Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Turning Human Vulnerability Into Organizational Strength
Investing in building a human-centric defense involves a combination of adaptive security awareness training, a vigilant and skeptical culture, and the deployment of layered technical controls.
Published on: August 04, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally
Cybersecurity researchers are calling attention to a new wave of campaigns distributing a Python-based information stealer called PXA Stealer. The malicious activity has been assessed to be the work of Vietnamese-speaking cybercriminals who monetize the stolen data through a subscription-based underground ecosystem that automates the resale and reuse via Telegram APIs, according to a joint
Published on: August 04, 2025 | Source:US Announces $100 Million for State, Local and Tribal Cybersecurity
CISA and FEMA announced two grants of more than $100 million for state, local, and tribal governments looking to improve cybersecurity. The post US Announces $100 Million for State, Local and Tribal Cybersecurity appeared first on SecurityWeek.
Published on: August 04, 2025 | Source:AI Guardrails Under Fire: Ciscoβs Jailbreak Demo Exposes AI Weak Points
Ciscoβs latest jailbreak method reveals just how easily sensitive data can be extracted from chatbots trained on proprietary or copyrighted content. The post AI Guardrails Under Fire: Ciscoβs Jailbreak Demo Exposes AI Weak Points appeared first on SecurityWeek.
Published on: August 04, 2025 | Source:Sean Cairncross Confirmed by Senate as National Cyber Director
The US Senate voted to confirm Sean Cairncross as the National Cyber Director, five months after nominalization. The post Sean Cairncross Confirmed by Senate as National Cyber Director appeared first on SecurityWeek.
Published on: August 04, 2025 | Source:β‘ Weekly Recap: VPN 0-Day, Encryption Backdoor, AI Malware, macOS Flaw, ATM Hack & More
Malware isnβt just trying to hide anymoreβitβs trying to belong. Weβre seeing code that talks like us, logs like us, even documents itself like a helpful teammate. Some threats now look more like developer tools than exploits. Others borrow trust from open-source platforms, or quietly build themselves out of AI-written snippets. Itβs not just about being maliciousβitβs about being believable.
Published on: August 04, 2025 | Source:First Sentencing in Scheme to Help North Koreans Infiltrate US Companies
An Arizona woman was sentenced to eight-and-a-half years in prison for her role helping North Korean workers infiltrate US companies by pretending to be US workers. From an article: According to court documents, Chapman hosted the North Korean IT workersβ computers in her own home between October 2020 and October 2023, creating a so-called βlaptop farmβ which was used to make it appear as though the devices were...
Published on: August 04, 2025 | Source:Man-in-the-Middle Attack Prevention Guide
Some of the most devastating cyberattacks donβt rely on brute force, but instead succeed through stealth. These quiet intrusions often go unnoticed until long after the attacker has disappeared. Among the most insidious are man-in-the-middle (MITM) attacks, where criminals exploit weaknesses in communication protocols to silently position themselves between two unsuspecting parties
Published on: August 04, 2025 | Source:New βPlagueβ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft
Cybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year. "The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently bypass system authentication and gain persistent SSH access," Nextron Systems researcher Pierre-Henri Pezier said. Pluggable Authentication Modules
Published on: August 04, 2025 | Source:Northwest Radiologists Data Breach Impacts 350,000 Washingtonians
Northwest Radiologists says the personal information of 350,000 Washington State residents was stolen in a January 2025 data breach. The post Northwest Radiologists Data Breach Impacts 350,000 Washingtonians appeared first on SecurityWeek.
Published on: August 04, 2025 | Source:The Wild West of Shadow IT
Everyoneβs an IT decision-maker now. The employees in your organization can install a plugin with just one click, and they donβt need to clear it with your team first. Itβs great for productivity, but itβs a serious problem for your security posture. When the floodgates of SaaS and AI opened, IT didnβt just get democratized, its security got outpaced. Employees are onboarding apps faster than
Published on: August 04, 2025 | Source:Several Vulnerabilities Patched in AI Code Editor CursorΒ
Attackers could silently modify sensitive MCP files to trigger the execution of arbitrary code without requiring user approval. The post Several Vulnerabilities Patched in AI Code Editor Cursor appeared first on SecurityWeek.
Published on: August 04, 2025 | Source:Gene Sequencing Giant Illumina Settles for $9.8M Over Product Vulnerabilities
Illumina will pay $9.8 million to settle accusations that products provided to the US government were affected by cybersecurity flaws. The post Gene Sequencing Giant Illumina Settles for $9.8M Over Product Vulnerabilities appeared first on SecurityWeek.
Published on: August 04, 2025 | Source:CrowdStrike investigated 320 North Korean IT worker cases in the past year
Threat hunters saw North Korean operatives almost daily, reflecting a 220% year-over-year increase in activity, CrowdStrike said in a new report. The post CrowdStrike investigated 320 North Korean IT worker cases in the past year appeared first on CyberScoop.
Published on: August 04, 2025 | Source:PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads
Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong. "The botnet's rapid growth, which now exceeds 2,000 new infections per week, is driven by aggressive campaigns focusing on Spanish and French speakers, indicating a strategic
Published on: August 04, 2025 | Source:Senate confirms national cyber director pick Sean Cairncross
The president selected the former RNC, White House and Millennium Challenge Corporation official for the job in February. The post Senate confirms national cyber director pick Sean Cairncross appeared first on CyberScoop.
Published on: August 03, 2025 | Source:CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign
Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks. Palo Alto Networks Unit 42 said it observed multiple incidents in the region, including one aimed at critical telecommunications infrastructure between February and November 2024. The attacks are characterized by the
Published on: August 02, 2025 | Source:What Is the Role of Provable Randomness in Cybersecurity?
Random numbers are the cornerstone of cryptographic security. As organizations adopt quantum-resistant algorithms, it's equally important to examine the randomness underpinning them.
Published on: August 01, 2025 | Source:Friday Squid Blogging: A Case of Squid Fossil Misidentification
What scientists thought were squid fossils were actually arrow worms.
Published on: August 01, 2025 | Source:Cursorβs AI coding agent morphed βinto local shellβ with one-line prompt attack
The flaw, disclosed a month after it was patched, provided an attacker with remote code execution privileges by poisoning the data ingested by the model. The post Cursorβs AI coding agent morphed βinto local shellβ with one-line prompt attack appeared first on CyberScoop.
Published on: August 01, 2025 | Source:Social engineering attacks surged this past year, Palo Alto Networks report finds
Unit 42 said social engineering β the method of choice for groups as diverse as Scattered Spider and North Korean tech workers β was the top initial attack vector over the past year. The post Social engineering attacks surged this past year, Palo Alto Networks report finds appeared first on CyberScoop.
Published on: August 01, 2025 | Source:Dark Reading News Desk Turns 10, Back at Black Hat USA for 2025
Dark Reading's 2025 News Desk marks a decade of Black Hat USA memories. We're making our return with a slate of interviews that help you stay up on the latest research from Black Hat β no trip to Las Vegas required.
Published on: August 01, 2025 | Source:Gen Z in the Crosshairs: Cybercriminals Shift Focus to Young, Digital-Savvy Workers
Should Gen Z to be treated as a separate attack surface within your company? The post Gen Z in the Crosshairs: Cybercriminals Shift Focus to Young, Digital-Savvy Workers appeared first on SecurityWeek.
Published on: August 01, 2025 | Source:Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection
Cybersecurity researchers have disclosed a now-patched, high-severity security flaw in Cursor, a popular artificial intelligence (AI) code editor, that could result in remote code execution (RCE). The vulnerability, tracked as CVE-2025-54135 (CVSS score: 8.6), has been addressed in version 1.3 released on July 29, 2025. It has been codenamed CurXecute by AimLabs, which previously disclosed
Published on: August 01, 2025 | Source:LLMs' AI-Generated Code Remains Wildly Insecure
Security debt ahoy: Only about half of the code that the latest large language models (LLMs) create is cybersecure, and more and more of it is being created all the time.
Published on: August 01, 2025 | Source:In Other News: Microsoft Probes ToolShell Leak, Port Cybersecurity, Raspberry Pi ATM Hack
Noteworthy stories that might have slipped under the radar: Microsoft investigates whether the ToolShell exploit was leaked via MAPP, two reports on port cybersecurity, physical backdoor used for ATM hacking attempt. The post In Other News: Microsoft Probes ToolShell Leak, Port Cybersecurity, Raspberry Pi ATM Hack appeared first on SecurityWeek.
Published on: August 01, 2025 | Source:China accuses US of exploiting Microsoft zero-day in cyberattack
The accusation, the latest from Beijing, says U.S. intelligence agencies attacked two Chinese military enterprises. The post China accuses US of exploiting Microsoft zero-day in cyberattack appeared first on CyberScoop.
Published on: August 01, 2025 | Source:Male-Dominated Cyber Industry Still Holds Space for Women With Resilience
When trying to crack your way into a cyber career, true passion and a bold love of the industry is a must to set yourself apart from hundreds of other job applicants, according to Weave CISO Jessica Sica, in this latest "Career Conversations With a CISO" video.
Published on: August 01, 2025 | Source:Building the Perfect Post-Security Incident Review Playbook
By creating a safe environment for open discussion, prioritizing human context alongside technical data, and involving diverse stakeholders, organizations can turn security incidents into accelerators of resilience.
Published on: August 01, 2025 | Source:Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts
Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applications to facilitate credential harvesting as part of account takeover attacks. "The fake Microsoft 365 applications impersonate various companies, including RingCentral, SharePoint, Adobe, and Docusign," Proofpoint said in a Thursday report. The
Published on: August 01, 2025 | Source:New 'Shade BIOS' Technique Beats Every Kind of Security
What if malware didn't require an operating system to function? How would anyone possibly notice, let alone disable it?
Published on: August 01, 2025 | Source:Microsoft Boosts .NET Bounty Program Rewards to $40,000
Valid, complete reports detailing remote code execution or elevation of privilege bugs in .NET qualify for the maximum rewards. The post Microsoft Boosts .NET Bounty Program Rewards to $40,000 appeared first on SecurityWeek.
Published on: August 01, 2025 | Source:ISC2 Launches New Security Certificate for AI Expertise
The six-course program cover topics such as AI fundamentals, ethics, and risks.
Published on: August 01, 2025 | Source:Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft
Russian state-sponsored APT Secret Blizzard has used ISP-level AitM attacks to infect diplomatic devices with malware. The post Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft appeared first on SecurityWeek.
Published on: August 01, 2025 | Source:AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown
Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet drainer. The package, @kodane/patch-manager, claims to offer "advanced license validation and registry optimization utilities for high-performance Node.js applications." It was uploaded to npm by a user named "Kodane" on July 28, 2025. The
Published on: August 01, 2025 | Source: