Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Events Giant Legends International Hacked
Legends International says the personal information of employees and customers was compromised as a result of a cyberattack. The post Events Giant Legends International Hacked appeared first on SecurityWeek.
Published on: April 18, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Ahold Delhaize Confirms Data Stolen in Ransomware Attack
Ahold Delhaize has confirmed that data was stolen from its systems in November 2024 after a ransomware group claimed the attack. The post Ahold Delhaize Confirms Data Stolen in Ransomware Attack appeared first on SecurityWeek.
Published on: April 18, 2025 | Source:[Webinar] AI Is Already Inside Your SaaS Stack β Learn How to Prevent the Next Silent Breach
Your employees didnβt mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AI-enhanced tool. Integrated a chatbot into Salesforce. No big dealβuntil it is. If this sounds familiar, you're not alone. Most security teams are already behind in detecting how AI tools are quietly reshaping their SaaS environments. And
Published on: April 18, 2025 | Source:Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT
Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States. "From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence," Cisco Talos researcher Joey Chen said in a Thursday analysis.
Published on: April 18, 2025 | Source:CVE-2025-24054 Under Active AttackβSteals NTLM Credentials on File Download
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure
Published on: April 18, 2025 | Source:Dogged by Trump, Chris Krebs Resigns From SentinelOne
The president revoked the former CISA director's security clearance, half a decade after Krebs challenged right-wing election disinformation, prompting his eventual resignation.
Published on: April 17, 2025 | Source:PromptArmor Launches to Help Assess, Monitor Third-Party AI Risks
The AI security startup has already made waves with critical vulnerability discoveries and seeks to address emerging AI concerns with its PromptArmor platform.
Published on: April 17, 2025 | Source:House investigation into DeepSeek teases out funding, security realities around Chinese AI tool
A new report fleshes out the resources that went into building DeepSeekβs R1 reasoning model and potential risks to U.S. economic and national security. The post House investigation into DeepSeek teases out funding, security realities around Chinese AI tool appeared first on CyberScoop.
Published on: April 17, 2025 | Source:Age Verification Using Facial Scans
Discord is testing the feature: βWeβre currently running tests in select regions to age-gate access to certain spaces or user settings,β a spokesperson for Discord said in a statement. βThe information shared to power the age verification method is only used for the one-time age verification process and is not stored by Discord or our vendor. For Face Scan, the solution our vendor uses operates on-device, which means...
Published on: April 17, 2025 | Source:Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects
Minh Phuong Ngoc Vong pleaded guilty to defrauding US companies of roughly $1 million in a fake IT worker scheme. The post Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects appeared first on SecurityWeek.
Published on: April 17, 2025 | Source:Man Helped Individuals in China Get Jobs Involving Sensitive US Government Projects
Minh Phuong Ngoc Vong pleaded guilty to defrauding US companies of roughly $1 million in a fake IT worker scheme. The post Man Helped Individuals in China Get Jobs Involving Sensitive US Government Projects appeared first on SecurityWeek.
Published on: April 17, 2025 | Source:CVE Program Cuts Send the Cyber Sector Into Panic Mode
After threatening to slash support for the CVE program, CISA threw MITRE a lifeline at the last minute β extending its government contract for another 11 months. After that, it looks like it's up to the private sector to find the cash to keep it going.
Published on: April 17, 2025 | Source:Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. This includes updated versions of a known backdoor called TONESHELL, as well as a new lateral movement
Published on: April 17, 2025 | Source:Chris Krebs resigns from SentinelOne to focus on fighting Trumpβs executive order
The former CISA director departed the cybersecurity company in response to the order, which directs DOJ to investigate him. The post Chris Krebs resigns from SentinelOne to focus on fighting Trumpβs executive order appeared first on CyberScoop.
Published on: April 17, 2025 | Source:Cybersecurity by Design: When Humans Meet Technology
If security tools are challenging to use, people will look for workarounds to get around the restrictions.
Published on: April 17, 2025 | Source:Demystifying Security Posture Management
While the Security Posture Management buzz is real, its long-term viability depends on whether it can deliver measurable outcomes without adding more complexity. The post Demystifying Security Posture Management appeared first on SecurityWeek.
Published on: April 17, 2025 | Source:35 countries use Chinese networks for transporting mobile user traffic, posing cyber risks
An analysis from iVerify found U.S. allies on the list where mobile providers employ China-based networks. The post 35 countries use Chinese networks for transporting mobile user traffic, posing cyber risks appeared first on CyberScoop.
Published on: April 17, 2025 | Source:Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking
Servers exposed to complete takeover due to CVE-2025-32433, an unauthenticated remote code execution flaw in Erlang/OTP SSH. The post Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking appeared first on SecurityWeek.
Published on: April 17, 2025 | Source:Why βOne Communityβ Resonates in Cybersecurity
Our collective voices and one community will provide the intelligence we need to safeguard our businesses in todayβs modern digital environment. The post Why βOne Communityβ Resonates in Cybersecurity appeared first on SecurityWeek.
Published on: April 17, 2025 | Source:State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns
Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025. The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 (aka Kimsuky), TA450 (aka MuddyWater),
Published on: April 17, 2025 | Source:Artificial Intelligence β What's all the fuss?
Talking about AI: Definitions Artificial Intelligence (AI) β AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decision-making and problem-solving. AI is the broadest concept in this field, encompassing various technologies and methodologies, including Machine Learning (ML) and Deep Learning. Machine
Published on: April 17, 2025 | Source:CISA Issues Guidance After Oracle Cloud Hack
CISA is making recommendations for organizations and users in light of the recent Oracle legacy cloud environment hack. The post CISA Issues Guidance After Oracle Cloud Hack appeared first on SecurityWeek.
Published on: April 17, 2025 | Source:Chinese APT Mustang Panda Updates, Expands Arsenal
The Chinese state-sponsored group Mustang Panda has used new and updated malicious tools in a recent attack. The post Chinese APT Mustang Panda Updates, Expands Arsenal appeared first on SecurityWeek.
Published on: April 17, 2025 | Source:Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0. "The vulnerability allows an attacker with network access to an Erlang/OTP SSH server
Published on: April 17, 2025 | Source:Blockchain Offers Security Benefits β But Don't Neglect Your Passwords
Blockchain is best known for its use in cryptocurrencies like Bitcoin, but it also holds significant applications for online authentication. As businesses in varying sectors increasingly embrace blockchain-based security tools, could the technology one day replace passwords? How blockchain works Blockchain is a secure way to maintain, encrypt, and exchange digital records of transactions.
Published on: April 17, 2025 | Source:SonicWall Flags Old Vulnerability as Actively Exploited
A SonicWall SMA 100 series vulnerability patched in 2021, which went unnoticed at the time of patching, is being exploited in the wild. The post SonicWall Flags Old Vulnerability as Actively Exploited appeared first on SecurityWeek.
Published on: April 17, 2025 | Source:CapCut copycats are on the prowl
Cybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead
Published on: April 17, 2025 | Source:Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers
Microsoft is calling attention to an ongoing malvertising campaign that makes use of Node.js to deliver malicious payloads capable of information theft and data exfiltration. The activity, first detected in October 2024, uses lures related to cryptocurrency trading to trick users into installing a rogue installer from fraudulent websites that masquerade as legitimate software like Binance or
Published on: April 17, 2025 | Source:MITRE Hackersβ Backdoor Has Targeted Windows for Years
Windows versions of the BrickStorm backdoor that the Chinese APT used in the MITRE hack last year have been active for years. The post MITRE Hackersβ Backdoor Has Targeted Windows for Years appeared first on SecurityWeek.
Published on: April 17, 2025 | Source:Middle East, North Africa Security Spending to Top $3B
Gartner projects IT security spending in the MENA region will continue to increase in 2025, with security services accounting for the most growth.
Published on: April 17, 2025 | Source:CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection
Published on: April 17, 2025 | Source:Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks
Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-31200 (CVSS score: 7.5) - A memory corruption vulnerability in the Core Audio framework that could allow code execution when processing an audio
Published on: April 17, 2025 | Source:GPS Spoofing Attacks Spike in Middle East, Southeast Asia
An Indian disaster-relief flight delivering aid is the latest air-traffic incident, as attacks increase in the Middle East and Myanmar and along the India-Pakistan border.
Published on: April 17, 2025 | Source:Krebs Exits SentinelOne After Security Clearance Pulled
Chris Krebs has resigned from SentinelOne after security clearance withdrawn and an order to review CISAβs conduct under his leadership. The post Krebs Exits SentinelOne After Security Clearance Pulled appeared first on SecurityWeek.
Published on: April 16, 2025 | Source:Multiple Groups Exploit NTLM Flaw in Microsoft Windows
The attacks have been going on since shortly after Microsoft patched the vulnerability in March.
Published on: April 16, 2025 | Source: