Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXIn Other News: Norway Dam Hacked, $177M Data Breach Settlement, UNFI Attack Update
Noteworthy stories that might have slipped under the radar: Norwegian dam hacked, AT&T agrees to $177 million data breach settlement, Whole Foods distributor restores systems after attack. The post In Other News: Norway Dam Hacked, $177M Data Breach Settlement, UNFI Attack Update appeared first on SecurityWeek.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Vulnerability Debt: How Do You Put a Price on What to Fix?
Putting a vulnerability debt figure together involves work, but having vulnerability debt figures lets you measure real-world values against your overall security posture.
PUBLOAD and Pubshell Malware Used in Mustang Panda's Tibet-Specific Attack
A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community. The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians' Convention on Tibet (WPCT), China's education policy in the Tibet Autonomous Region (TAR), and a recently published book by the 14th Dalai Lama,
US Falling Behind China in Exploit Production
Cyber operations have become critical to national security, but the United States has fallen behind in one significant area β exploit production βwhile China has built up a significant lead.
Microsoft to Preview New Windows Endpoint Security Platform After CrowdStrike OutageΒ
Microsoft is preparing a private preview of new Windows endpoint security platform capabilities to help antimalware vendors create solutions that run outside the kernel. The post Microsoft to Preview New Windows Endpoint Security Platform After CrowdStrike Outage appeared first on SecurityWeek.
The Age of Integrity
We need to talk about data integrity. Narrowly, the term refers to ensuring that data isnβt tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations about allergies from medical records are all integrity attacks. More broadly, integrity refers to ensuring that data is correct and accurate from the point it...
Business Case for Agentic AI SOC Analysts
Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Todayβs security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending. At the same time, SOC inefficiencies are draining resources. Studies show that up to half of all
Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit
A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit. The activity has been attributed with medium confidence to a Chinese hacking group called Silver Fox (aka Void Arachne), citing similarities in tradecraft with previous campaigns attributed to the threat actor.
RevEng.ai Raises $4.15 Million to Secure Software Supply Chain
RevEng.ai has raised $4.15 million in seed funding for an AI platform that automatically detects malicious code and vulnerabilities in software. The post RevEng.ai Raises $4.15 Million to Secure Software Supply Chain appeared first on SecurityWeek.
Chinese Hackers Target Chinese Users With RAT, Rootkit
China-linked Silver Fox hacking group is targeting Chinese users with fake installers carrying a RAT and a rootkit. The post Chinese Hackers Target Chinese Users With RAT, Rootkit appeared first on SecurityWeek.
Evidence Suggests Exploitation of CitrixBleed 2 Vulnerability
The Citrix NetScaler vulnerability tracked as CitrixBleed 2 and CVE-2025β5777 may be exploited in the wild for initial access. The post Evidence Suggests Exploitation of CitrixBleed 2 Vulnerability appeared first on SecurityWeek.
Vulnerability Exposed All Open VSX Repositories to Takeover
A vulnerability in the extension publishing mechanism of Open VSX could have allowed attackers to tamper with any repository. The post Vulnerability Exposed All Open VSX Repositories to Takeover appeared first on SecurityWeek.
Microsoft 365 Direct Send Abused for Phishing
Hackers are abusing the Microsoft 365 Direct Send feature to deliver phishing emails that bypass email security controls. The post Microsoft 365 Direct Send Abused for Phishing appeared first on SecurityWeek.
MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted
Threat intelligence firm GreyNoise is warning of a "notable surge" in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025βsuggesting that attackers may be preparing for another mass exploitation campaign or probing for unpatched systems.MOVEit Transfer is a popular managed file transfer solution used by businesses and government agencies to share sensitive data
OneClik Red Team Campaign Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors
Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft's ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors. "The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious," Trellix researchers Nico Paulo
'Cyber Fattah' Hacktivist Group Leaks Saudi Games Data
As tensions in the Middle East rise, hacktivist groups are coming out of the woodwork with their own agendas, leading to notable shifts in the hacktivist threat landscape.
'IntelBroker' Suspect Arrested, Charged in High-Profile Breaches
A British national arrested earlier this year in France was charged by the US Department of Justice in connection with a string of major cyberattacks.
Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks
Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry ("open-vsx[.]org") that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk. "This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full control
Bipartisan Bill Aims to Block Chinese AI From Federal Agencies
The proposal seeks to ban all use of the technology in the U.S. government, with exceptions for use in research and counterterrorism efforts. The post Bipartisan Bill Aims to Block Chinese AI From Federal Agencies appeared first on SecurityWeek.
Notorious cybercriminal βIntelBrokerβ arrested in France, awaits extradition to US
Kai West, a 25-year-old British national, is accused of stealing data from more than 40 organizations during a two-year spree. The post Notorious cybercriminal βIntelBrokerβ arrested in France, awaits extradition to US appeared first on CyberScoop.
[Virtual Event] Strategic Security for the Modern Enterprise
How Geopolitical Tensions Are Shaping Cyber Warfare
In today's cyber battlefield, resilience starts with readiness, and the cost of falling short increases by the day.
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access
Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry a CVSS score of 10.0 each. A description of the defects is
New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks
The ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517% between the second half of 2024 and the first half of this year, according to data from ESET. "The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans, cryptominers, post-exploitation tools, and even
Man Who Hacked Organizations to Advertise Security Services Pleads Guilty
Nicholas Michael Kloster has pleaded guilty to computer hacking after targeting at least two organizations. The post Man Who Hacked Organizations to Advertise Security Services Pleads Guilty appeared first on SecurityWeek.
Bonfy.AI Raises $9.5 Million for Adaptive Content Security Platform
Bonfy.AI has emerged from stealth mode to help organizations prevent cybersecurity, privacy and compliance risks. The post Bonfy.AI Raises $9.5 Million for Adaptive Content Security Platform appeared first on SecurityWeek.
White House Bans WhatsApp
Reuters is reporting that the White House has banned WhatsApp on all employee devices: The notice said the βOffice of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use.β TechCrunch has more commentary, but no more information.
The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience
SaaS Adoption is Skyrocketing, Resilience Hasnβt Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesnβt. These platforms werenβt built with full-scale data
CISA Warns AMI BMC Vulnerability Exploited in the Wild
CISA is urging federal agencies to patch a recent AMI BMC vulnerability and a half-a-decade-old bug in FortiOS by July 17. The post CISA Warns AMI BMC Vulnerability Exploited in the Wild appeared first on SecurityWeek.
ESET Threat Report H1 2025
A view of the H1 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
Central Kentucky Radiology Data Breach Impacts 167,000
The personal information of 167,000 individuals was compromised in an October 2024 data breach at Central Kentucky Radiology. The post Central Kentucky Radiology Data Breach Impacts 167,000 appeared first on SecurityWeek.
Critical Cisco ISE Vulnerabilities Allow Remote Code ExecutionΒ
Two critical vulnerabilities in Cisco ISE could allow remote attackers to execute arbitrary code with root privileges. The post Critical Cisco ISE Vulnerabilities Allow Remote Code Execution appeared first on SecurityWeek.
Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks
An Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps (IRGC) has been linked to a spear-phishing campaign targeting journalists, high-profile cyber security experts, and computer science professors in Israel. "In some of those campaigns, Israeli technology and cyber security professionals were approached by attackers who posed as fictitious assistants to
British Man Suspected of Being the Hacker IntelBroker Arrested, Charged
25-year-old Kai West, believed to be the hacker IntelBroker, was arrested in France and charged by the United States. The post British Man Suspected of Being the Hacker IntelBroker Arrested, Charged appeared first on SecurityWeek.
Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa
Cybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open-source and publicly available tools to maintain access. Palo Alto Networks Unit 42 is tracking the activity under the moniker CL-CRI-1014, where "CL" refers to "cluster" and "CRI" stands for "criminal motivation." It's suspected