Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXDoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware
A threat actor with suspected ties to India has been observed targeting a European foreign affairs ministry with malware capable of harvesting sensitive data from compromised hosts. The activity has been attributed by Trellix Advanced Research Center to an advanced persistent threat (APT) group called DoNot Team, which is also known as APT-C-35, Mint Tempest, Origami Elephant, SECTOR02, and
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Nippon Steel Subsidiary Blames Data Breach on Zero-Day Attack
Nippon Steel Solutions has disclosed a data breach that resulted from the exploitation of a zero-day in network equipment. The post Nippon Steel Subsidiary Blames Data Breach on Zero-Day Attack appeared first on SecurityWeek.
SatanLock Next in Line for Ransomware Group Shutdowns
Though the victims list on its site has since been taken down, the group plans on leaking the rest of the files stolen from its victims.
Samsung Announces Security Improvements for Galaxy Smartphones
New Samsung Galaxy features include protections for on-device AI, expanded cross-device threat detection, and quantum-resistant encryption for network security. The post Samsung Announces Security Improvements for Galaxy Smartphones appeared first on SecurityWeek.
U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology (IT) worker scheme. The Treasury said Song Kum Hyok, a 38-year-old North Korean national with an address in the Chinese province of Jilin, enabled the fraudulent operation by using
Yet Another Strava Privacy Leak
This time itβs the Swedish prime ministerβs bodyguards. (Last year, it was the US Secret Service and Emmanuel Macronβs bodyguards. in 2018, it was secret US military bases.) This is ridiculous. Why do people continue to make their data public?
How To Automate Ticket Creation, Device Identification and Threat Triage With Tines
Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platformβs Community Edition. A recent standout is a workflow that handles malware alerts with CrowdStrike, Oomnitza, GitHub, and PagerDuty. Developed by Lucas Cantor at
Unpatched Ruckus Vulnerabilities Allow Wireless Environment Hacking
Multiple vulnerabilities in Ruckus Wireless management products could be exploited to fully compromise the managed environments. The post Unpatched Ruckus Vulnerabilities Allow Wireless Environment Hacking appeared first on SecurityWeek.
Canadian Electric Utility Says Power Meters Disrupted by Cyberattack
Nova Scotia Power is notifying individuals affected by the recent data breach, including in the United States. The post Canadian Electric Utility Says Power Meters Disrupted by Cyberattack appeared first on SecurityWeek.
Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks
A Chinese national has been arrested in Milan, Italy, for his alleged links to a state-sponsored hacking group known as Silk Typhoon and for carrying out cyber attacks against American organizations and government agencies. The 33-year-old, Xu Zewei, has been charged with nine counts of wire fraud and conspiracy to cause damage to and obtain information by unauthorized access to protected
Ivanti, Fortinet, Splunk Release Security Updates
Ivanti, Fortinet, and Splunk have released patches for critical- and high-severity vulnerabilities in their products. The post Ivanti, Fortinet, Splunk Release Security Updates appeared first on SecurityWeek.
Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server
For the first time in 2025, Microsoft's Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but the company acknowledged one of the addressed flaws had been publicly known. The patches resolve a whopping 130 vulnerabilities, along with 10 other non-Microsoft CVEs that affect Visual Studio, AMD, and its Chromium-based Edge browser. Of these, 10 are rated Critical
Alleged Chinese State Hacker Wanted by US Arrested in Italy
Xu Zewei has been arrested on charges that he is a member of the Chinese state-sponsored hacking group Hafnium (Silk Typhoon). The post Alleged Chinese State Hacker Wanted by US Arrested in Italy appeared first on SecurityWeek.
South Korean Government Imposes Penalties on SK Telecom for Breach
Following a breach at the country's top mobile provider that exposed 27 million records, the South Korean government imposed a small monetary penalty but stiff regulatory requirements.
Microsoft Patch Tuesday, July 2025 Edition
Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire "critical" rating, meaning they could be exploited to seize control over vulnerable Windows PCs with little or no help from users.
Unlock Security Operations Success With Data Analysis
From data fog to threat clarity: Automating security analytics helps security teams stop fighting phantoms and respond to what matters.
AI Trust Score Ranks LLM Security
Startup Tumeryk's AI Trust scorecard finds Google Gemini Pro 2.5 as the most trustworthy, with OpenAI's GPT-4o mini a close second and DeepSeek and Alibaba Qwen scoring lowest.
Appeals court clears path for El Salvadoran journos to sue spyware maker
The court vacated the district courtβs decision to dismiss the case against NSO Group, saying it abused its discretion in doing so. The post Appeals court clears path for El Salvadoran journos to sue spyware maker appeared first on CyberScoop.
Microsoft Patch Tuesday addresses 130 vulnerabilities, none actively exploited
Researchers are especially concerned about a high-severity defect in SQL Server and a critical vulnerability in SPNEGO, a foundational protocol. The post Microsoft Patch Tuesday addresses 130 vulnerabilities, none actively exploited appeared first on CyberScoop.
Adobe Patches Critical Code Execution Bugs
Adobe patches were also released for medium-severity flaws in After Effects, Audition, Dimension, Experience Manager Screens, FrameMaker, Illustrator, Substance 3D Stager, and Substance 3D Viewer. The post Adobe Patches Critical Code Execution Bugs appeared first on SecurityWeek.
Microsoft Patches 137 CVEs in July, but No Zero-Days
Some 17 of the bugs are at high risk for exploits, including multiple remote code execution bugs in Office and SharePoint.
Microsoft Patches 130 Vulnerabilities for July 2025 Patch Tuesday
Patch Tuesday July 2025: Microsoft rolled out fixes for 130 vulnerabilities, including a zero-day in SQL Server. The post Microsoft Patches 130 Vulnerabilities for July 2025 Patch Tuesday appeared first on SecurityWeek.
Malicious Open Source Packages Spike 188% YoY
Data exfiltration was the most common malware in Sonatype report, with more than 4,400 packages designed to steal secrets, personally identifiable information, credentials, and API tokens.
Italian authorities arrest Chinese man over Microsoft Exchange Server hack, targeting of COVID-19 researchers
The arrest came at the request of the United States, which hailed the development as a sign that patience in pursuing cybercriminals in court is rewarded. The post Italian authorities arrest Chinese man over Microsoft Exchange Server hack, targeting of COVID-19 researchers appeared first on CyberScoop.
Impostor Uses AI to Impersonate Rubio and Contact Foreign and US Officials
The warning came after the department discovered that an impostor attempted to reach out to at least three foreign ministers, a U.S. senator and a governor. The post Impostor Uses AI to Impersonate Rubio and Contact Foreign and US Officials appeared first on SecurityWeek.
Suspected Hacker Linked to Silk Typhoon Arrested in Milan
The alleged Chinese state-sponsored hacker faces multiple charges, including wire fraud, aggravated identity theft, and unauthorized access to protected computers.
Treasury slaps sanctions on people, companies tied to North Korean IT worker schemes
A North Korean man was the focus of Tuesdayβs announcement, which also included a Russian man, his companies and North Korean firms. The post Treasury slaps sanctions on people, companies tied to North Korean IT worker schemes appeared first on CyberScoop.
Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware
In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute stealer malware. The company behind the software said a company that had recently purchased Shellter Elite licenses leaked their copy, prompting malicious actors to weaponize the tool for
Legitimate Shellter Pen-Testing Tool Used in Malware Attacks
A stolen copy of Shellter Elite shows how easily legitimate security tools can be repurposed by threat actors when vetting and oversight fail. The post Legitimate Shellter Pen-Testing Tool Used in Malware Attacks appeared first on SecurityWeek.
Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play
Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google's official app marketplace. The malware, disguised as a "PDF Update" to a document viewer app, has been caught serving a deceptive overlay when users attempt to access their banking application, claiming
Oligo Security strives to fill application-layer gaps in MITRE ATT&CK framework
Application Attack Matrix is a community effort designed to help defenders and organizations better understand and define how attackers use and exploit weaknesses in applications. The post Oligo Security strives to fill application-layer gaps in MITRE ATT&CK framework appeared first on CyberScoop.
The Wild West of Agentic AI β An Attack Surface CISOs Canβt Afford to Ignore
As organizations rush to adopt agentic AI, security leaders must confront the growing risk of invisible threats and new attack vectors. The post The Wild West of Agentic AI β An Attack Surface CISOs Canβt Afford to Ignore appeared first on SecurityWeek.
Hackers 'Shellter' Various Stealers in Red-Team Tool to Evade Detection
Researchers have uncovered multiple campaigns spreading Lumma, Arechclient2, and Rhadamanthys malware by leveraging key features of the AV/EDR evasion framework.
4 Critical Steps in Advance of 47-Day SSL/TLS Certificates
With certificate lifespans set to shrink by 2029, IT teams need to spend the next 100 days planning in order to avoid operational disruptions.
Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension
Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a little over 6,000 times. The compromise, per ReversingLabs, occurred via a GitHub pull request that was opened by a user named Airez299 on June 17, 2025. First released by 7finney in 2022, Ethcode is a VS Code extension that's used to