Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Chinese law enforcement places NSA operatives on wanted list over alleged cyberattacks
The allegations, supported by the foreign ministry, are more specific and aggressive than usual and say the U.S. sought to disrupt the Asian Winter Games. The post Chinese law enforcement places NSA operatives on wanted list over alleged cyberattacks appeared first on CyberScoop.
Published on: April 15, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Insurance Firm Lemonade Says API Glitch Exposed Some Driverβs License Numbers
Lemonade says the incident is not material and that its operations were not compromised, nor was its customer data targeted. The post Insurance Firm Lemonade Says API Glitch Exposed Some Driverβs License Numbers appeared first on SecurityWeek.
Published on: April 15, 2025 | Source:Wave of Wine-Inspired Phishing Attacks Targets EU Diplomats
Russia-backed APT29's latest campaign once again uses malicious invites to wine-tasting events as its lure, but this time targets a different set of vintages β errr, victims β and delivers a novel backdoor, GrapeLoader.
Published on: April 15, 2025 | Source:Slopsquatting
As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those namesβlaced with malware, of course. EDITED TO ADD (1/22): Research paper. Slashdot thread.
Published on: April 15, 2025 | Source:Chinese espionage group leans on open-source tools to mask intrusions
Sysdig researchers say UNC5174βs use of open-source tools like VShell and WebSockets has likely helped the group mask its presence in other campaigns. The post Chinese espionage group leans on open-source tools to mask intrusions appeared first on CyberScoop.
Published on: April 15, 2025 | Source:Kidney Dialysis Services Provider DaVita Hit by Ransomware
DaVita has not named the ransomware group behind the incident or share details on the attackerβs ransom demands. The post Kidney Dialysis Services Provider DaVita Hit by Ransomware appeared first on SecurityWeek.
Published on: April 15, 2025 | Source:Conduent Says Names, Social Security Numbers Stolen in Cyberattack
The business services provider confirms personal information such as names and Social Security numbers was stolen in a January cyberattack. The post Conduent Says Names, Social Security Numbers Stolen in Cyberattack appeared first on SecurityWeek.
Published on: April 15, 2025 | Source:2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches
In fresh filings, Landmark Admin and Young Consulting say data breaches back in 2024 impacted more people than initially estimated. The post 2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches appeared first on SecurityWeek.
Published on: April 15, 2025 | Source:Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems. "Threat actors are increasingly using open source tools in their arsenals for cost-effectiveness and obfuscation to save money and, in this case, plausibly blend in with the pool of
Published on: April 15, 2025 | Source:China-Backed Threat Actor 'UNC5174' Using Open Source Tools in Stealthy Attacks
Sysdig researchers detailed an ongoing campaign from China-backed threat actor UNC5174, which is using open source hacking tools to stay under the radar.
Published on: April 15, 2025 | Source:Are We Prioritizing the Wrong Security Metrics?
True security isn't about meeting deadlines β it's about mitigating risk in a way that aligns with business objectives while protecting against real-world threats.
Published on: April 15, 2025 | Source:Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence
A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change. The flaw, assigned the CVE identifier CVE-2025-24859, carries a CVSS score of 10.0, indicating maximum severity. It affects all versions of Roller up to and including 6.1.4.
Published on: April 15, 2025 | Source:Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds
Everybody knows browser extensions are embedded into nearly every userβs daily workflow, from spell checkers to GenAI tools. What most IT and security people donβt know is that browser extensionsβ excessive permissions are a growing risk to organizations. LayerX today announced the release of the Enterprise Browser Extension Security Report 2025, This report is the first and only report to merge
Published on: April 15, 2025 | Source:Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders
Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that's designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens. The package, ccxt-mexc-futures, purports to be an extension built on top of a popular Python library named ccxt (short for CryptoCurrency eXchange Trading),
Published on: April 15, 2025 | Source:Blockchain, Quantum, and IoT Firms Unite to Secure Satellite Communications Against Quantum Threats
Partisia, Squareroot8, and NuSpace join forces in a global partnership to advance quantum-safe communications. The post Blockchain, Quantum, and IoT Firms Unite to Secure Satellite Communications Against Quantum Threats appeared first on SecurityWeek.
Published on: April 15, 2025 | Source:NetRise Raises $10 Million to Grow Software Supply Chain Security Platform
The funding round brings the total amount raised by the NetRise to roughly $25 million. The post NetRise Raises $10 Million to Grow Software Supply Chain Security Platform appeared first on SecurityWeek.
Published on: April 15, 2025 | Source:Hertz Discloses Data Breach Linked to Cleo Hack
Customers of the Hertz, Thrifty, and Dollar brands had their personal information stolen as a result of the Cleo hack last year. The post Hertz Discloses Data Breach Linked to Cleo Hack appeared first on SecurityWeek.
Published on: April 15, 2025 | Source:Crypto Developers Targeted by Python Malware Disguised as Coding Challenges
The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as Slow Pisces, which is also known as Jade Sleet, PUKCHONG,
Published on: April 15, 2025 | Source:Gladinetβs Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability
A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks
Published on: April 15, 2025 | Source:Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval
Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union, nearly a year after it paused its efforts due to data protection concerns from Irish regulators. "This training will better support millions of people and businesses in Europe, by teaching our generative AI models to better
Published on: April 15, 2025 | Source:Trump Revenge Tour Targets Cyber Leaders, Elections
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security professionals at Krebs's employer SentinelOne, comes as CISA is facing huge funding and staffing cuts.
Published on: April 15, 2025 | Source:AI Code Tools Widely Hallucinate Packages
The hallucination problem is not just pervasive, it is persistent as well, according to new research.
Published on: April 14, 2025 | Source:Threat Intel Firm Offers Crypto in Exchange for Dark Web Accounts
Prodaft is currently buying accounts from five Dark Web forums and offers to pay extra for administrator or moderator accounts. The idea is to infiltrate forums to boost its threat intelligence.
Published on: April 14, 2025 | Source:Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities
The flaw, tagged as CVE-2025-30406, was added to CISAβs Known Exploited Vulnerabilities (KEV) catalog in early April. The post Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities appeared first on SecurityWeek.
Published on: April 14, 2025 | Source:Fortinet Zero-Day Bug May Lead to Arbitrary Code Execution
A threat actor posted about the zero-day exploit on the same day that Fortinet published a warning about known vulnerabilities under active exploitation.
Published on: April 14, 2025 | Source:Trend Micro Flags Incomplete Nvidia Patch That Leaves AI Containers Exposed
Trend Micro researchers flagging problems with Nvidiaβs patch for a critical, code execution vulnerability in the Nvidia Container Toolkit. The post Trend Micro Flags Incomplete Nvidia Patch That Leaves AI Containers Exposed appeared first on SecurityWeek.
Published on: April 14, 2025 | Source:Chinese APTs Exploit EDR 'Visibility Gap' for Cyber Espionage
Blind spots in network visibility, including in firewalls, IoT devices, and the cloud, are being exploited by Chinese state-backed threat actors with increasing success, according to new threat intelligence. Here's how experts say you can get eyes on it all.
Published on: April 14, 2025 | Source:ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading
Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors. "The threat actor leverages fear-based lures delivered via phishing emails, designed to pressure recipients into clicking a malicious link," Morphisec Labs researcher Nadav Lorber said in a report shared with The
Published on: April 14, 2025 | Source:A New 'It RAT': Stealthy 'Resolver' Malware Burrows In
A new infostealer on the market is making big waves globally, replacing Lumma et al. in attacks and employing so many stealth, persistence, and anti-analysis tricks that it's downright difficult to count them all.
Published on: April 14, 2025 | Source:7 RSAC 2025 Cloud Security Sessions You Don't Want to Miss
Some of the brightest minds in the industry will discuss how to strengthen cloud security.
Published on: April 14, 2025 | Source:Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit
A threat actor claims to offer a zero-day exploit for an unauthenticated remote code execution vulnerability in Fortinet firewalls. The post Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit appeared first on SecurityWeek.
Published on: April 14, 2025 | Source:New βResolverRATβ Targeting Healthcare, Pharmaceutical Organizations
Organizations in the healthcare and pharmaceutical sectors have been targeted with ResolverRAT, a new malware family with advanced capabilities. The post New βResolverRATβ Targeting Healthcare, Pharmaceutical Organizations appeared first on SecurityWeek.
Published on: April 14, 2025 | Source:Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft
Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online accounts. The technique has been codenamed precision-validating phishing by Cofense, which it said employs real-time email validation so that only a select set of high-value targets are served the fake login screens. "This tactic not
Published on: April 14, 2025 | Source:AI Hallucinations Create a New Software Supply Chain Threat
Researchers uncover new software supply chain threat from LLM-generated package hallucinations. The post AI Hallucinations Create a New Software Supply Chain Threat appeared first on SecurityWeek.
Published on: April 14, 2025 | Source:How DigitalOcean Moved Away From Manual Identity Management
DigitalOcean executives describe how they automated and streamlined many of the identity and access management functions that had been previously handled manually.
Published on: April 14, 2025 | Source: