Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
RSA Conference 2025 β Pre-Event Announcements Summary (Part 1)Β
Hundreds of companies are showcasing their products and services at the 2025 edition of the RSA Conference in San Francisco. The post RSA Conference 2025 β Pre-Event Announcements Summary (Part 1) appeared first on SecurityWeek.
Published on: April 24, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Jericho Security Gets $15 Million for AI-Powered Awareness Training
Jericho Security has raised $15 million in Series A funding for its AI-powered employee cybersecurity training platform. The post Jericho Security Gets $15 Million for AI-Powered Awareness Training appeared first on SecurityWeek.
Published on: April 24, 2025 | Source:Verizon DBIR Flags Major Patch Delays on VPNs, Edge AppliancesΒ
The latest Verizon DBIR landed this week with a startling statistic about the security posture of VPNs and network edge devices. The post Verizon DBIR Flags Major Patch Delays on VPNs, Edge Appliances appeared first on SecurityWeek.
Published on: April 24, 2025 | Source:Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware
At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Korea's software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in
Published on: April 24, 2025 | Source:Navigating Regulatory Shifts & AI Risks
By proactively embracing emerging trends around encryption, AI security, and platform consolidation, organizations can turn compliance burdens into competitive advantage.
Published on: April 24, 2025 | Source:Push Security Raises $30 Million in Series B Funding
Push Security has raised $30 million in Series B funding to scale its browser-based identity security platform. The post Push Security Raises $30 Million in Series B Funding appeared first on SecurityWeek.
Published on: April 24, 2025 | Source:Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring. This causes a "major blind spot in Linux runtime security tools," ARMO said. "This mechanism allows a user application to perform various actions without using system calls," the company said in
Published on: April 24, 2025 | Source:Automating Zero Trust in Healthcare: From Risk Scoring to Dynamic Policy Enforcement Without Network Redesign
The Evolving Healthcare Cybersecurity Landscape Healthcare organizations face unprecedented cybersecurity challenges in 2025. With operational technology (OT) environments increasingly targeted and the convergence of IT and medical systems creating an expanded attack surface, traditional security approaches are proving inadequate. According to recent statistics, the healthcare sector
Published on: April 24, 2025 | Source:Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals
The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities. "This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to deploy customized scams in minutes," Netcraft said in a fresh report shared with The Hacker News.
Published on: April 24, 2025 | Source:AI-Powered Polymorphic Phishing Is Changing the Threat Landscape
Combined with AI, polymorphic phishing emails have become highly sophisticated, creating more personalized and evasive messages that result in higher attack success rates. The post AI-Powered Polymorphic Phishing Is Changing the Threat Landscape appeared first on SecurityWeek.
Published on: April 24, 2025 | Source:Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely
A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations. The vulnerability, tracked as CVE-2025-34028, carries a CVSS score of 9.0 out of a maximum of 10.0. "A critical security vulnerability has been identified in the Command Center installation, allowing remote attackers to execute arbitrary code without
Published on: April 24, 2025 | Source:Blue Shield of California Data Breach Impacts 4.7 Million People
Blue Shield of California says a website misconfiguration exposed the health information of its members to Google. The post Blue Shield of California Data Breach Impacts 4.7 Million People appeared first on SecurityWeek.
Published on: April 24, 2025 | Source:Cisco Confirms Some Products Impacted by Critical Erlang/OTP Flaw
Cisco is investigating the impact of the Erlang/OTP remote code execution vulnerability CVE-2025-32433 on its products. The post Cisco Confirms Some Products Impacted by Critical Erlang/OTP Flaw appeared first on SecurityWeek.
Published on: April 24, 2025 | Source:5.5 Million Patients Affected by Data Breach at Yale New Haven HealthΒ
Yale New Haven Health System recently discovered that the personal information of millions of patients was stolen from its systems. The post 5.5 Million Patients Affected by Data Breach at Yale New Haven Health appeared first on SecurityWeek.
Published on: April 24, 2025 | Source:WhatsApp Adds Advanced Chat Privacy to Blocks Chat Exports and Auto-Downloads
WhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block participants from sharing the contents of a conversation in traditional chats and groups. "This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy," WhatsApp said in a statement. The optional feature
Published on: April 24, 2025 | Source:'Industrial-Scale' Asian Scam Centers Expand Globally
The convergence of cybercrime, financial fraud, and organized crime poses a significant threat, especially where these syndicates excel at operating under the radar.
Published on: April 24, 2025 | Source:Microsoft Claims Steady Progress Revamping Security Culture
In the latest "Secure Future Initiative" progress report, Microsoft describes efforts to rebuild its security culture, including making security a core priority for employees during performance reviews and launching a new Secure by Design UX Toolkit.
