Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
Cybersecurity researchers have shed light on a new malware campaign that makes use of a PowerShell-based shellcode loader to deploy a remote access trojan called Remcos RAT. "Threat actors delivered malicious LNK files embedded within ZIP archives, often disguised as Office documents," Qualys security researcher Akshay Thorve said in a technical report. "The attack chain leverages mshta.exe for
Published on: May 16, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Hackers Win $260,000 on First Day of Pwn2Own Berlin 2025
Pwn2Own participants have earned tens of thousands of dollars for Red Hat, Windows, Oracle VirtualBox, Docker Desktop, and AI exploits. The post Hackers Win $260,000 on First Day of Pwn2Own Berlin 2025 appeared first on SecurityWeek.
Published on: May 16, 2025 | Source:Turkish APT Exploits Chat App Zero-Day to Spy on Iraqi Kurds
Even after their zero-day turned into an n-day, attackers known as Marbled Dust or Sea Turtle continued to spy on military targets that had failed to patch Output Messenger.
Published on: May 16, 2025 | Source:Andrei Tarasov: Inside the Journey of a Russian Hacker on the FBIโs Most Wanted List
Once a key figure in the Angler exploit kit underworld, Tarasovโs life has unraveled into detention, paranoia, and an unwanted return to the Russia he publicly despised. The post Andrei Tarasov: Inside the Journey of a Russian Hacker on the FBIโs Most Wanted List appeared first on SecurityWeek.
Published on: May 15, 2025 | Source:ย FTC wants a new, segregated software system to police deepfake pornย
The Republican chair told Congress that the agency will need specialized software, personnel and expertise to enforce the newly passed Take It Down Act. The post FTC wants a new, segregated software system to police deepfake porn appeared first on CyberScoop.
Published on: May 15, 2025 | Source:FTC wants a new, segregated software system to police deepfake pornย
The Republican chair told Congress that the agency will need specialized software, personnel and expertise to enforce the newly passed Take It Down Act. The post FTC wants a new, segregated software system to police deepfake porn appeared first on CyberScoop.
Published on: May 15, 2025 | Source:Proofpoint to acquire Hornetsecurity for over $1 billion
Proofpoint has entered into an agreement to acquire Hornetsecurity Group, a Germany-based provider of Microsoft 365 security services, in a deal reportedly valued at more than $1 billion. The acquisition, described as the largest in Proofpointโs history, comes amid accelerating consolidation in the cybersecurity industry as companies seek to broaden their offerings to enterprise customers [โฆ] The post Proofpoint to...
Published on: May 15, 2025 | Source:Big Steelmaker Halts Operations After Cyber Incident
Nucor made it clear its investigation is still in the early stages and didn't specify the nature or scope of the breach, nor who the threat actor might be.
Published on: May 15, 2025 | Source:Valarian Unveils Data Management Platform Designed for Government Use
The startup, which previously launched the Acra platform, aims to address data management issues by isolating and compartmentalizing access to reduce fallout from system compromises.
Published on: May 15, 2025 | Source:Breachforums Boss to Pay $700k in Healthcare Breach
In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick, a.k.a. "Pompompurin," is slated for resentencing next month after pleading guilty to access device fraud and possession...
Published on: May 15, 2025 | Source:International Crime Rings Defraud US Gov't Out of Billions
Fraudsters worldwide apply for money from the US government using stolen and forged identities, making off with hundreds of billions of dollars annually.
Published on: May 15, 2025 | Source:FBI warns of fake texts, deepfake calls impersonating senior U.S. officials
Texts or deepfaked audio messages impersonate high-level government officials and were sent to current or former senior federal or state government officials and their contacts, the bureau says. The post FBI warns of fake texts, deepfake calls impersonating senior U.S. officials appeared first on CyberScoop.
Published on: May 15, 2025 | Source:Attackers Target Samsung MagicINFO Server Bug, Patch Now
CVE-2025-4632, a patch bypass for a Samsung MagicInfo 9 Server vulnerability disclosed last year, has been exploited by threat actors in the wild.
Published on: May 15, 2025 | Source:SAP cyberattack widens, drawing Salt Typhoon and Volt Typhoon comparisons
Multiple firms are tracking the zero-day attacks on Europeโs top software firm. The post SAP cyberattack widens, drawing Salt Typhoon and Volt Typhoon comparisons appeared first on CyberScoop.
Published on: May 15, 2025 | Source:Critical SAP NetWeaver Vuln Faces Barrage of Cyberattacks
As threat actors continue to hop on the train of exploiting CVE-2025-31324, researchers are recommending that SAP administrators patch as soon as possible so that they don't fall victim next.
Published on: May 15, 2025 | Source:Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
Austrian privacy non-profit noyb (none of your business) has sent Meta's Irish headquarters a cease-and-desist letter, threatening the company with a class action lawsuit if it proceeds with its plans to train users' data for training its artificial intelligence (AI) models without an explicit opt-in. The move comes weeks after the social media behemoth announced its plans to train its AI models
Published on: May 15, 2025 | Source:Noyb Threatens Meta with Lawsuit for Violating GDPR to Train AI on E.U. User Data From May 27
Austrian privacy non-profit noyb (none of your business) has sent Meta's Irish headquarters a cease-and-desist letter, threatening the company with a class action lawsuit if it proceeds with its plans to train users' data for training its artificial intelligence (AI) models without an explicit opt-in. The move comes weeks after the social media behemoth announced its plans to train its AI models
Published on: May 15, 2025 | Source:North Koreaโs โstate-run syndicateโ looks at cyber operations as a survival mechanism
A new report from DTEX Systems is the deepest look at how North Koreaโs remote IT workforce schemes are the tip of the iceberg when it comes to its cyber operations. The post North Koreaโs โstate-run syndicateโ looks at cyber operations as a survival mechanism appeared first on CyberScoop.
Published on: May 15, 2025 | Source:Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data
Coinbase said a group of rogue contractors were bribed to pull customer data from internal systems, leading to a $20 million ransom demand. The post Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data appeared first on SecurityWeek.
Published on: May 15, 2025 | Source:Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
Cryptocurrency exchange Coinbase has disclosed that unknown cyber actors broke into its systems and stole account data for a small subset of its customers. "Criminals targeted our customer support agents overseas," the company said in a statement. "They used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1% of Coinbase monthly
Published on: May 15, 2025 | Source:RSAC 2025: AI Everywhere, Trust Nowhere
We're at an inflection point. AI is changing the game, but the rules haven't caught up.
Published on: May 15, 2025 | Source:Sednit abuses XSS flaws to hit gov't entities, defense companies
Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU
Published on: May 15, 2025 | Source:Critical Infrastructure Under Siege: OT Security Still Lags
With critical infrastructure facing constant cyber threats from the Typhoons and other corners, federal agencies and others are warning security for the OT network, a core technology in many critical sectors, is not powered up enough.
Published on: May 15, 2025 | Source:Production at Steelmaker Nucor Disrupted by Cyberattack
American steel giant Nucor on Wednesday disclosed a cybersecurity incident that bears the hallmarks of a ransomware attack. The post Production at Steelmaker Nucor Disrupted by Cyberattack appeared first on SecurityWeek.
Published on: May 15, 2025 | Source:Who needs VC funding? How cybercriminals spread their ill-gotten gains to everyday business ventures
The benefits of cybercrime aren't all flashy cars and watches. Sophos X-Ops researchers discovered it also fuels a far-reaching mix of ordinary, sometimes unremarkable businesses. The post Who needs VC funding? How cybercriminals spread their ill-gotten gains to everyday business ventures appeared first on CyberScoop.
Published on: May 15, 2025 | Source:Pen Testing for Compliance Only? It's Time to Change Your Approach
Imagine this: Your organization completed its annual penetration test in January, earning high marks for security compliance. In February, your development team deployed a routine software update. By April, attackers had already exploited a vulnerability introduced in that February update, gaining access to customer data weeks before being finally detected. This situation isn't theoretical: it
Published on: May 15, 2025 | Source:Chinese Hackers Hit Drone Sector in Supply Chain Attacks
The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector. The post Chinese Hackers Hit Drone Sector in Supply Chain Attacks appeared first on SecurityWeek.
Published on: May 15, 2025 | Source:AI-Generated Law
On April 14, Dubaiโs ruler, Sheikh Mohammed bin Rashid Al Maktoum,announcedthat the United Arab Emirates would begin usingartificial intelligenceto help write its laws. A new Regulatory Intelligence Office would use the technology to โregularly suggest updatesโ to the law and โaccelerate the issuance of legislation by up to 70%.โ AI would create a โcomprehensive legislative planโ spanning local and federal law and...
Published on: May 15, 2025 | Source:New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy
Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 (CVSS score: 4.3), has been characterized as a case of insufficient policy enforcement in a component called Loader. "Insufficient policy enforcement in Loader in Google
Published on: May 15, 2025 | Source:Ransomware Groups, Chinese APTs Exploit Recent SAP NetWeaver Flaws
Two ransomware groups and several Chinese APTs have been exploiting two recent SAP NetWeaver vulnerabilities. The post Ransomware Groups, Chinese APTs Exploit Recent SAP NetWeaver Flaws appeared first on SecurityWeek.
Published on: May 15, 2025 | Source:5 BCDR Essentials for Effective Ransomware Defense
Ransomware has evolved into a deceptive, highly coordinated and dangerously sophisticated threat capable of crippling organizations of any size. Cybercriminals now exploit even legitimate IT tools to infiltrate networks and launch ransomware attacks. In a chilling example, Microsoft recently disclosed how threat actors misused its Quick Assist remote assistance tool to deploy the destructive
Published on: May 15, 2025 | Source:Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper
Cybersecurity researchers have discovered a malicious package named "os-info-checker-es6" that disguises itself as an operating system information utility to stealthily drop a next-stage payload onto compromised systems. "This campaign employs clever Unicode-based steganography to hide its initial malicious code and utilizes a Google Calendar event short link as a dynamic dropper for its final
Published on: May 15, 2025 | Source:Canadian Electric Utility Lists Customer Information Stolen by Hackers
Nova Scotia Power says a wide range of personal and financial information was stolen in the recent cyberattack. The post Canadian Electric Utility Lists Customer Information Stolen by Hackers appeared first on SecurityWeek.
Published on: May 15, 2025 | Source:Fancy Bear campaign sought emails of high-level Ukrainians and their military suppliers
Russian hackers arenโt just targeting Ukraine โ they also appear to be going after their defense contractors in other countries, new ESET research surmises. The post Fancy Bear campaign sought emails of high-level Ukrainians and their military suppliers appeared first on CyberScoop.
Published on: May 15, 2025 | Source:Australian Human Rights Commission Discloses Data Breach
The Australian Human Rights Commission says data submitted through the complaint form on its website was inadvertently exposed. The post Australian Human Rights Commission Discloses Data Breach appeared first on SecurityWeek.
Published on: May 15, 2025 | Source: