Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXHarvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack
Hackers have posted over 1 Tb of information allegedly stolen from Harvard on the Cl0p data leak website. The post Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack appeared first on SecurityWeek.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Beyond the Black Box: Building Trust and Governance in the Age of AI
Balancing innovation with ethical governance is crucial for ensuring fairness, accountability, and public trust in the age of intelligent machines. The post Beyond the Black Box: Building Trust and Governance in the Age of AI appeared first on SecurityWeek.
Flax Typhoon can turn your own software against you
The Chinese hacking group gained persistent access to a popular mapping tool by turning one of its features into a webshell and hardcoding access, according to ReliaQuest. The post Flax Typhoon can turn your own software against you appeared first on CyberScoop.
Moving Beyond Awareness: How Threat Hunting Builds Readiness
Every October brings a familiar rhythm - pumpkin-spice everything in stores and cafΓ©s, alongside a wave of reminders, webinars, and checklists in my inbox. Halloween may be just around the corner, yet for those of us in cybersecurity, Security Awareness Month is the true seasonal milestone. Make no mistake, as a security professional, I love this month. Launched by CISA and the National
Pixnapping Attack Steals Data From Google, Samsung Android Phones
Google has released a partial patch for the Pixnapping attack and is working on an additional fix. The post Pixnapping Attack Steals Data From Google, Samsung Android Phones appeared first on SecurityWeek.
RMPocalypse: Single 8-Byte Write Shatters AMDβs SEV-SNP Confidential Computing
Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing guarantees provided by Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). The attack, per ETH ZΓΌrich researchers Benedict SchlΓΌter and Shweta Shinde, exploits AMD's incomplete protections that make it possible to perform a single memory
New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions
Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google Maps timelines, and other sensitive data without the users' knowledge pixel-by-pixel. The attack has been codenamed Pixnapping by a group of academics from the University of California (Berkeley), University of
The Trump Administrationβs Increased Use of Social Media Surveillance
This chilling paragraph is in a comprehensive Brookings report about the use of tech to deport people from the US: The administration has also adapted its methods of social media surveillance. Though agencies like the State Department have gathered millions of handles and monitored political discussions online, the Trump administration has been more explicit in who itβs targeting. Secretary of State Marco Rubio...
What AI Reveals About Web Applicationsβ and Why It Matters
Before an attacker ever sends a payload, theyβve already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your GitHub repos. These are all clues that help them understand how your systems behave. AI is significantly accelerating reconnaissance and enabling attackers to map your
RMPocalypse: New Attack Breaks AMD Confidential Computing
A vulnerability in RMP initialization allows the AMD processorβs x86 cores to maliciously control parts of the initial RMP state. The post RMPocalypse: New Attack Breaks AMD Confidential Computing appeared first on SecurityWeek.
Red, blue, and now AI: Rethinking cybersecurity training for the 2026 threat landscape
Cybersecurity today is defined by complexity. Threats evolve in real time, driven by AI-generated malware, autonomous reconnaissance, and adversaries capable of pivoting faster than ever. In a recent survey by DarkTrace of more than 1,500 cybersecurity professionals worldwide, nearly 74% said AI-powered threats are a major challenge for their organization, and 90% expect these threats [β¦] The post Red, blue, and now...
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks. Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for attackers to
Researchers Expose TA585βs MonsterV2 Malware Capabilities and Attack Chain
Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns. The Proofpoint Threat Research Team described the threat activity cluster as sophisticated, leveraging web injections and filtering checks as part of its attack chains. "TA585 is notable because it
Fortra cops to exploitation of GoAnywhere file-transfer service defect
The vendor belatedly admitted the max-severity vulnerability was actively exploited weeks after researchers and officials confirmed as much independently. The post Fortra cops to exploitation of GoAnywhere file-transfer service defect appeared first on CyberScoop.
JPMorgan to Invest up to $10 Billion in US Companies with Crucial Ties to National Security
The investment plan will focus on areas including artificial intelligence, cybersecurity and quantum computing. The post JPMorgan to Invest up to $10 Billion in US Companies with Crucial Ties to National Security appeared first on SecurityWeek.
Rewiring Democracy is Coming Soon
My latest book, Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship, will be published in just over a week. No reviews yet, but you can read chapters 12 and 34 (of 43 chapters total). You can order the book pretty much everywhere, and a copy signed by me here. Please help spread the word. I want this book to make a splash when itβs public. Leave a review on whatever site you buy it from....
Fighting the Cyber Forever War: Born Defense Blends Investment Strategy with Just War Principles
Emerging from stealth, Born Defense is betting that a new kind of investment model can reshape how the U.S. fights its endless cyber battles. The post Fighting the Cyber Forever War: Born Defense Blends Investment Strategy with Just War Principles appeared first on SecurityWeek.
Financial, Other Industries Urged to Prepare for Quantum Computers
Despite daunting technical challenges, a quantum computer capable of breaking public-key encryption systems may be only a decade or two off.
Malicious Code on Unity Website Skims Information From Hundreds of Customers
The video game software development company says the incident impacted users of its SpeedTree website. The post Malicious Code on Unity Website Skims Information From Hundreds of Customers appeared first on SecurityWeek.
Critical infrastructure CISOs Can't Ignore 'Back-Office Clutter' Data
OT and ICS systems indeed hold the crown jewels of critical infrastructure organizations, but unmonitored data sprawl is proving to be pure gold for increasingly brazen nation-state threat actors like Volt Typhoon, Pearce argues.
Generation AI: Why Today's Tech Graduates Are At a Disadvantage
With artificial intelligence supplanting entry-level security jobs, new cyber professionals will have to up their game to stay competitive in the industry.
β‘ Weekly Recap: WhatsApp Worm, Critical CVEs, Oracle 0-Day, Ransomware Cartel & More
Every week, the cyber world reminds us that silence doesnβt mean safety. Attacks often begin quietly β one unpatched flaw, one overlooked credential, one backup left unencrypted. By the time alarms sound, the damage is done. This weekβs edition looks at how attackers are changing the game β linking different flaws, working together across borders, and even turning trusted tools into weapons.
SonicWall SSL VPN Accounts in Attacker Crosshairs
Threat actors have rapidly compromised more than 100 SonicWall SSL VPN accounts pertaining to over a dozen entities. The post SonicWall SSL VPN Accounts in Attacker Crosshairs appeared first on SecurityWeek.
SimonMed Imaging Data Breach Impacts 1.2 Million
SimonMed Imaging was targeted by the Medusa ransomware group, which claimed to have stolen 200 Gb of data. The post SimonMed Imaging Data Breach Impacts 1.2 Million appeared first on SecurityWeek.
Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk
Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal payment data while your WAF and intrusion detection systems see nothing. With the 2025 shopping season weeks away, visibility gaps must close now. Get the complete Holiday Season Security Playbook here. Bottom Line Up Front The 2024 holiday season saw major
NPM Infrastructure Abused in Phishing Campaign Aimed at Industrial and Electronics Firms
Threat actors used automation to create over 175 malicious NPM packages targeting more than 135 organizations. The post NPM Infrastructure Abused in Phishing Campaign Aimed at Industrial and Electronics Firms appeared first on SecurityWeek.
AI and the Future of American Politics
Two years ago, Americans anxious about the forthcoming 2024 presidential election were considering the malevolent force of an election influencer: artificial intelligence. Over the past several years, we have seen plenty of warning signs from elections worldwide demonstrating how AI can be used to propagate misinformation and alter the political landscape, whether by trolls on social media, foreign influencers, or even...
Oracle Patches EBS Vulnerability Allowing Access to Sensitive Data
Itβs unclear if the new Oracle E-Business Suite flaw, which can be exploited remotely without authentication, has been used in the wild. The post Oracle Patches EBS Vulnerability Allowing Access to Sensitive Data appeared first on SecurityWeek.
Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors
Malware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30 vendors. The activity, described as akin to an "exploit shotgun" approach, has singled out a wide range of internet-exposed infrastructure, including routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV systems, web servers, and
Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor
Microsoft said it has revamped the Internet Explorer (IE) mode in its Edge browser after receiving "credible reports" in August 2025 that unknown threat actors were abusing the backward compatibility feature to gain unauthorized access to users' devices. "Threat actors were leveraging basic social engineering techniques alongside unpatched (0-day) exploits in Internet Explorer's JavaScript
Extortion Group Leaks Millions of Records From Salesforce Hacks
The data allegedly pertains to Albertsons, Engie Resources, Fujifilm, GAP, Qantas, and Vietnam Airlines. The post Extortion Group Leaks Millions of Records From Salesforce Hacks appeared first on SecurityWeek.
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns
Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns. "Instead of relying solely on traditional command-and-control (C2) servers that can be taken down, these attackers are leveraging GitHub repositories to host malware
New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims' PCs
Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts. "Threat actors leveraged compromised credentials that mapped to both Cisco VPN and an over-privileged Active Directory account named, 'serviceaccount,'" eSentire said in a technical report published
New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login
Oracle on Saturday issued a security alert warning of a fresh security flaw impacting its E-Business Suite that it said could allow unauthorized access to sensitive data. The vulnerability, tracked as CVE-2025-61884, carries a CVSS score of 7.5, indicating high severity. It affects versions from 12.2.3 through 12.2.14. "Easily exploitable vulnerability allows an unauthenticated attacker with
Experts Warn of Widespread SonicWall VPN Compromise Impacting Over 100 Accounts
Cybersecurity company Huntress on Friday warned of "widespread compromise" of SonicWall SSL VPN devices to access multiple customer environments. "Threat actors are authenticating into multiple accounts rapidly across compromised devices," it said. "The speed and scale of these attacks imply that the attackers appear to control valid credentials rather than brute-forcing." A significant chunk of