Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Adobe Patches Big Batch of Critical-Severity Software Flaws
Adobe Patch Tuesday headlined by a major Adobe ColdFusion update patching a wide swatch of code execution and privilege escalation attacks. The post Adobe Patches Big Batch of Critical-Severity Software Flaws appeared first on SecurityWeek.
Published on: May 13, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
What Does EU's Bug Database Mean for Vulnerability Tracking?
The EU cyber agency ENISA has launched its vulnerability database, the EUVD; security experts shared their thoughts regarding what this means for CVEs, as well as the larger conversation around how bugs are tracked.
Published on: May 13, 2025 | Source:Microsoft to Lay Off About 3% of Its Workforce
The tech giant didnโt disclose the total amount of lost jobs but it will amount to about 6,000 people. The post Microsoft to Lay Off About 3% of Its Workforce appeared first on SecurityWeek.
Published on: May 13, 2025 | Source:CISA Warns of TeleMessage Vuln Despite Low CVSS Score
Though the app claims to use end-to-end encryption, hackers have reportedly accessed archived data on the app's servers via a new vulnerability.
Published on: May 13, 2025 | Source:Zero-Day Attacks Highlight Another Busy Microsoft Patch Tuesday
Patch Tuesday: Microsoft patches at least 70 security bugs and flagged five zero-days in the โexploitation detectedโ category. The post Zero-Day Attacks Highlight Another Busy Microsoft Patch Tuesday appeared first on SecurityWeek.
Published on: May 13, 2025 | Source:Wide-ranging Apple security update addresses over 30 vulnerabilities
Apple said there is no indication of active exploitation for the listed vulnerabilities. The post Wide-ranging Apple security update addresses over 30 vulnerabilities appeared first on CyberScoop.
Published on: May 13, 2025 | Source:China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide
A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. "Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE)," EclecticIQ researcher Arda Bรผyรผkkaya said in an analysis published today. Targets of the campaign
Published on: May 13, 2025 | Source:Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times. It was first
Published on: May 13, 2025 | Source:State and local election officials plead with Congress for election security funding
150 active and retired officials from across the country asked Senate and House appropriations leaders to set aside $400 million for the next fiscal year. The post State and local election officials plead with Congress for election security funding appeared first on CyberScoop.
Published on: May 13, 2025 | Source:DeepSeek, Deep Research Mean Deep Changes for AI Security
Why securing the inference chain is now the top priority for AI applications and infrastructure.
Published on: May 13, 2025 | Source:SAP Patches Another Critical NetWeaver Vulnerability
SAP has released 16 new security notes on its May 2025 Security Patch Day, including a note dealing with another critical NetWeaver vulnerability. The post SAP Patches Another Critical NetWeaver Vulnerability appeared first on SecurityWeek.
Published on: May 13, 2025 | Source:Radware Says Recently Disclosed WAF Bypasses Were Patched in 2023
The Radware Cloud WAF product vulnerabilities disclosed by CERT/CC were addressed two years ago. The post Radware Says Recently Disclosed WAF Bypasses Were Patched in 2023 appeared first on SecurityWeek.
Published on: May 13, 2025 | Source:Court Rules Against NSO Group
The case is over: A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a software vulnerability that hijacked the phones of thousands of users. Iโm sure itโll be appealed. Everything always is.
Published on: May 13, 2025 | Source:Deepfake Defense in the Age of AI
The cybersecurity landscape has been dramatically reshaped by the advent of generative AI. Attackers now leverage large language models (LLMs) to impersonate trusted individuals and automate these social engineering tactics at scale. Letโs review the status of these rising attacks, whatโs fueling them, and how to actually prevent, not detect, them. The Most Powerful Person on the
Published on: May 13, 2025 | Source:Output Messenger Zero-Day Exploited by Turkish Hackers for Iraq Spyingย
A Turkey-affiliated espionage group has exploited a zero-day vulnerability in Output Messenger since April 2024. The post Output Messenger Zero-Day Exploited by Turkish Hackers for Iraq Spying appeared first on SecurityWeek.
Published on: May 13, 2025 | Source:North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress
The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor's targeting beyond Russia. Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on the "trajectory of the Russian invasion." "The group's interest in Ukraine follows historical targeting
Published on: May 13, 2025 | Source:Orca Snaps Up Opus in Cloud Security Automation Push
Orca positioned the deal as an expansion of its capabilities into the realm of AI-based autonomous remediation and prevention. The post Orca Snaps Up Opus in Cloud Security Automation Push appeared first on SecurityWeek.
Published on: May 13, 2025 | Source:North Korea's TA406 Targets Ukraine for Intel
The threat group's goal is to help Pyongyang assess risk to its troops deployed in Ukraine and to figure out if Moscow might want more.
