Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system. "This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an
Published on: May 08, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
'CoGUI' Phishing Kit Helps Chinese Hackers Target Japan
Japan is being peppered with an overwhelming volume of spam, thanks to a new platform popular across the East China Sea.
Published on: May 08, 2025 | Source:AI Agents Fail in Novel Ways, Put Businesses at Risk
Microsoft researchers identify 10 new potential pitfalls for companies that are developing or deploying agentic AI systems, with failures potentially leading to the AI becoming a malicious insider.
Published on: May 07, 2025 | Source:PowerSchool customers hit by downstream extortion threats
The large education tech vendor was hit by a cyberattack and paid a ransom in December. Now, a threat actor is attempting to extort the companyβs customers with stolen data. The post PowerSchool customers hit by downstream extortion threats appeared first on CyberScoop.
Published on: May 07, 2025 | Source:Pakistani Firm Shipped Fentanyl Analogs, Scams to US
A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new investigation reveals.
Published on: May 07, 2025 | Source:Countries Begin NATO's Locked Shields Cyber-Defense Exercise
The 15th annual event helps countries test and develop defenses against current and emerging cyber threats, including disinformation, quantum computing, and AI.
Published on: May 07, 2025 | Source:TikTok Fined β¬530 Million Over Chinese Access to EU Data
European regulators sent an unmistakable message about messing around with GDPR-protected data. How can organizations avoid similar compliance hassles?
Published on: May 07, 2025 | Source:Meta Wins Lawsuit Against Spyware Vendor NSO Group
The spyware company must pay the tech giant $168 million in punitive and compensatory damages after a 2019 attack targeting 1,400 devices.
Published on: May 07, 2025 | Source:CrowdStrike cuts 5% of workforce after revenue jumped 29% last year
CEO George Kurtz said the decision to cut about 500 jobs was driven by internal efficiency gains from AI and multibillion-dollar opportunities in new market segments. The post CrowdStrike cuts 5% of workforce after revenue jumped 29% last year appeared first on CyberScoop.
Published on: May 07, 2025 | Source:Play Ransomware Group Used Windows Zero-Day
Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries.
Published on: May 07, 2025 | Source:'Bring Your Own Installer' Attack Targets SentinelOne EDR
Researchers from Aon's Stroz Friedberg incident response firm discovered a new attack type, known as "Bring Your Own Installer," targeting misconfigured SentinelOne EDR installs.
Published on: May 07, 2025 | Source:Six DDoS sites seized in multi-national law enforcement operation
Four countries, including the U.S., arrested four people as part of Operation PowerOFF. The post Six DDoS sites seized in multi-national law enforcement operation appeared first on CyberScoop.
Published on: May 07, 2025 | Source:Ciscoβs Quantum Bet: Linking Small Machines Into One Giant Quantum Computer
Cisco unveils its Quantum Network Entanglement Chip and new Quantum Labs, laying the groundwork for a scalable quantum internet that connects distributed quantum computers into a unified, powerful system. The post Ciscoβs Quantum Bet: Linking Small Machines Into One Giant Quantum Computer appeared first on SecurityWeek.
Published on: May 07, 2025 | Source:CodeAnt AI Raises $2 Million for Code Quality and Application Security PlatformΒ
Code quality and security firm CodeAnt has secured $2 million in seed funding and it has been valued at $20 million. The post CodeAnt AI Raises $2 Million for Code Quality and Application Security Platform appeared first on SecurityWeek.
Published on: May 07, 2025 | Source:CrowdStrike Plans Layoffs to Pursue $10B ARR Target
CrowdStrike said the planned cuts will affect approximately 500 employees and will span the first half of fiscal 2026. The post CrowdStrike Plans Layoffs to Pursue $10B ARR Target appeared first on SecurityWeek.
Published on: May 07, 2025 | Source:Ox Security Bags $60M Series B to Tackle Appsec Alert FatigueΒ
Ox Security has raised a total $94 million since its launch in 2021 with ambitious plans to cash in on two fast-moving trends. The post Ox Security Bags $60M Series B to Tackle Appsec Alert Fatigue appeared first on SecurityWeek.
Published on: May 07, 2025 | Source:New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA
By baking minimum expectations into procurement conversations, the plan is to steer software vendors to βsecure-by-design and defaultβ basics. The post New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA appeared first on SecurityWeek.
Published on: May 07, 2025 | Source:Infrastructure as Code: An IaC Guide to Cloud Security
IaC is powerful. It brings speed, scale, and structure to cloud infrastructure. But none of that matters if your security can't keep up.
Published on: May 07, 2025 | Source:Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks
Europol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks across the world. In connection with the operation, Polish authorities have arrested four individuals aged between 19 and 22 and the United States has seized nine domains that are associated with the now-defunct platforms. "The suspects are believed to
Published on: May 07, 2025 | Source:OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws
A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82. "This is due to the create_wp_connection() function missing a capability check and
Published on: May 07, 2025 | Source:SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version
Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity (XXE) injections, which occur when an attacker is
Published on: May 07, 2025 | Source:Spyware Maker NSO Ordered to Pay $167 Million Over WhatsApp Hack
Meta has won its WhatsApp hacking lawsuit against Israeli spyware company NSO Group in an βimportant step forward for privacy and securityβ. The post Spyware Maker NSO Ordered to Pay $167 Million Over WhatsApp Hack appeared first on SecurityWeek.
Published on: May 07, 2025 | Source:Chinese AI Submersible
A Chinese company has developed an AI-piloted submersible that can reach speeds βsimilar to a destroyer or a US Navy torpedo,β dive βup to 60 metres underwater,β and βremain static for more than a month, like the stealth capabilities of a nuclear submarine.β In case youβre worried about the military applications of this, you can relax because the company says that the submersible is βdesignated for civilian useβ and...
Published on: May 07, 2025 | Source:Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection
Security Service Edge (SSE) platforms have become the go-to architecture for securing hybrid work and SaaS access. They promise centralized enforcement, simplified connectivity, and consistent policy control across users and devices. But there's a problem: they stop short of where the most sensitive user activity actually happensβthe browser. This isnβt a small omission. Itβs a structural
Published on: May 07, 2025 | Source:Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization
Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824, a privilege escalation flaw in the Common Log File System (CLFS) driver. It was patched by
Published on: May 07, 2025 | Source:Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day
At least two ransomware groups exploited the Windows zero-day CVE-2025-29824 before it was patched by Microsoft. The post Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day appeared first on SecurityWeek.
Published on: May 07, 2025 | Source:Beware of phone scams demanding money for βmissed jury dutyβ
When we get the call, itβs our legal responsibility to attend jury service. But sometimes that call wonβt come from the courts β it will be a scammer.
Published on: May 07, 2025 | Source:Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that masquerades as a seemingly harmless Discord-related utility but incorporates a remote access trojan. The package in question is discordpydebug, which was uploaded to PyPI on March 21, 2022. It has been downloaded 11,574 times and continues to be available on the open-source registry.
Published on: May 07, 2025 | Source:NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware
A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary damages, more than four months after a federal judge ruled that the Israeli company violated U.S. laws by exploiting WhatsApp servers to deploy Pegasus spyware, targeting over 1,400 individuals globally. WhatsApp originally filed the lawsuit against NSO Group in 2019,
Published on: May 07, 2025 | Source:NSO Group owes $168M in damages to WhatsApp over spyware infections, jury says
Itβs a major ruling in a landmark lawsuit that has had plenty of twists and turns β with more likely to come. The post NSO Group owes $168M in damages to WhatsApp over spyware infections, jury says appeared first on CyberScoop.
Published on: May 06, 2025 | Source:Researcher Says Patched Commvault Bug Still Exploitable
CISA added CVE-2025-34028 to its Known Exploited Vulnerabilities catalog, citing active attacks in the wild.
Published on: May 06, 2025 | Source:'Easily Exploitable' Langflow Vulnerability Requires Immediate Patching
The vulnerability, which has a CVSS score of 9.8, is under attack and allows threat actors to remotely execute arbitrary commands on servers running the agentic AI builder.
Published on: May 06, 2025 | Source:Trump calls on Colorado to release election-denying clerk from jail
The stateβs AG vowed to defend the prosecution of Tina Peters, an election clerk behind one of the most serious breaches of voting systems in U.S. history. The post Trump calls on Colorado to release election-denying clerk from jail appeared first on CyberScoop.
Published on: May 06, 2025 | Source:House appropriators have reservations β or worse β about proposed CISA cuts
A top Republican said lawmakers needed more information about the proposed reductions, while Democrats were more searing in their criticisms. The post House appropriators have reservations β or worse β about proposed CISA cuts appeared first on CyberScoop.
Published on: May 06, 2025 | Source:Applying the OODA Loop to Solve the Shadow AI Problem
By taking immediate actions, organizations can ensure that shadow AI is prevented and used constructively where possible. The post Applying the OODA Loop to Solve the Shadow AI Problem appeared first on SecurityWeek.
Published on: May 06, 2025 | Source: