Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’
Google has rolled out a Chrome 136 update that resolves a high-severity vulnerability for which a public exploit exists. The post Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’ appeared first on SecurityWeek.
Published on: May 15, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Infosec Layoffs Aren't the Bargain That Boards May Think
Salary savings come with hidden costs, including insider threats and depleted cybersecurity defenses, conveying advantages to skilled adversaries, experts argue.
Published on: May 14, 2025 | Source:AI Agents May Have a Memory Problem
A new study by researchers at Princeton University and Sentient shows it's surprisingly easy to trigger malicious behavior from AI agents by implanting fake "memories" into the data they rely on for making decisions.
Published on: May 14, 2025 | Source:Cyber-Risk Calculator Takes the Guesswork Out of Assessment
Resilience's new tool aims to help organizations better understand their risk profiles and make more informed decisions about improving their security posture.
Published on: May 14, 2025 | Source:CFPB to withdraw rule targeting data brokers
The Trump administration’s CFPB nominee spoke positively in February about the Biden-era rule to regulate the sale of Americans’ personal data, but he is now slotted instead for a Treasury Department role. The post CFPB to withdraw rule targeting data brokers appeared first on CyberScoop.
Published on: May 14, 2025 | Source:Ivanti EPMM Zero-Day Flaws Exploited in Chained Attack
The security software maker said the vulnerabilities in Endpoint Manager Mobile have been exploited in the wild against "a very limited number of customers" — for now — and stem from open source libraries.
Published on: May 14, 2025 | Source:DHS won’t tell Congress how many people it’s cut from CISA
Rep. Bennie Thompson, D-Miss., leveled that charge at DHS Secretary Kristi Noem at a hearing Wednesday. The post DHS won’t tell Congress how many people it’s cut from CISA appeared first on CyberScoop.
Published on: May 14, 2025 | Source:Google Ships Android ‘Advanced Protection’ Mode to Thwart Surveillance Spyware
Google bundles multiple safeguards under a single Android toggle to protect high-risk users from advanced mobile malware implants. The post Google Ships Android ‘Advanced Protection’ Mode to Thwart Surveillance Spyware appeared first on SecurityWeek.
Published on: May 14, 2025 | Source:Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit
Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8), has been described as a path traversal flaw. "Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to
Published on: May 14, 2025 | Source:BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan
At least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver tracked as CVE-2025-31324, indicating that multiple threat actors are taking advantage of the bug. Cybersecurity firm ReliaQuest, in a new update published today, said it uncovered evidence suggesting involvement from the BianLian data extortion crew and
Published on: May 14, 2025 | Source:Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering
A Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it the second major black market to be exposed after HuiOne Guarantee. According to a report published by blockchain analytics firm Elliptic, merchants on the marketplace have been found to peddle technology, personal data, and money laundering
Published on: May 14, 2025 | Source:Is AI Use in the Workplace Out of Control?
Trying to block AI tools outright is a losing strategy. SaaS and AI are increasingly inseparable, and AI isn’t limited to tools like ChatGPT or Copilot anymore. The post Is AI Use in the Workplace Out of Control? appeared first on SecurityWeek.
Published on: May 14, 2025 | Source:Marks & Spencer Confirms Customer Data Stolen in Cyberattack
The British retailer said no account passwords were compromised in last month's cyberattack, but the company will require customers to reset passwords "for extra peace of mind."
Published on: May 14, 2025 | Source:Chipmaker Patch Tuesday: Intel, AMD, Arm Respond to New CPU Attacks
Intel, AMD and Arm each published security advisories on Patch Tuesday, including for newly disclosed CPU attacks. The post Chipmaker Patch Tuesday: Intel, AMD, Arm Respond to New CPU Attacks appeared first on SecurityWeek.
Published on: May 14, 2025 | Source:CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users
A new global phishing threat called "Meta Mirage" has been uncovered, targeting businesses using Meta's Business Suite. This campaign specifically aims at hijacking high-value accounts, including those managing advertising and official brand pages. Cybersecurity researchers at CTM360 revealed that attackers behind Meta Mirage impersonate official Meta communications, tricking users into handing
Published on: May 14, 2025 | Source:Congress Should Tackle Cyber Threats, Not Competition
Some members of Congress seem more intent on grabbing headlines than actually working to make America more cyber secure.
Published on: May 14, 2025 | Source:Orca Security Gets AI-Powered Remediation From Opus Deal
The acquisition will enhance Orca's CNAPP offering with autonomous vulnerability remediation and prevention technologies from Opus.
Published on: May 14, 2025 | Source:Kosovar Administrator of Cybercrime Marketplace Extradited to US
Kosovo citizen Liridon Masurica has appeared in a US court, facing charges for his role in operating the cybercrime marketplace BlackDB.cc. The post Kosovar Administrator of Cybercrime Marketplace Extradited to US appeared first on SecurityWeek.
Published on: May 14, 2025 | Source:Patch Tuesday, May 2025 Edition
Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month's patch batch from Redmond are fixes for two other weaknesses that now have public proof-of-concept exploits available.
Published on: May 14, 2025 | Source:EU Cybersecurity Agency ENISA Launches European Vulnerability Database
Experts say the European Vulnerability Database, or EUVD, should be a good resource, but only if ENISA manages to maintain it properly. The post EU Cybersecurity Agency ENISA Launches European Vulnerability Database appeared first on SecurityWeek.
Published on: May 14, 2025 | Source:Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns
A cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors. Cybersecurity firm Trend Micro said the first wave, codenamed VENOM, mainly targeted software service providers, while
Published on: May 14, 2025 | Source:Google’s Advanced Protection Now on Android
Google has extended its Advanced Protection features to Android devices. It’s not for everybody, but something to be considered by high-risk users. Wired article, behind a paywall.
Published on: May 14, 2025 | Source:Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team
Organizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and cloud-based enterprises. Verizon’s recently released 2025 Data Breach Investigations Report found an 18% YoY increase in confirmed breaches, with the exploitation of vulnerabilities as an initial access step growing by 34%. As attacks rise
Published on: May 14, 2025 | Source:Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails
Cybersecurity researchers have discovered a new phishing campaign that's being used to distribute malware called Horabot targeting Windows users in Latin American countries like Mexico, Guatemala, Colombia, Peru, Chile, and Argentina. The campaign is "using crafted emails that impersonate invoices or financial documents to trick victims into opening malicious attachments and can steal email
Published on: May 14, 2025 | Source:CVE Foundation eyes year-end launch following 11th-hour rescue of MITRE program
An apparent bureaucratic contract snafu has sparked a fire under experts trying to save the CVE program from the precarity of a single government funder. One rival to the existing program says it is ready to launch in December. The post CVE Foundation eyes year-end launch following 11th-hour rescue of MITRE program appeared first on CyberScoop.
Published on: May 14, 2025 | Source:Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server
Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild. Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rated Low in severity. Twenty-eight of these vulnerabilities lead to remote code execution, 21 of them
Published on: May 14, 2025 | Source:Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems
Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0. "A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to
Published on: May 14, 2025 | Source:Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks
Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote code execution. The vulnerabilities in question are listed below - CVE-2025-4427 (CVSS score: 5.3) - An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials
Published on: May 14, 2025 | Source:Hacktivists Make Little Impact During India-Pakistan Conflict
While hacktivists claimed more than 100 successful attacks against Indian government, education, and military targets, the attacks were overblown in most cases and often did not even happen.
Published on: May 14, 2025 | Source:Microsoft’s Patch Tuesday closes 72 vulnerabilities, including 5 zero-days
The company has addressed zero-day vulnerabilities for eight consecutive months without deeming any of them critical at the time of disclosure. The post Microsoft’s Patch Tuesday closes 72 vulnerabilities, including 5 zero-days appeared first on CyberScoop.
Published on: May 13, 2025 | Source:Building Effective Security Programs Requires Strategy, Patience, and Clear Vision
Capital One executives share insights on how organizations should design their security programs, implement passwordless technologies, and reduce their attack surface.
Published on: May 13, 2025 | Source:Windows Zero-Day Bug Exploited for Browser-Led RCE
Microsoft's May 2025 Patch Tuesday update also contains four other actively exploited zero-day security vulnerabilities, two publicly known bugs, and 12 critical patches.
Published on: May 13, 2025 | Source:Google adds suite of security features to Android 16
The company plans to add its Advanced Protection program on devices, as will use AI to detect and stop scams. The post Google adds suite of security features to Android 16 appeared first on CyberScoop.
Published on: May 13, 2025 | Source:Chinese Actor Hit Taiwanese Drone Makers, Supply Chains
Tidrone concentrated on military entities and the satellite sector, using their associated service providers and ERP software to infect not just drones but all the entities that are part of their supply chains.
Published on: May 13, 2025 | Source:Copyright office criticizes AI ‘fair use’ before director’s dismissal
The register of copyrights cast serious doubt on whether AI companies could legally train their models on copyrighted material. The White House fired her the next day. The post Copyright office criticizes AI ‘fair use’ before director’s dismissal appeared first on CyberScoop.
Published on: May 13, 2025 | Source: