Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXNew PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries
Threat actors behind the Interlock ransomware group have unleashed a new PHP variant of its bespoke remote access trojan (RAT) as part of a widespread campaign using a variant of ClickFix called FileFix. "Since May 2025, activity related to the Interlock RAT has been observed in connection with the LandUpdate808 (aka KongTuke) web-inject threat clusters," The DFIR Report said in a technical
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Train Hack Gets Proper Attention After 20 Years: Researcher
A vulnerability affecting systems named End-of-Train and Head-of-Train can be exploited by hackers to cause trains to brake. The post Train Hack Gets Proper Attention After 20 Years: Researcher appeared first on SecurityWeek.
Train Brakes Can Be Hacked Over Radio—And the Industry Knew for 20 Years
A vulnerability affecting systems named End-of-Train and Head-of-Train can be exploited by hackers to cause trains to brake. The post Train Brakes Can Be Hacked Over Radio—And the Industry Knew for 20 Years appeared first on SecurityWeek.
CitrixBleed 2 Flaw Poses Unacceptable Risk: CISA
CISA considers the recently disclosed CitrixBleed 2 vulnerability an unacceptable risk and has added it to the KEV catalog. The post CitrixBleed 2 Flaw Poses Unacceptable Risk: CISA appeared first on SecurityWeek.
The Dark Side of Global Power Shifts & Demographic Decline
As global power realigns and economies falter, the rise in cybercrime is no longer hypothetical — it's inevitable.
Google Gemini Tricked Into Showing Phishing Message Hidden in Email
Google Gemini for Workspace can be tricked into displaying a phishing message when asked to summarize an email. The post Google Gemini Tricked Into Showing Phishing Message Hidden in Email appeared first on SecurityWeek.
⚡ Weekly Recap: Scattered Spider Arrests, Car Exploits, macOS Malware, Fortinet RCE and More
In cybersecurity, precision matters—and there’s little room for error. A small mistake, missed setting, or quiet misconfiguration can quickly lead to much bigger problems. The signs we’re seeing this week highlight deeper issues behind what might look like routine incidents: outdated tools, slow response to risks, and the ongoing gap between compliance and real security. For anyone responsible
New Interlock RAT Variant Distributed via FileFix Attacks
The Interlock ransomware group has partnered with the KongTuke TDS to distribute a new RAT variant via FileFix attacks. The post New Interlock RAT Variant Distributed via FileFix Attacks appeared first on SecurityWeek.
Is XBOW’s success the beginning of the end of human-led bug hunting? Not yet.
XBOW’s AI bug-hunter landed a big funding round while dominating HackerOne’s leaderboards. But even its founder says it hasn’t fully replaced the need for humans to be involved in the bug-hunting process. The post Is XBOW’s success the beginning of the end of human-led bug hunting? Not yet. appeared first on CyberScoop.
New White House cyber executive order pushes rules as code
Organizations must turn Cyber Governance, Risk, and Compliance (GRC) into executable pipelines, a Microsoft security product manager argues. The post New White House cyber executive order pushes rules as code appeared first on CyberScoop.
Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment
Vulnerabilities in Gigabyte firmware implementations could allow attackers to disable Secure Boot and execute code during the early boot phase. The post Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment appeared first on SecurityWeek.
Louis Vuitton Data Breach Hits Customers in Several Countries
Louis Vuitton customers in the UK, South Korea, Turkey and possibly other countries are being notified of a data breach. The post Louis Vuitton Data Breach Hits Customers in Several Countries appeared first on SecurityWeek.
Hackers Inject Malware Into Gravity Forms WordPress Plugin
Two Gravity Forms WordPress plugin versions available on the official download page were injected with malware in a supply chain attack. The post Hackers Inject Malware Into Gravity Forms WordPress Plugin appeared first on SecurityWeek.
CBI Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives in Noida Call Center
India's Central Bureau of Investigation (CBI) has announced that it has taken steps to dismantle what it said was a transnational cybercrime syndicate that carried out "sophisticated" tech support scams targeting citizens of Australia and the United Kingdom. The fraudulent scheme is estimated to have led to losses worth more than 390,000 ($525,000) in the United Kingdom alone. The law
eSIM Vulnerability in Kigen's eUICC Cards Exposes Billions of IoT Devices to Malicious Attacks
Cybersecurity researchers have discovered a new hacking technique that exploits weaknesses in the eSIM technology used in modern smartphones, exposing users to severe risks. The issues impact the Kigen eUICC card. According to the Irish company's website, more than two billion SIMs in IoT devices have been enabled as of December 2020. The findings come from Security Explorations, a research lab
13 Romanians Arrested for Phishing the UK’s Tax Service
Investigators from HMRC joined more than 100 Romanian police officers to arrest the 13 Romanian suspects in the counties of Ilfov, Giurgiu and Calarasi. The post 13 Romanians Arrested for Phishing the UK’s Tax Service appeared first on SecurityWeek.
GPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs
NVIDIA is urging customers to enable System-level Error Correction Codes (ECC) as a defense against a variant of a RowHammer attack demonstrated against its graphics processing units (GPUs). "Risk of successful exploitation from RowHammer attacks varies based on DRAM device, platform, design specification, and system settings," the GPU maker said in an advisory released this week. Dubbed
Grok-4 Falls to a Jailbreak Two Days After Its Release
The latest release of the xAI LLM, Grok-4, has already fallen to a sophisticated jailbreak. The post Grok-4 Falls to a Jailbreak Two Days After Its Release appeared first on SecurityWeek.
Grok-4 Falls to a Jailbreak Two days After Its Release
The latest release of the xAI LLM, Grok-4, has already fallen to a sophisticated jailbreak. The post Grok-4 Falls to a Jailbreak Two days After Its Release appeared first on SecurityWeek.
Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub
Cybersecurity researchers have discovered a serious security issue that allows leaked Laravel APP_KEYs to be weaponized to gain remote code execution capabilities on hundreds of applications. "Laravel's APP_KEY, essential for encrypting sensitive data, is often leaked publicly (e.g., on GitHub)," GitGuardian said. "If attackers get access to this key, they can exploit a deserialization flaw to
Squid Dominated the Oceans in the Late Cretaceous
New research: One reason the early years of squids has been such a mystery is because squids’ lack of hard shells made their fossils hard to come by. Undeterred, the team instead focused on finding ancient squid beaks—hard mouthparts with high fossilization potential that could help the team figure out how squids evolved. With that in mind, the team developed an advanced fossil discovery technique that completely...
Pay2Key Ransomware Gang Resurfaces With Incentives to Attack US, Israel
The ransomware-as-a-service (RaaS) operation, which has been tied to an Iranian advanced persistent threat (APT) group, recently boosted its affiliate profit share to 80% for attacks on Western targets.
Tradecraft in the Information Age
Long article on the difficulty (impossibility?) of human spying in the age of ubiquitous digital surveillance.
As Cyber-Insurance Premiums Drop, Coverage Is Key to Resilience
Cyber-insurance premiums continue to decline from their explosive growth from 2020 to 2022, but coverage is more important than ever to manage risks, experts say.
Researchers identify critical vulnerabilities in automotive Bluetooth systems
“PerfektBlue” impacts tech used in Mercedes-Benz, Volkswagen, and Skoda automobiles. The post Researchers identify critical vulnerabilities in automotive Bluetooth systems appeared first on CyberScoop.
Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
Fortinet has released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on susceptible instances. Tracked as CVE-2025-25257, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0. "An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in
Virtru secures $50 million investment to advance data-centric security standards
Virtru's technology centers on the Trusted Data Format, an open standard that embeds security controls directly into data files rather than relying on traditional perimeter defenses. The post Virtru secures $50 million investment to advance data-centric security standards appeared first on CyberScoop.
Factoring Cybersecurity Into Finance's Digital Strategy
As financial institutions continue to embrace digital transformation, their success will depend on their ability to establish and maintain robust and responsible cybersecurity practices.
PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
Cybersecurity researchers have discovered a set of four security flaws in OpenSynergy's BlueSDK Bluetooth stack that, if successfully exploited, could allow remote code execution on millions of transport vehicles from different vendors. The vulnerabilities, dubbed PerfektBlue, can be fashioned together as an exploit chain to run arbitrary code on cars from at least three major automakers,
Cyberstarts Launches $300M Liquidity Fund to Help Startups Retain Top Talent
With IPOs taking longer than ever, the venture firm’s fund aims to keep startup veterans motivated while staying private. The post Cyberstarts Launches $300M Liquidity Fund to Help Startups Retain Top Talent appeared first on SecurityWeek.
Securing Data in the AI Era
The 2025 Data Risk Report: Enterprises face potentially serious data loss risks from AI-fueled tools. Adopting a unified, AI-driven approach to data security can help. As businesses increasingly rely on cloud-driven platforms and AI-powered tools to accelerate digital transformation, the stakes for safeguarding sensitive enterprise data have reached unprecedented levels. The Zscaler ThreatLabz
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress. The vulnerability, tracked as CVE-2025-47812 (CVSS score: 10.0), is a case of improper handling of null ('\0') bytes in the server's web interface, which allows for remote code execution. It has been addressed in version 7.4.4. "The user and
Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
An Iranian-backed ransomware-as-a-service (RaaS) named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month, offering bigger payouts to cybercriminals who launch attacks against Israel and the U.S. The financially motivated scheme, now operating under the moniker Pay2Key.I2P, is assessed to be linked to a hacking group tracked as Fox Kitten (aka Lemon Sandstorm). "
EU Unveils AI Code of Practice to Help Businesses Comply With Bloc’s Rules
The EU code is voluntary and complements the EU’s AI Act, a comprehensive set of regulations that was approved last year and is taking effect in phases. The post EU Unveils AI Code of Practice to Help Businesses Comply With Bloc’s Rules appeared first on SecurityWeek.
McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications
Two vulnerabilities in an internal API allowed unauthorized access to contacts and chats, exposing the information of 64 million McDonald’s applicants. The post McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications appeared first on SecurityWeek.