Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Apple Quashes Two Zero-Days With iOS, MacOS Patches
The vulnerabilities are described as code execution and mitigation bypass issues that affect Appleβs iOS, iPadOS and macOS platforms. The post Apple Quashes Two Zero-Days With iOS, MacOS Patches appeared first on SecurityWeek.
Published on: April 16, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Ransomware gang 'CrazyHunter' Targets Critical Taiwanese Orgs
Trend Micro researchers detailed an emerging ransomware campaign by a new group known as "CrazyHunter" that is targeting critical sectors in Taiwan.
Published on: April 16, 2025 | Source:NIST Updates Privacy Framework With AI and Governance Revisions
Changes aim to tighten integration with the National Institute of Standards and Technology's Cybersecurity Framework and help organizations develop a stronger posture to handle privacy risks.
Published on: April 16, 2025 | Source:Patch Now: NVDIA Flaws Expose AI Models, Critical Infrastructure
A fix for a critical flaw in a tool allowing organizations to run GPU-accelerated containers released last year did not fully mitigate the issue, spurring the need to patch a secondary flaw to protect organizations that rely on NVIDIA processors for AI workloads.
Published on: April 16, 2025 | Source:Patch Now: NVIDIA Flaws Expose AI Models, Critical Infrastructure
A fix for a critical flaw in a tool allowing organizations to run GPU-accelerated containers released last year did not fully mitigate the issue, spurring the need to patch a secondary flaw to protect organizations that rely on NVIDIA processors for AI workloads.
Published on: April 16, 2025 | Source:MITRE CVE Program Gets Last-Hour Funding Reprieve
The US government's cybersecurity agency CISA has βexecuted the option period on the contractβ to keep the vulnerability catalog operational. The post MITRE CVE Program Gets Last-Hour Funding Reprieve appeared first on SecurityWeek.
Published on: April 16, 2025 | Source:Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler
Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues have been uncovered in a binary named "schtasks.exe," which enables an administrator to create, delete, query, change,
Published on: April 16, 2025 | Source:New Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with Logs
Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues have been uncovered in a binary named "schtasks.exe," which enables an administrator to create, delete, query, change,
Published on: April 16, 2025 | Source:Cloud, Cryptography Flaws in Mobile Apps Leak Enterprise Data
Cloud misconfigurations and cryptography flaws plague some of the top apps used in work environments, exposing organizations to risk and intrusion.
Published on: April 16, 2025 | Source:CVE Program Almost Unfunded
Mitreβs CVEβs programβwhich provides common naming and other informational resources about cybersecurity vulnerabilitiesβwas about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal. The CVE program is one of those pieces of common infrastructure that everyone benefits from. Losing it will bring us back to a...
Published on: April 16, 2025 | Source:CISA reverses course, extends MITRE CVE contract
While the last-minute extension averts an immediate lapse in support, rival organizations are being stood up to supplant the global vulnerability system. The post CISA reverses course, extends MITRE CVE contract appeared first on CyberScoop.
Published on: April 16, 2025 | Source:Many Mobile Apps Fail Basic SecurityβPosing Serious Risks to Enterprises
Top-ranked mobile apps found using hardcoded keys and exposed cloud buckets. The post Many Mobile Apps Fail Basic SecurityβPosing Serious Risks to Enterprises appeared first on SecurityWeek.
Published on: April 16, 2025 | Source:Active Directory Recovery Can't Be an Afterthought
Active Directory is one of the most vulnerable access points in an organization's IT environment. Companies cannot wait for a real attack to pressure-test their AD recovery strategy.
Published on: April 16, 2025 | Source:Pillar Security Banks $9M for AI Security Guardrails
Shield Capital leads a $9 million seed-stage funding round for Israeli startup building technologies for AI security and privacy guardrails. The post Pillar Security Banks $9M for AI Security Guardrails appeared first on SecurityWeek.
Published on: April 16, 2025 | Source:Exclusive: Peters, Rounds tee up bill to renew expiring cyber threat information sharing law
The law is due to lapse in September, something cyber experts and industry officials say would be a huge loss. The post Exclusive: Peters, Rounds tee up bill to renew expiring cyber threat information sharing law appeared first on CyberScoop.
Published on: April 16, 2025 | Source:Google Blocked 5.1B Harmful Ads and Suspended 39.2M Advertiser Accounts in 2024
Google on Wednesday revealed that it suspended over 39.2 million advertiser accounts in 2024, with a majority of them identified and blocked by its systems before it could serve harmful ads to users. In all, the tech giant said it stopped 5.1 billion bad ads, restricted 9.1 billion ads, and blocked or restricted ads on 1.3 billion pages last year. It also suspended over 5 million accounts for
Published on: April 16, 2025 | Source:Ransomware Group Claims Hacking of Oregon Regulator After Data Breach Denial
The Rhysida ransomware gang claims to have stolen 2.5 Tb of files from the Oregon Department of Environmental Quality. The post Ransomware Group Claims Hacking of Oregon Regulator After Data Breach Denial appeared first on SecurityWeek.
Published on: April 16, 2025 | Source:Enhanced Version of βBPFDoorβ Linux Backdoor Seen in the Wild
In recent attacks, the state-sponsored backdoor BPFDoor is using a controller to open a reverse shell and move laterally. The post Enhanced Version of βBPFDoorβ Linux Backdoor Seen in the Wild appeared first on SecurityWeek.
Published on: April 16, 2025 | Source:Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins
Threat actors are leveraging an artificial intelligence (AI) powered presentation platform named Gamma in phishing attacks to direct unsuspecting users to spoofed Microsoft login pages. "Attackers weaponize Gamma, a relatively new AI-based presentation tool, to deliver a link to a fraudulent Microsoft SharePoint login portal," Abnormal Security researchers Callie Hinman Baron and Piotr Wojtyla
Published on: April 16, 2025 | Source:From Third-Party Vendors to U.S. Tariffs: The New Cyber Risks Facing Supply Chains
Introduction Cyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue to expand their reliance on third-party vendors, cloud-based services, and global logistics networks, cybercriminals are exploiting vulnerabilities within these interconnected systems to launch attacks. By first infiltrating a third-party vendor with undetected
Published on: April 16, 2025 | Source:Critical Vulnerability Found in Apache Roller Blog Server
A critical vulnerability in Apache Roller could be used to maintain persistent access by reusing older sessions even after password changes. The post Critical Vulnerability Found in Apache Roller Blog Server appeared first on SecurityWeek.
Published on: April 16, 2025 | Source:Microsoft Warns of Node.js Abuse for Malware Delivery
In the past months Microsoft has seen multiple campaigns involving Node.js to deliver malware and other malicious payloads. The post Microsoft Warns of Node.js Abuse for Malware Delivery appeared first on SecurityWeek.
Published on: April 16, 2025 | Source:New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks
Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024. "The controller could open a reverse shell," Trend Micro researcher Fernando MercΓͺs said in a technical report published earlier in
Published on: April 16, 2025 | Source:Chrome 135, Firefox 137 Updates Patch Severe Vulnerabilities
Chrome 135 and Firefox 137 updates have been rolled out with patches for critical- and high-severity vulnerabilities. The post Chrome 135, Firefox 137 Updates Patch Severe Vulnerabilities appeared first on SecurityWeek.
Published on: April 16, 2025 | Source:Product Walkthrough: A Look Inside Wing Security's Layered SaaS Identity Defense
Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and
Published on: April 16, 2025 | Source:Theyβre coming for your data: What are infostealers and how do I stay safe?
Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more β all in a quest for your sensitive data
Published on: April 16, 2025 | Source:Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users
Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024. While using malware-laced apps to steal financial information is not a new phenomenon, the new findings from Russian antivirus vendor Doctor Web point to
Published on: April 16, 2025 | Source:U.S. Govt. Funding for MITRE's CVE Ends April 16, Cybersecurity Community on Alert
The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures (CVE) program will expire Wednesday, an unprecedented development that could shake up one of the foundational pillars of the global cybersecurity ecosystem. The 25-year-old CVE program is a valuable tool for vulnerability management, offering a de facto standard to
Published on: April 16, 2025 | Source:Funding Expires for Key Cyber Vulnerability Database
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE) program -- which is traditionally funded each year by the Department of...
Published on: April 16, 2025 | Source:MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty
MITRE warns of a deterioration of national vulnerability databases and advisories, slowed vendor reaction and limited response operations. The post MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty appeared first on SecurityWeek.
Published on: April 15, 2025 | Source:Max Severity Bug in Apache Roller Enabled Persistent Access
The remediated flaw gave adversaries a way to maintain access to the app through password resets.
Published on: April 15, 2025 | Source:With AI's Help, Bad Bots Are Taking Over the Web
Bad bots are becoming increasingly difficult to detect as they more easily mimic human behaviors and utilize evasion techniques, researchers say.
Published on: April 15, 2025 | Source:AI-Powered Presentation Tool Leveraged in Phishing Attacks
Researchers at Abnormal Security said threat actors are using a legitimate presentation and graphic design tool named "Gamma" in phishing attacks.
Published on: April 15, 2025 | Source:Virtue AI Attracts $30M Investment to Address Critical AI Deployment Risks
San Francisco startup banks $30 million in Seed and Series A funding led by Lightspeed Venture Partners and Walden Catalyst Ventures. The post Virtue AI Attracts $30M Investment to Address Critical AI Deployment Risks appeared first on SecurityWeek.
Published on: April 15, 2025 | Source:Hertz Falls Victim to Cleo Zero-Day Attacks
Customer data such as birth dates, credit card numbers, and driver's license information were stolen when threat actors exploited zero-day vulnerabilities in Cleo-managed file-transfer products.
Published on: April 15, 2025 | Source: