Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXCritical Wing FTP Server Vulnerability Exploited
Wing FTP Server vulnerability CVE-2025-47812 can be exploited for arbitrary command execution with root or system privileges. The post Critical Wing FTP Server Vulnerability Exploited appeared first on SecurityWeek.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
TikTok Faces Fresh European Privacy Investigation Over China Data Transfers
The Irish Data Privacy Commission announced that TikTok is facing a new European Union privacy investigation into user data sent to China. The post TikTok Faces Fresh European Privacy Investigation Over China Data Transfers appeared first on SecurityWeek.
July 2025 Breaks a Decade of Monthly Android Patches
Since August 2015, Google has delivered a constant stream of monthly security patches for Android. Until July 2025. The post July 2025 Breaks a Decade of Monthly Android Patches appeared first on SecurityWeek.
Customer, Employee Data Exposed in Nippon Steel Breach
Information from the company's NS Solutions subsidiary has yet to show up on any Dark Web sites, but it doesn't rule out the possibility that the data may have been stolen.
Digital Fingerprints Test Privacy Concerns in 2025
Digital fingerprinting technology creates detailed user profiles by combining device data with location and demographics, which increases the risks of surveillance.
eSIM Bug in Millions of Phones Enables Spying, Takeover
eSIMs around the world may be fundamentally vulnerable to physical and network attacks because of a 6-year-old Oracle vulnerability in technology that underlies billions of cards.
Ingram Micro Up and Running After Ransomware Attack
Customers were the first to notice the disruption on the distributor's website when they couldn't place orders online.
Agentic AI's Risky MCP Backbone Opens Brand-New Attack Vectors
Critical security vulnerabilities affect different parts of the Model Context Protocol (MCP) ecosystem, which many organizations are rapidly adopting in order to integrate AI models with external data sources.
4 Arrested in UK Over M&S, Co-op, Harrods Hacks
The UK's National Crime Agency arrested four people, who some experts believe are connected to the notorious cybercriminal collective known as Scattered Spider.
UK Arrests Four in ‘Scattered Spider’ Ransom Group
Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlinesand the U.K. retail chain Marks & Spencer.
Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
Cybersecurity researchers have discovered a critical vulnerability in the open-source mcp-remote project that could result in the execution of arbitrary operating system (OS) commands. The vulnerability, tracked as CVE-2025-6514, carries a CVSS score of 9.6 out of 10.0. "The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it
Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
Cryptocurrency users are the target of an ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can drain digital assets from both Windows and macOS systems. "These malicious operations impersonate AI, gaming, and Web3 firms using spoofed social media accounts and project documentation hosted on legitimate platforms like Notion and
French police arrest Russian pro basketball player on behalf of US over ransomware suspicions
Daniil Kasatkin played briefly for Penn State University. It’s the second European arrest on cyber allegations at the request of the United States to be revealed this week. The post French police arrest Russian pro basketball player on behalf of US over ransomware suspicions appeared first on CyberScoop.
eSIM Hack Allows for Cloning, Spying
Details have been disclosed for an eSIM hacking method that could impact many, but the industry is taking action. The post eSIM Hack Allows for Cloning, Spying appeared first on SecurityWeek.
UK arrests four for cyberattacks on major British retailers
The U.K.’s National Crime Agency claims the four were involved in attacks on Marks & Spencer. The cybersecurity industry attributed those attacks to Scattered Spider. The post UK arrests four for cyberattacks on major British retailers appeared first on CyberScoop.
Ingram Micro Restores Systems Impacted by Ransomware
Ingram Micro has restored operations across all countries and regions after disconnecting systems to contain a ransomware attack. The post Ingram Micro Restores Systems Impacted by Ransomware appeared first on SecurityWeek.
SIM Swap Fraud Is Surging — and That's a Good Thing
Now it's time to build systems that attackers can't reroute with a phone call.
Qantas Confirms 5.7 Million Impacted by Data Breach
Hackers compromised names, addresses, email address, phone numbers, and other information pertaining to Qantas customers. The post Qantas Confirms 5.7 Million Impacted by Data Breach appeared first on SecurityWeek.
Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
The U.K. National Crime Agency (NCA) on Thursday announced that four people have been arrested in connection with cyber attacks targeting major retailers Marks & Spencer, Co-op, and Harrods. The arrested individuals include two men aged 19, a third aged 17, and a 20-year-old woman. They were apprehended in the West Midlands and London on suspicion of Computer Misuse Act offenses, blackmail,
Booz Allen Invests in Machine Identity Firm Corsha
‘Machine identities’, often used interchangeably with ‘non-human identities’ (NHIs), have been increasing rapidly since the start of digital transformation. The post Booz Allen Invests in Machine Identity Firm Corsha appeared first on SecurityWeek.
Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack
PCA Cyber Security has discovered critical vulnerabilities in the BlueSDK Bluetooth stack that could have allowed remote code execution on car systems. The post Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack appeared first on SecurityWeek.
What Security Leaders Need to Know About AI Governance for SaaS
Generative AI is not arriving with a bang, it’s slowly creeping into the software that companies already use on a daily basis. Whether it is video conferencing or CRM, vendors are scrambling to integrate AI copilots and assistants into their SaaS applications. Slack can now provide AI summaries of chat threads, Zoom can provide meeting summaries, and office suites such as Microsoft 365 contain
What Can Businesses Do About Ethical Dilemmas Posed by AI?
AI-made decisions are in many ways shaping and governing human lives. Companies have a moral, social, and fiduciary duty to responsibly lead its take-up. The post What Can Businesses Do About Ethical Dilemmas Posed by AI? appeared first on SecurityWeek.
New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App
Cybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via trojanized versions of legitimate software. SentinelOne, in a new report shared with The Hacker News, said the malware has been observed masquerading as the cross‑platform SSH client and server‑management tool Termius in late May 2025. "ZuRu malware
AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs
Semiconductor company AMD is warning of a new set of vulnerabilities affecting a broad range of chipsets that could lead to information disclosure. The flaws, collectively called Transient Scheduler Attacks (TSA), manifest in the form of a speculative side channel in its CPUs that leverage execution timing of instructions under specific microarchitectural conditions. "In some cases, an attacker
ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs
A high-severity security flaw has been disclosed in ServiceNow's platform that, if successfully exploited, could result in data exposure and exfiltration. The vulnerability, tracked as CVE-2025-3648 (CVSS score: 8.2), has been described as a case of data inference in Now Platform through conditional access control list (ACL) rules. It has been codenamed Count(er) Strike. "A vulnerability has
North American APT Uses Exchange Zero-Day to Attack China
Stories about Chinese APTs attacking the US and Canada are plentiful. In a turnabout, researchers found what they believe is a North American entity attacking a Chinese entity, thanks to a mysterious issue in Microsoft Exchange.
Browser Exploits Wane as Users Become the Attack Surface
For browsers, exploitation is out — and getting users to compromise their own systems is in. Improved browser security has forced attackers to adapt their tactics, and they've accepted the challenge.
Trump bill will have major impact on health care cybersecurity, experts warn Congress
Witnesses at a Senate hearing Wednesday connected One Big Beautiful Bill provisions to potential cyber issues in the health care sector, much to GOP Sen. Bill Cassidy’s chagrin. The post Trump bill will have major impact on health care cybersecurity, experts warn Congress appeared first on CyberScoop.
An NVIDIA Container Bug & Chance to Harden Kubernetes
A container escape flaw involving the NVIDIA Container Toolkit could have enabled a threat actor to access AI datasets across tenants.
New AI Malware PoC Reliably Evades Microsoft Defender
Worried about hackers employing LLMs to write powerful malware? Using targeted reinforcement learning (RL) to train open source models in specific tasks has yielded the capability to do just that.
Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets
The Initial Access Broker (IAB) known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized access to organizations and peddle that access to other threat actors. The activity is being tracked by Palo Alto Networks Unit 42 under the moniker TGR-CRI-0045, where "TGR" stands for "temporary group" and "CRI" refers to "criminal motivation."
AirMDR Tackles Security Burdens for SMBs With AI
The security startup provides managed detection and response services for small to midsize businesses to detect and address modern threats, such as ransomware, phishing attacks, and malicious insiders.
Rubio Impersonator Signals Growing Security Threat From Deepfakes
An impostor who posed as the secretary of state in text and voice communications with diplomats and politicians demonstrates the increased sophistication of and national security threat posed by the AI technology.
Know Your Enemy: Understanding Dark Market Dynamics
To help counter crime, today's organizations require a cyber-defense strategy that incorporates the mindset of the cybercriminal.