Published on: May 13, 2025 | Source:Moldovan Police Arrest Suspect in โฌ4.5M Ransomware Attack on Dutch Research Agency
Moldovan law enforcement authorities have arrested a 45-year-old foreign man suspected of involvement in a series of ransomware attacks targeting Dutch companies in 2021. "He is wanted internationally for committing several cybercrimes (ransomware attacks, blackmail, and money laundering) against companies based in the Netherlands," officials said in a statement Monday. In conjunction with the
Published on: May 13, 2025 | Source:Tรผrkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers
A Tรผrkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024. "These exploits have resulted in a collection of related user data from targets in Iraq," the Microsoft Threat Intelligence team said. "The targets of the attack are associated with the Kurdish
Published on: May 13, 2025 | Source:Fortra Expands SSE Capabilities With Lookout's Cloud Security Business
Fortra strengthens its endpoint-to-cloud security platform with the acquisition of Lookout's cloud application security broker, zero-trust network access, and secure Web gateway technologies.
Published on: May 12, 2025 | Source:NSO Group's Legal Loss May Do Little to Curtail Spyware
The $168 million judgment against NSO Group underscores how citizens put little store in the spyware industry's justifications for circumventing security โ but will it matter?
Published on: May 12, 2025 | Source:Attackers Lace Fake Generative AI Tools With 'Noodlophile' Malware
Threat actors are scamming users by advertising legitimate-looking generative AI websites that, when visited, install credential-stealing malware onto the victim's computer.
Published on: May 12, 2025 | Source:Google Agrees to Settle $1.375B 'Historic' Privacy Case Against Texas
For years, Google has faced several legal battles over privacy and lost, though this one takes the cake for biggest ever settlement against a Big Tech firm.
Published on: May 12, 2025 | Source:Apple Patches Major Security Flaws in iOS, macOS Platforms
Apple rolls out iOS and macOS platform updates to fix serious security bugs that could be triggered simply by opening an image or video file. The post Apple Patches Major Security Flaws in iOS, macOS Platforms appeared first on SecurityWeek.
Published on: May 12, 2025 | Source:4 Hackers Arrested After Millions Made in Global Botnet Business
The cybercriminals infected older wireless Internet routers with Anyproxy and 5socks malware in order to reconfigure them โ all without the users' knowledge.
Published on: May 12, 2025 | Source:Can Cybersecurity Keep Up In the AI Arms Race?
New research shows China is quickly catching up with the US in AI innovation. Experts weigh in on what it means for cyber defenders.
Published on: May 12, 2025 | Source:Security Firm Andy Frain Says 100,000 People Impacted by Ransomware Attack
Andy Frain was targeted by the Black Basta ransomware group in 2024 and the hackers have stolen a wide range of information. The post Security Firm Andy Frain Says 100,000 People Impacted by Ransomware Attack appeared first on SecurityWeek.
Published on: May 12, 2025 | Source:ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files
ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve remote code execution. DriverHub is a tool that's designed to automatically detect the motherboard model of a computer and display necessary driver updates for subsequent installation by communicating with a
Published on: May 12, 2025 | Source:Vulnerability Detection Tops Agentic AI at RSAC's Startup Competition
Agentic-native startups threaten to reduce the zero-day problem to just a zero-hour issue. Of course, AI agents will accelerate offensive attacks as well.
Published on: May 12, 2025 | Source:Google Agrees to $1.3 Billion Settlement in Texas Privacy Lawsuits
Google has agreed to a $1.375 billion settlement with Texas in lawsuits over location and private browsing tracking, and biometric data collection. The post Google Agrees to $1.3 Billion Settlement in Texas Privacy Lawsuits appeared first on SecurityWeek.
Published on: May 12, 2025 | Source:โก Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams
What do a source code editor, a smart billboard, and a web server have in common? Theyโve all become launchpads for attacksโbecause cybercriminals are rethinking what counts as โinfrastructure.โ Instead of chasing high-value targets directly, threat actors are now quietly taking over the overlooked: outdated software, unpatched IoT devices, and open-source packages. It's not just cleverโitโs
Published on: May 12, 2025 | Source:437,000 Impacted by Ascension Health Data Breach
Ascension Health has notified the HHS that more than 437,000 people were affected by a recently disclosed data breach. The post 437,000 Impacted by Ascension Health Data Breach appeared first on SecurityWeek.
Published on: May 12, 2025 | Source:US Deportation Airline GlobalX Confirms Hack
Global Crossing Airlines is investigating a cybersecurity incident after Anonymous hackers targeted its systems. The post US Deportation Airline GlobalX Confirms Hack appeared first on SecurityWeek.
Published on: May 12, 2025 | Source:The Persistence Problem: Why Exposed Credentials Remain Unfixedโand How to Change That
Detecting leaked credentials is only half the battle. The real challengeโand often the neglected half of the equationโis what happens after detection. New research from GitGuardian's State of Secrets Sprawl 2025 report reveals a disturbing trend: the vast majority of exposed company secrets discovered in public repositories remain valid for years after detection, creating an expanding attack
Published on: May 12, 2025 | Source: