Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Cybersecurity Firms Raise Over $1.7 Billion Ahead of RSA Conference 2025
More than 30 companies announced a total of $1.7 billion in funding in weeks leading up to the industryβs largest gathering. The post Cybersecurity Firms Raise Over $1.7 Billion Ahead of RSA Conference 2025 appeared first on SecurityWeek.
Published on: April 29, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
This month in security with Tony Anscombe β April 2025 edition
From the near-demise of MITRE's CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity
Published on: April 29, 2025 | Source:Google Tracked 75 Zero-Days in 2024
The number of exploited zero-days seen by Google in 2024 dropped to 75, from 98 observed in the previous year. The post Google Tracked 75 Zero-Days in 2024 appeared first on SecurityWeek.
Published on: April 29, 2025 | Source:Applying Security Engineering to Prompt Injection Security
This seems like an important advance in LLM security against prompt injection: Google DeepMind has unveiled CaMeL (CApabilities for MachinE Learning), a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police themselves. Instead, CaMeL treats language models as fundamentally untrusted components within a secure software framework, creating clear boundaries between...
Published on: April 29, 2025 | Source:RSA Conference 2025 Announcements Summary (Day 1)Β
Hundreds of companies are showcasing their products and services this week at the 2025 edition of the RSA Conference in San Francisco. The post RSA Conference 2025 Announcements Summary (Day 1) appeared first on SecurityWeek.
Published on: April 29, 2025 | Source:Product Walkthrough: Securing Microsoft Copilot with Reco
Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying threats - all while keeping productivity high. Microsoft 365 Copilot promises to boost productivity by turning natural language prompts into actions. Employees can generate reports, comb through data, or get instant answers just by asking Copilot. However,
Published on: April 29, 2025 | Source:Exploited Vulnerability Exposes Over 400 SAP NetWeaver Servers to Attacks
More than 400 SAP NetWeaver servers are impacted by CVE-2025-31324, an exploited remote code execution vulnerability. The post Exploited Vulnerability Exposes Over 400 SAP NetWeaver Servers to Attacks appeared first on SecurityWeek.
Published on: April 29, 2025 | Source:Google Reports 75 Zero-Days Exploited in 2024 β 44% Targeted Enterprise Security Products
Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023 but an increase from 63 the year before. Of the 75 zero-days, 44% of them targeted enterprise products. As many as 20 flaws were identified in security software and appliances. "Zero-day exploitation of browsers and mobile devices fell drastically, decreasing by about a third for
Published on: April 29, 2025 | Source:Vulnerability Exploitation Is Shifting in 2024-25
The number of vulnerabilities exploited by attacks may not be growing these days, but they are increasingly affecting enterprise technologies.
Published on: April 29, 2025 | Source:Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool
In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that's capable of conducting surveillance. The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support the use of the Uyghur
Published on: April 29, 2025 | Source:CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-1976 (CVSS score: 8.6) - A code injection flaw
Published on: April 29, 2025 | Source:House passes bill to study routersβ national security risks
Lawmakers say the ROUTERS Act is critical to understanding vulnerabilities in devices exploited by Chinese hackers and other adversaries. The post House passes bill to study routersβ national security risks appeared first on CyberScoop.
Published on: April 28, 2025 | Source:SAP NetWeaver Visual Composer Flaw Under Active Exploitation
CVE-2025-31324 is a maximum severity bug that attackers exploited weeks before SAP released a patch for it.
Published on: April 28, 2025 | Source:Cybersecurity experts issue response to Trump order targeting Chris Krebs, SentinelOne
The letter, released through the Electronic Frontier Foundation, calls Trumpβs executive order βretaliatory.β The post Cybersecurity experts issue response to Trump order targeting Chris Krebs, SentinelOne appeared first on CyberScoop.
Published on: April 28, 2025 | Source:Windscribe Acquitted on Charges of Not Collecting Usersβ Data
The company doesnβt keep logs, so couldnβt turn over data: Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in connection with an alleged internet offence by an unknown user of the service. The case centred around a Windscribe-owned server in...
Published on: April 28, 2025 | Source:Cybersecurity vendors are themselves under attack by hackers, SentinelOne says
βItβs practically tabooβ for cyber firms to talk about being targeted, but SentinelLabs said in a new report that it has observed multiple threats. The post Cybersecurity vendors are themselves under attack by hackers, SentinelOne says appeared first on CyberScoop.
Published on: April 28, 2025 | Source:Palo Alto Networks to Acquire AI Security Firm Protect AI
Palo Alto Networks is acquiring AI security company Protect AI in a deal previously estimated at $650-700 million. The post Palo Alto Networks to Acquire AI Security Firm Protect AI appeared first on SecurityWeek.
Published on: April 28, 2025 | Source:NetFoundry Raises $12 Million for Network Security Solutions
Zero-trust network security solutions provider NetFoundry has raised $12 million in funding from SYN Ventures. The post NetFoundry Raises $12 Million for Network Security Solutions appeared first on SecurityWeek.
Published on: April 28, 2025 | Source:JPMorgan Chase CISO Fires Warning Shot Ahead of RSA Conference
This tension between hard-edged risk realism and breathless AI evangelism sets an unmistakable tone for a bellwether conference where 40,000-plus gather to do business. The post JPMorgan Chase CISO Fires Warning Shot Ahead of RSA Conference appeared first on SecurityWeek.
Published on: April 28, 2025 | Source:AI, Automation, and Dark Web Fuel Evolving Threat Landscape
Attackers are leveraging the benefits of new technology and the availability of commodity tools, credentials, and other resources to develop sophisticated attacks more quickly than ever, putting defenders on their heels.
Published on: April 28, 2025 | Source:Craft CMS Zero-Day Exploited to Compromise Hundreds of Websites
Threat actors have exploited a zero-day vulnerability in Craft CMS to execute PHP code on hundreds of websites. The post Craft CMS Zero-Day Exploited to Compromise Hundreds of Websites appeared first on SecurityWeek.
Published on: April 28, 2025 | Source:Forget the Stack; Focus on Control
Security teams are under more pressure than ever β and cybersecurity debt is adding fuel to the fire. While it can't be eliminated overnight, it can be managed.
Published on: April 28, 2025 | Source:4 Million Affected by VeriSource Data Breach
VeriSource Services says the personal information of 4 million people was compromised in a February 2024 cyberattack. The post 4 Million Affected by VeriSource Data Breach appeared first on SecurityWeek.
Published on: April 28, 2025 | Source:DoJ Data Security Program Highlights Data-Sharing Challenges
The Department of Justice has announced compliance rules for its Data Security Program that will require organizations to reexamine how they do business and with whom.
Published on: April 28, 2025 | Source:DoJ Data Security Program Highlights Data Sharing Challenges
The Department of Justice announced compliance rules for the Data Security Program that will require organizations to reexamine how they do business and with whom.
Published on: April 28, 2025 | Source:β‘ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More
What happens when cybercriminals no longer need deep skills to breach your defenses? Todayβs attackers are armed with powerful tools that do the heavy lifting β from AI-powered phishing kits to large botnets ready to strike. And theyβre not just after big corporations. Anyone can be a target when fake identities, hijacked infrastructure, and insider tricks are used to slip past security
Published on: April 28, 2025 | Source:Critical Vulnerabilities Found in Planet Technology Industrial Networking Products
Planet Technology industrial switches and network management products are affected by several critical vulnerabilities. The post Critical Vulnerabilities Found in Planet Technology Industrial Networking Products appeared first on SecurityWeek.
Published on: April 28, 2025 | Source:How Breaches Start: Breaking Down 5 Real Vulns
Not every security vulnerability is high risk on its own - but in the hands of an advanced attacker, even small weaknesses can escalate into major breaches. These five real vulnerabilities, uncovered by Intruderβs bug-hunting team, reveal how attackers turn overlooked flaws into serious security incidents. 1. Stealing AWS Credentials with a Redirect Server-Side Request Forgery (SSRF) is a
Published on: April 28, 2025 | Source:RSA Conference 2025 β Pre-Event Announcements Summary (Part 3)Β
Hundreds of companies are showcasing their products and services this week at the 2025 edition of the RSA Conference in San Francisco. The post RSA Conference 2025 β Pre-Event Announcements Summary (Part 3) appeared first on SecurityWeek.
Published on: April 28, 2025 | Source:How safe and secure is your iPhone really?
Your iPhone isn't necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors.
Published on: April 28, 2025 | Source:African Telecom Giant MTN Group Discloses Data Breach
MTN Group says the personal information of certain customers was compromised in a cybersecurity incident. The post African Telecom Giant MTN Group Discloses Data Breach appeared first on SecurityWeek.
Published on: April 28, 2025 | Source:Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools
Government and telecommunications sectors in Southeast Asia have become the target of a "sophisticated" campaign undertaken by a new advanced persistent threat (APT) group called Earth Kurma since June 2024. The attacks, per Trend Micro, have leveraged custom malware, rootkits, and cloud storage services for data exfiltration. The Philippines, Vietnam, Thailand, and Malaysia are among the
Published on: April 28, 2025 | Source:WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors
Cybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor instead. WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running
Published on: April 28, 2025 | Source:Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised
Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access. The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities - CVE-2024-58136 (CVSS score: 9.0) - An improper protection of alternate path flaw in the Yii PHP
Published on: April 28, 2025 | Source:Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers
Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year. "The attack involves the use of AzureChecker.exe, a Command Line Interface (CLI) tool that is being used by a wide range of threat actors," the Microsoft Threat Intelligence team said in an analysis. The tech giant noted that
Published on: April 27, 2025 | Source: