight back. But without stronger awareness and strategy, organizations risk falling behind. The post Going Into the Deep End: Social Engineering and the AI Flood appeared first on SecurityWeek.
Published on: June 04, 2025 | Source:Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads
Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT that has been used in recent attacks targeting Windows and Linux systems. According to findings from Acronis, the malware artifact may have been distributed by tricking victims into downloading a network troubleshooting utility for Linux environments. "Chaos RAT is an open-source RAT written in
Published on: June 04, 2025 | Source:Your SaaS Data Isn't Safe: Why Traditional DLP Solutions Fail in the Browser Era
Traditional data leakage prevention (DLP) tools aren't keeping pace with the realities of how modern businesses use SaaS applications. Companies today rely heavily on SaaS platforms like Google Workspace, Salesforce, Slack, and generative AI tools, significantly altering the way sensitive information is handled. In these environments, data rarely appears as traditional files or crosses networks
Published on: June 04, 2025 | Source:Compyl Raises $12 Million for GRC Platform
Compyl has raised $12 million in a Series A funding round that will be invested in go-to-market initiatives, hirings, and GRC platform expansion. The post Compyl Raises $12 Million for GRC Platform appeared first on SecurityWeek.
Published on: June 04, 2025 | Source:The Ramifications of Ukraineβs Drone Attack
You can read the details of Operation Spiderweb elsewhere. What interests me are the implications for future warfare: If the Ukrainians could sneak drones so close to major air bases in a police state such as Russia, what is to prevent the Chinese from doing the same with U.S. air bases? Or the Pakistanis with Indian air bases? Or the North Koreans with South Korean air bases? Militaries that thought they had secured...
Published on: June 04, 2025 | Source:Webinar Today: Redefining Vulnerability Management With Exposure Validation
Learn why your security controls matter more than theoretical risk scores and how exposure validation helps slash massive patch lists down to the few vulnerabilities that truly demand action. The post Webinar Today: Redefining Vulnerability Management With Exposure Validation appeared first on SecurityWeek.
Published on: June 04, 2025 | Source:Victoriaβs Secret Says It Will Postpone Earnings Report After Recent Security Breach
Victoriaβs Secret is postponing the release of its quarterly earnings following a security breach that disrupted the popular lingerie brandβs corporate operations. The post Victoriaβs Secret Says It Will Postpone Earnings Report After Recent Security Breach appeared first on SecurityWeek.
Published on: June 04, 2025 | Source:Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks
Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems. The findings come from multiple reports published by Checkmarx,
Published on: June 04, 2025 | Source:Thousands Hit by The North Face Credential Stuffing Attack
Threat actors steal personal information from thenorthface.com user accounts in a recent credential stuffing campaign. The post Thousands Hit by The North Face Credential Stuffing Attack appeared first on SecurityWeek.
Published on: June 04, 2025 | Source:35,000 Solar Power Systems Exposed to Internet
Researchers from Forescout have analyzed the prevalence of internet-exposed solar power devices and shared a list of the top vendors and devices. The post 35,000 Solar Power Systems Exposed to Internet appeared first on SecurityWeek.
Published on: June 04, 2025 | Source:HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass
Hewlett Packard Enterprise (HPE) has released security updates to address as many as eight vulnerabilities in its StoreOnce data backup and deduplication solution that could result in an authentication bypass and remote code execution. "These vulnerabilities could be remotely exploited to allow remote code execution, disclosure of information, server-side request forgery, authentication bypass,
Published on: June 04, 2025 | Source:How to Approach Security in the Era of AI Agents
Organizations need to implement these five essential security controls to safely harness the power of autonomous AI agents while still protecting enterprise assets.
Published on: June 03, 2025 | Source:TXOne Networks Introduces Capability for Intelligent Vulnerability Mitigation
Published on: June 03, 2025 | Source:
'Crocodilus' Sharpens Its Teeth on Android Users
The data-stealing malware initially targeted users in Turkey but has since evolved into a global threat.
Published on: June 03, 2025 | Source:Victoria's Secret Delays Earnings Call Due to Cyber Incident
But that didn't stop the clothing retailer from issuing preliminary results for the first quarter of 2025.
Published on: June 03, 2025 | Source:Google addresses 34 high-severity vulnerabilities in Juneβs Android security update
The most serious flaw in the monthly security update affects the Android system and could be exploited to achieve local escalation of privilege, the company said. The post Google addresses 34 high-severity vulnerabilities in Juneβs Android security update appeared first on CyberScoop.
Published on: June 03, 2025 | Source:Chrome Drops Trust for Chunghwa, Netlock Certificates
Digital certificates authorized by the authorities will no longer have trust by default in the browser starting in August, over what Google said is a loss of integrity in actions by the respective companies.
Published on: June 03, 2025 | Source:LummaC2 Fractures as Acreed Malware Becomes Top Dog
LummaC2 formerly accounted for almost 92% of Russian Market's credential theft log alerts. Now, the Acreed infostealer has replaced its market share.
Published on: June 03, 2025 | Source:The UK Brings Cyberwarfare Out of the Closet
The UKβs 2025 Strategic Defence Review outlines a unified approach to modern warfare, integrating cyber, AI, and electromagnetic capabilities across military domains. The post The UK Brings Cyberwarfare Out of the Closet appeared first on SecurityWeek.
Published on: June 03, 2025 | Source:CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution
Wild variances in naming taxonomies arenβt going away, but a new initiative from the security vendors aims to more publicly address obvious overlap in threat group attribution. The post CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution appeared first on CyberScoop.
Published on: June 03, 2025 | Source:Experts endorse Sean Cairncross for national cyber director ahead of Senate hearing
The letter to Senate Homeland Security and Governmental Affairs Committee leaders comes shortly before they consider his nomination. The post Experts endorse Sean Cairncross for national cyber director ahead of Senate hearing appeared first on CyberScoop.
Published on: June 03, 2025 | Source: