Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
'Elusive Comet' Attackers Use Zoom to Swindle Victims
The threat actor uses sophisticated social engineering techniques to infect a victim's device, either with an infostealer or remote access Trojan (RAT).
Published on: April 21, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Microsoft Purges Dormant Azure Tenants, Rotates Keys to Prevent Repeat Nation-State Hackย
Microsoft security chief Charlie Bell says the SFI's 28 objectives are โnear completionโ and that 11 others have made โsignificant progress.โ The post Microsoft Purges Dormant Azure Tenants, Rotates Keys to Prevent Repeat Nation-State Hack appeared first on SecurityWeek.
Published on: April 21, 2025 | Source:Nation-State Threats Put SMBs in Their Sights
Cyberthreat groups increasingly see small and medium-sized businesses, especially those with links to larger businesses, as the weak link in the supply chain for software and IT services.
Published on: April 21, 2025 | Source:Judge limits evidence about NSO Group customers, victims in damages trial
The ruling strikes at NSO Groupโs fundamental strategy in the case, one observer noted. The post Judge limits evidence about NSO Group customers, victims in damages trial appeared first on CyberScoop.
Published on: April 21, 2025 | Source:Can Cybersecurity Weather the Current Economic Chaos?
Cybersecurity firms tend to be more software- and service-oriented than their peers, and threats tend to increase during a downturn, leaving analysts hopeful that the industry will buck a recession.
Published on: April 21, 2025 | Source:Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan
Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC). "In some systems, initial access was gained through
Published on: April 21, 2025 | Source:Multiple top CISA officials behind โSecure by Designโ resignย
In a statement to CyberScoop, acting Director Bridget Bean said that encouraging the private sector to build more secure products will continue to be a priority at the agency. The post Multiple top CISA officials behind โSecure by Designโ resign appeared first on CyberScoop.
Published on: April 21, 2025 | Source:ASUS Urges Users to Patch AiCloud Router Vuln Immediately
The vulnerability is only found in the vendor's router series and can be triggered by an attacker using a crafted request โ all of which helps make it a highly critical vulnerability with a 9.2 CVSS score.
Published on: April 21, 2025 | Source:North Korean Cryptocurrency Thieves Caught Hijacking Zoom โRemote Controlโ Feature
North Korean cryptocurrency thieves abusing Zoom Remote collaboration feature to target cryptocurrency traders with malware. The post North Korean Cryptocurrency Thieves Caught Hijacking Zoom โRemote Controlโ Feature appeared first on SecurityWeek.
Published on: April 21, 2025 | Source:SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks
A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to
Published on: April 21, 2025 | Source:The Global AI Race: Balancing Innovation and Security
The AI security race is on โ and it will be won where defenders come together with developers and researchers to do things right.
Published on: April 21, 2025 | Source:Kenzo Security Raises $4.5 Million for Agentic AI Security Operations Platform
Kenzo Security has emerged from stealth mode after 18 months of developing its agentic AI security platform. The post Kenzo Security Raises $4.5 Million for Agentic AI Security Operations Platform appeared first on SecurityWeek.
Published on: April 21, 2025 | Source:Bot Traffic Surpasses Humans OnlineโDriven by AI and Criminal Innovation
With 51% of internet traffic now bot-driven and a growing share of it malicious, organizations must prepare for an era of more evasive, AI-assisted automation. The post Bot Traffic Surpasses Humans OnlineโDriven by AI and Criminal Innovation appeared first on SecurityWeek.
Published on: April 21, 2025 | Source:5 Reasons Device Management Isn't Device Trustโ
The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors โ credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture. The solution is more complex. For this article, weโll focus on the device threat vector. The risk they pose is significant, which is why device
Published on: April 21, 2025 | Source:Countries Shore Up Their Digital Defenses as Global Tensions Raise the Threat of Cyberwarfare
Countries around the world are preparing for greater digital conflict as increasing global tensions and a looming trade war have raised the stakes. The post Countries Shore Up Their Digital Defenses as Global Tensions Raise the Threat of Cyberwarfare appeared first on SecurityWeek.
Published on: April 21, 2025 | Source:โก THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More
Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes โ and thatโs exactly what we saw in last weekโs activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps โ like a misconfigured pipeline, a trusted browser feature,
Published on: April 21, 2025 | Source:โก Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More
Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes โ and thatโs exactly what we saw in last weekโs activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps โ like a misconfigured pipeline, a trusted browser feature,
Published on: April 21, 2025 | Source:Lantronix Device Used in Critical Infrastructure Exposes Systems to Remote Hacking
Lantronixโs XPort device is affected by a critical vulnerability that can be used for takeover and disruption, including in the energy sector. The post Lantronix Device Used in Critical Infrastructure Exposes Systems to Remote Hacking appeared first on SecurityWeek.
Published on: April 21, 2025 | Source:Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66. The activity, detected since January 8, 2025, targeted organizations worldwide, according to a two-part analysis published by Trustwave SpiderLabs last week. "Net
Published on: April 21, 2025 | Source:APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures
The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that's targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. "While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initial-stage tool
Published on: April 20, 2025 | Source:Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below - node-telegram-utils (132 downloads) node-telegram-bots-api (82 downloads) node-telegram-util (73 downloads) According to supply chain
Published on: April 19, 2025 | Source:ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices. The vulnerability, tracked as CVE-2025-2492, has a CVSS score of 9.2 out of a maximum of 10.0. "An improper authentication control vulnerability exists in certain ASUS router firmware series,"
Published on: April 19, 2025 | Source:Friday Squid Blogging: Live Colossal Squid Filmed
A live colossal squid was filmed for the first time in the ocean. Itโs only a juvenile: a foot long. As usual, you can also use this squid post to talk about the security stories in the news that I havenโt covered.
Published on: April 18, 2025 | Source:Could Ransomware Survive Without Cryptocurrency?
Threat actors would be at least temporarily derailed, experts say. But the real issue ladders back to organizationsโ weak cyber hygiene.
Published on: April 18, 2025 | Source:AWWA Supports Introduction of Collaborative Cybersecurity Legislation
Published on: April 18, 2025 | Source:
Organizations Fix Less Than Half of All Exploitable Vulnerabilities, With Just 21% of GenAI App Flaws Resolved
Published on: April 18, 2025 | Source:
Attackers and Defenders Lean on AI in Identity Fraud Battle
Identity verification, insurance claims, and financial services are all seeing surges in AI-enabled fraud, but organizations are taking advantage of AI systems to fight fire with fire.
Published on: April 18, 2025 | Source:Chinese APT Mustang Panda Debuts 4 New Attack Tools
The notorious nation-state-backed threat actor has added two new keyloggers, a lateral movement tool, and an endpoint detection and response (EDR) evasion driver to its arsenal.
Published on: April 18, 2025 | Source:The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools
With unapproved AI tools entrenched in daily workflows, experts say itโs time to shift from monitoring to managing Shadow AI use across the enterprise. The post The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools appeared first on SecurityWeek.
Published on: April 18, 2025 | Source:CISA Weighs In on Alleged Oracle Cloud Breach
The agency is recommending that organizations and individuals implement its recommendations to prevent the misuse of stolen data, though Oracle has yet to publicly do the same for its customers.
Published on: April 18, 2025 | Source:Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States
Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by 'Wang Duo Yu,'" Cisco Talos researchers Azim Khodjibaev, Chetan
Published on: April 18, 2025 | Source:If Boards Don't Fix OT Security, Regulators Will
Around the world, governments are setting higher-bar regulations with clear corporate accountability for breaches on the belief organizations won't drive up security maturity for operational technology unless they're made to.
Published on: April 18, 2025 | Source:Apple Zero-Days Under 'Sophisticated Attack,' but Details Lacking
The technology giant said two zero-day vulnerabilities were used in attacks on iOS devices against "specific targeted individuals," which suggests spyware or nation-state threat activity.
Published on: April 18, 2025 | Source:Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader
A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution," Palo Alto Networks Unit 42 researcher Saqib Khanzada said in a technical write-up of the campaign. The
Published on: April 18, 2025 | Source:In Other News: 4chan Hacked, Android Auto-Reboot, Nemesis Admin Charged
Noteworthy stories that might have slipped under the radar: 4chan hacked, auto-reboot security feature coming to Android, Iranian administrator of Nemesis charged in US. The post In Other News: 4chan Hacked, Android Auto-Reboot, Nemesis Admin Charged appeared first on SecurityWeek.
Published on: April 18, 2025 | Source: