Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXHackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security Checks
SonicWall on Wednesday disclosed that an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service. "The files contain encrypted credentials and configuration data; while encryption remains in place, possession of these files could increase the risk of targeted attacks," the company said. It also noted that it's working to notify all
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More
Cyber threats are evolving faster than ever. Attackers now combine social engineering, AI-driven manipulation, and cloud exploitation to breach targets once considered secure. From communication platforms to connected devices, every system that enhances convenience also expands the attack surface. This edition of ThreatsDay Bulletin explores these converging risks and the safeguards that help
Realm.Security Raises $15 Million in Series A Funding
The cybersecurity startup will use the investment to accelerate its product development and market expansion efforts. The post Realm.Security Raises $15 Million in Series A Funding appeared first on SecurityWeek.
SaaS Breaches Start with Tokens - What Security Teams Must Watch
Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen token hygiene to prevent attacks. Most companies in 2025 rely on a whole range of software-as-a-service (SaaS) applications to run their operations. However, the security of these applications depends on small pieces of data called tokens. Tokens, like
GitHub Copilot Chat Flaw Leaked Data From Private Repositories
Hidden comments allowed full control over Copilot responses and leaked sensitive information and source code. The post GitHub Copilot Chat Flaw Leaked Data From Private Repositories appeared first on SecurityWeek.
Chaos Ransomware Upgrades With Aggressive New C++ Variant
New encryption, wiper, and cryptocurrency-stealing capabilities make the evolving ransomware-as-a-service operation more dangerous than ever.
Chinese Hackers Breached Law Firm Williams & Connolly via Zero-Day
The company said there is no evidence that confidential client data was stolen from its systems. The post Chinese Hackers Breached Law Firm Williams & Connolly via Zero-Day appeared first on SecurityWeek.
From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine
Russian hackers' adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025 (H1 2025), the country's State Service for Special Communications and Information Protection (SSSCIP) said. "Hackers now employ it not only to generate phishing messages, but some of the malware samples we have analyzed show clear signs of being generated
Discord Says 70,000 Users Had IDs Exposed in Recent Data Breach
The hackers claim the theft of over 2 million photos of government identification documents provided to Discord for age verification. The post Discord Says 70,000 Users Had IDs Exposed in Recent Data Breach appeared first on SecurityWeek.
Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme
Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, and take control of susceptible sites. The authentication bypass vulnerability, tracked as CVE-2025-5947 (CVSS score: 9.8), affects the Service Finder Bookings, a WordPress plugin bundled with the
Vampire Bot Malware Sinks Fangs Into Job Hunters
The campaign is the latest by BatShadow, one of a growing number of cybercrime groups operating out of Vietnam.
Red Hat Hackers Team Up With Scattered Lapsus$ Hunters
Crimson Collective, which recently breached the GitLab instance of Red Hat Consulting, has teamed up with the notorious cybercriminal collective.
Voting groups ask court for immediate halt to Trump adminβs SAVE database overhaul
In a court filing, the groups argued court action was needed to prevent permanent privacy harm from the governmentβs βillegal and secretive consolidation of millions of Americansβ sensitive personal data.β The post Voting groups ask court for immediate halt to Trump adminβs SAVE database overhaul appeared first on CyberScoop.
LockBit, Qilin & DragonForce Join Forces in Ransomware 'Cartel'
The three extortion gangs also invited other e-crime attackers to join their collaboration to share attack information and resources, in the wake of LockBit 5.0 being released.
Framelink Figma MCP Server Opens Orgs to Agentic AI Compromise
Patch now: A bug (CVE-2025-53967) in a third-party option for connecting Figma to agentic AI can lead to remote code execution (RCE).
Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks
Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. "Site visitors get injected content that was drive-by malware like fake Cloudflare verification," Sucuri researcher Puja Srivastava said in an analysis published last week. The website security company
AI Takes Center Stage at DataTribeβs Cyber Innovation Day
From defending AI agents to teaching robots to move safely, finalists at this yearβs DataTribe Challenge are charting the next frontier in cybersecurity innovation. The post AI Takes Center Stage at DataTribeβs Cyber Innovation Day appeared first on SecurityWeek.
Will AI-SPM Become the Standard Security Layer for Safe AI Adoption?
How security posture management for AI can protect against model poisoning, excessive agency, jailbreaking and other LLM risks. The post Will AI-SPM Become the Standard Security Layer for Safe AI Adoption? appeared first on SecurityWeek.
Flok License Plate Surveillance
The company Flok is surveilling us as we drive: A retired veteran named Lee Schmidt wanted to know how often Norfolk, Virginiaβs 176 Flock Safety automated license-plate-reader cameras were tracking him. The answer, according to a U.S. District Court lawsuit filed in September, was more than four times a day, or 526 times from mid-February to early July. No, thereβs no warrant out for Schmidtβs arrest, nor is there a...
German government says it will oppose EU mass-scanning proposal
Despite fears from privacy advocates, officials from the ruling party said mass-scanning proposals like Chat Control should be βtaboo in a constitutional state.β The post German government says it will oppose EU mass-scanning proposal appeared first on CyberScoop.
Virtual Event Today: Zero Trust & Identity Strategies Summit
Join the virtual event we dive into the world of digital identity management and the role of zero-trust principles and associated technologies. The post Virtual Event Today: Zero Trust & Identity Strategies Summit appeared first on SecurityWeek.
China-Nexus Actors Weaponize 'Nezha' Open Source Tool
A threat actor is putting a spin on classic remote monitoring and management (RMM) attacks, using a Chinese open source tool instead.
Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave
Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to targets. The activity, observed by cybersecurity company Huntress in August 2025, is characterized by the use of an unusual technique called log poisoning (aka log injection) to plant a web shell on a web
Calling All Influencers: Spear-Phishers Dangle Tesla, Red Bull Jobs
Wanna work for a hot brand? Cyberattackers continue to evolve lures for job seekers in an impersonation campaign aimed at stealing rΓ©sumΓ©s from social media pros.
Google DeepMindβs New AI Agent Finds and Fixes VulnerabilitiesΒ
The new product is called CodeMender and it can rewrite vulnerable code to prevent future exploits. The post Google DeepMindβs New AI Agent Finds and Fixes Vulnerabilities appeared first on SecurityWeek.
Google Offers Up to $20,000 in New AI Bug Bounty Program
The company has updated the programβs scope and has combined the rewards for abuse and security issues into a single table. The post Google Offers Up to $20,000 in New AI Bug Bounty Program appeared first on SecurityWeek.
Step Into the Password Graveyard⦠If You Dare (and Join the Live Session)
Every year, weak passwords lead to millions in losses β and many of those breaches could have been stopped. Attackers donβt need advanced tools; they just need one careless login. For IT teams, that means endless resets, compliance struggles, and sleepless nights worrying about the next credential leak. This Halloween, The Hacker News and Specops Software invite you to a live webinar: β
LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem
Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape. The coalition is seen as an attempt on the part of the financially motivated threat actors to conduct more effective ransomware attacks, ReliaQuest said in a report shared with The Hacker News. "Announced shortly
North Korean Hackers Have Stolen $2 Billion in Cryptocurrency in 2025
The hackers are believed to have stolen over $6 billion for the Pyongyang regime, financing its military programs. The post North Korean Hackers Have Stolen $2 Billion in Cryptocurrency in 2025 appeared first on SecurityWeek.
Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely β Patch Now
Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker can
Severe Framelink Figma MCP Vulnerability Lets Hackers Execute Code Remotely
Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker can
Radiflow Unveils New OT Security Platform
Radiflow360 provides enhanced visibility, risk management, and incident response capabilities for mid-sized industrial enterprises. The post Radiflow Unveils New OT Security Platform appeared first on SecurityWeek.
DraftKings Warns Users of Credential Stuffing Attacks
Hackers accessed user accounts and compromised names, addresses, phone numbers, email addresses, and other information. The post DraftKings Warns Users of Credential Stuffing Attacks appeared first on SecurityWeek.
No Time to Waste: Embedding AI to Cut Noise and Reduce Risk
Artificial intelligence is reshaping cybersecurity on both sides of the battlefield. Cybercriminals are using AI-powered tools to accelerate and automate attacks at a scale defenders have never faced before. Security teams are overwhelmed by an explosion of vulnerability data, tool outputs, and alerts, all while operating with finite human resources. The irony is that while AI has become a
Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching
Hundreds of internet-exposed Oracle E-Business Suite instances may still be vulnerable to attacks. The post Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching appeared first on SecurityWeek.