Published on: April 23, 2025 | Source:Attackers hit security device defects hard in 2024
Mandiant said exploits were the most common initial access vector last year, linking software defects to 1 in 3 attacks. The most commonly exploited vulnerabilities affected network edge devices. The post Attackers hit security device defects hard in 2024 appeared first on CyberScoop.
Published on: April 23, 2025 | Source:Ransomware Gangs Innovate With New Affiliate Models
Secureworks research shows two ransomware operators offering multiple business models with ransomware-as-a-service, mimicking the structures and processes of legitimate businesses.
Published on: April 23, 2025 | Source:DOGE Workerβs Code Supports NLRB Whistleblower
A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk's Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency's sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub. Further investigation into one of those code bundles shows it is remarkably...
Published on: April 23, 2025 | Source:Attackers Capitalize on Mistakes to Target Schools
Verizon's "2025 Data Breach Investigations Report" highlights dire β but not new β trends in the education sector, where faculty and staff continue to fall for social engineering campaigns and make simple security errors.
Published on: April 23, 2025 | Source:North Korean Operatives Use Deepfakes in IT Job Interviews
Use of synthetic identities by malicious employment candidates is yet another way state-sponsored actors are trying to game the hiring process and infiltrate Western organizations.
Published on: April 23, 2025 | Source:10 key numbers from the 2024 FBI IC3 report
The yearly report from the bureau is filled with stats. We pulled out the most interesting ones. The post 10 key numbers from the 2024 FBI IC3 report appeared first on CyberScoop.
Published on: April 23, 2025 | Source:Japan Warns on Unauthorized Stock Trading via Stolen Credentials
Attackers are using credentials stolen via phishing websites that purport to be legitimate securities company homepages, duping victims and selling their stocks before they realize they've been hacked.
Published on: April 23, 2025 | Source:Kubernetes Pods Are Inheriting Too Many Permissions
Scalable, effective β and best of all, free β securing Kubernetes workload identity cuts cyber-risk without adding infrastructure, according to new research from SANS.
Published on: April 23, 2025 | Source:DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
Multiple threat activity clusters with ties to North Korea (aka Democratic People's Republic of Korea or DPRK) have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space. "The focus on Web3 and cryptocurrency appears to be primarily financially motivated due to the heavy sanctions that have been placed on North Korea," Google-owned Mandiant said in
Published on: April 23, 2025 | Source:Regulating AI Behavior with a Hypervisor
Interesting research: βGuillotine: Hypervisors for Isolating Malicious AIs.β Abstract:As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society. To mitigate this risk, we propose Guillotine, a hypervisor architecture for sandboxing powerful AI modelsβmodels that, by accident or malice, can generate existential threats...
Published on: April 23, 2025 | Source:Ethical Zero Day Marketplace Desired Effect Emerges From Stealth
Desired Effect provides an ethical vulnerability exchange marketplace to help defenders get ahead of attackers. The post Ethical Zero Day Marketplace Desired Effect Emerges From Stealth appeared first on SecurityWeek.
Published on: April 23, 2025 | Source:The Foundations of a Resilient Cyber Workforce
In a world where insider threats, nation-state adversaries, and technological evolution create new challenges, companies must prioritize transparency, ethical leadership, and a culture rooted in trust.
Published on: April 23, 2025 | Source:Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation
The cash infusion brings Chainguardβs total funding to about $612 million since launching in 2021 and prices the company at $3.5 billion. The post Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation appeared first on SecurityWeek.
Published on: April 23, 2025 | Source:Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign
The Iran-nexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a job-themed social engineering campaign aimed at Israel in October 2024. Google-owned Mandiant described UNC2428 as a threat actor aligned with Iran that engages in cyber espionage-related operations. The intrusion set is said to have distributed the malware through a "complex
Published on: April 23, 2025 | Source:Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices
Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the guise of the Alpine Quest mapping software. "The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it in various ways, including through one of the Russian Android app catalogs," Doctor Web said in an
Published on: April 23, 2025 | Source:Picnic Corporation Rebrands to VanishID, Raises $10 Million
Picnic Corporation has rebranded to VanishID and announced the launch of a CEO privacy and security offering. The post Picnic Corporation Rebrands to VanishID, Raises $10 Million appeared first on SecurityWeek.
Published on: April 23, 2025 | Source:Three Reasons Why the Browser is Best for Stopping Phishing Attacks
Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a bigger threat than ever before. Attackers are increasingly leveraging identity-based techniques over software exploits, with phishing and stolen credentials (a byproduct of phishing) now the primary
Published on: April 23, 2025 | Source:Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp
Multiple suspected Russia-linked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since early March 2025. The highly targeted social engineering operations, per Volexity, are a shift from previously documented attacks that leveraged a technique known as device code
Published on: April 23, 2025 | Source: