Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXCritical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros
Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines. A brief description of the vulnerabilities is below - CVE-2025-32462 (CVSS score: 2.8) - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Task scams: Why you should never pay to get paid
Some schemes might sound unbelievable, but they’re easier to fall for than you think. Here’s how to avoid getting played by gamified job scams.
Google Ordered to Pay $314M for Misusing Android Users' Cellular Data Without Permission
Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users' cellular data when they were idle to passively send information to the company. The verdict marks an end to a legal class-action complaint that was originally filed in August 2019. In their lawsuit, the plaintiffs argued that Google's Android operating system
Big Tech’s Mixed Response to U.S. Treasury Sanctions
In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But more than a month later, the accused continues to openly operate accounts at a slew of American tech companies, including Facebook, Github, LinkedIn, PayPal and Twitter/X.
Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams
A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps were designed to load out-of-context ads on a user's screen and hide their icons from the device home screen launcher, making it harder for victims to remove them, per the company's Satori Threat Intelligence and Research Team. The apps have
China-linked attacker hit France’s critical infrastructure via trio of Ivanti zero-days last year
French authorities said government agencies and businesses spanning telecom, media, finance and transportation were impacted by the widely exploited Ivanti vulnerabilities. The post China-linked attacker hit France’s critical infrastructure via trio of Ivanti zero-days last year appeared first on CyberScoop.
New Cyber Blueprint Aims to Guide Organizations on AI Journey
Deloitte's new blueprint looks to bridge the gap between the massive push for AI adoption and a lack of preparedness among leaders and employees.
Dark Web Vendors Shift to Third Parties, Supply Chains
As attacks on software supply chains and third parties increase, more data on critical software and infrastructure services is being advertised and sold on the Dark Web.
IDE Extensions Pose Hidden Risks to Software Supply Chain
Malicious extensions can be engineered to bypass verification checks for popular integrated development environments, according to research from OX Security.
Attackers Impersonate Top Brands in Callback Phishing
Microsoft, PayPal, Docusign, and others are among the trusted brands threat actors use in socially engineered scams that try to get victims to call adversary-controlled phone numbers.
Undetectable Android Spyware Backfires, Leaks 62,000 User Logins
A vulnerability in the Catwatchful spyware allowed a security researcher to retrieve the usernames and passwords of over 62,000 accounts. The post Undetectable Android Spyware Backfires, Leaks 62,000 User Logins appeared first on SecurityWeek.
Cisco Warns of Hardcoded Credentials in Enterprise Software
Hardcoded SSH credentials in Cisco Unified CM and Unified CM SME could allow attackers to execute commands as root. The post Cisco Warns of Hardcoded Credentials in Enterprise Software appeared first on SecurityWeek.
Surveillance Used by a Drug Cartel
Once you build a surveillance system, you can’t control who will use it: A hacker working for the Sinaloa drug cartel was able to obtain an FBI official’s phone records and use Mexico City’s surveillance cameras to help track and kill the agency’s informants in 2018, according to a new US justice department report. The incident was disclosed in a justice department inspector general’s audit of the FBI’s efforts to...
Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets
Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users' digital assets at risk. "These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox
The Hidden Weaknesses in AI SOC Tools that No One Talks About
If you’re evaluating AI-powered SOC platforms, you’ve likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a handful of specific use cases. While that might work for yesterday’s SOC, today's reality is different. Modern security operations teams face a
North Korean Hackers Use Fake Zoom Updates to Install macOS Malware
SentinelOne says the fake Zoom update scam delivers ‘NimDoor’, a rare Nim-compiled backdoor. The post North Korean Hackers Use Fake Zoom Updates to Install macOSMalware appeared first on SecurityWeek.
Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. The campaign, detected at the beginning of
How government cyber cuts will affect you and your business
Deep cuts in cybersecurity spending risk creating ripple effects that will put many organizations at a higher risk of falling victim to cyberattacks
Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges. The vulnerability, tracked as CVE-2025-20309, carries a CVSS score
Qantas Airlines Breached, Impacting 6M Customers
Passengers' personal information was likely accessed via a third-party platform used at a call center, but didn't include passport or credit card info.
Browser Extensions Pose Heightened, but Manageable, Security Risks
Attackers can abuse malicious extensions to access critical data, including credentials, but organizations can reduce the risks by raising awareness and enforcing strict policy controls.
Initial Access Broker Self-Patches Zero Days as Turf Control
A likely China-nexus threat actor has been exploiting unpatched Ivanti vulnerabilities to gain initial access to victim networks and then patching the systems to block others from breaking into the same network.
US Treasury Sanctions BPH Provider Aeza Group
In the past, the bulletproof group has been affiliated with many well-known ransomware and malware groups, such as BianLian and Lumma Stealer.
AI Tackles Binary Code Challenges to Fortify Supply Chain Security
Analyzing binary code helps vendors and organizations detect security threats and zero-day vulnerabilities in the software supply chain, but it doesn't come without challenges. It looks like AI has come to the rescue.
Russian APT 'Gamaredon' Hits Ukraine With Fierce Phishing
A Russian APT known as "Gamaredon" is using spear-phishing attacks and network-drive weaponization to target government entities in Ukraine.
ClickFix Spin-Off Attack Bypasses Key Browser Safeguards
A new threat vector exploits how modern browsers save HTML files, bypassing Mark of the Web and giving attackers another social-engineering attack for delivering malware.
Top FBI cyber official: Salt Typhoon ‘largely contained’ in telecom networks
Brett Leatherman told CyberScoop in an interview that while the group still poses a threat, the bureau is focused on resilience and victim support, and going on offense could be in the future. The post Top FBI cyber official: Salt Typhoon ‘largely contained’ in telecom networks appeared first on CyberScoop.
North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign
Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics. "Unusually for macOS malware, the threat actors employ a process injection technique and remote communications via wss, the TLS-encrypted version of the WebSocket protocol,"
1 Year Later: Lessons Learned From the CrowdStrike Outage
The ever-growing volume of vulnerabilities and threats requires organizations to remain resilient and anti-fragile — that is, to be able to proactively respond to issues and continuously improve.
Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response
Ransomware is a major threat to the enterprise. Tools and training help, but survival depends on one thing: your organization’s muscle memory to respond fast and recover stronger. The post Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response appeared first on SecurityWeek.
US Calls Reported Threats by Pro-Iran Hackers to Release Trump-Tied Material a ‘Smear Campaign’
The United States has warned of continued Iranian cyberattacks following American strikes on Iran’s nuclear facilities. The post US Calls Reported Threats by Pro-Iran Hackers to Release Trump-Tied Material a ‘Smear Campaign’ appeared first on SecurityWeek.
FileFix Attack Chain Enables Malicious Script Execution
By using social engineering tactics, threat actors are able to manipulate their victims into saving and renaming files that will backfire against them.
Kelly Benefits Data Breach Impacts 550,000 People
As Kelly Benefits’s investigation into a recent data breach progressed, the number of impacted individuals continued to grow. The post Kelly Benefits Data Breach Impacts 550,000 People appeared first on SecurityWeek.
Ubuntu Disables Spectre/Meltdown Protections
A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant performance drops. Now, people are rethinking the trade-off. Ubuntu has disabled some protections, resulting in 20% performance boost. After discussion between...
That Network Traffic Looks Legit, But it Could be Hiding a Serious Threat
With nearly 80% of cyber threats now mimicking legitimate user behavior, how are top SOCs determining what’s legitimate traffic and what is potentially dangerous? Where do you turn when firewalls and endpoint detection and response (EDR) fall short at detecting the most important threats to your organization? Breaches at edge devices and VPN gateways have risen from 3% to 22%, according to