Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXNew Campaigns Distribute Malware via Open Source Hacking Tools
Trend Micro and ReversingLabs uncovered over 100 GitHub accounts distributing malware embedded in open source hacking tools. The post New Campaigns Distribute Malware via Open Source Hacking Tools appeared first on SecurityWeek.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with macOS Backdoor Malware
The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices. Huntress, which revealed details of the cyber intrusion, said the attack targeted an unnamed cryptocurrency foundation employee, who received a
Secure Vibe Coding: The Complete New Guide
DALL-E for coders? That’s the promise behind vibe coding, a term describing the use of natural language to create software. While this ushers in a new era of AI-generated code, it introduces "silent killer" vulnerabilities: exploitable flaws that evade traditional security tools despite perfect test performance. A detailed analysis of secure vibe coding practices is available here. TL;DR: Secure
Self-Driving Car Video Footage
Two articles crossed my path recently. First, a discussion of all the video Waymo has from outside its cars: in this case related to the LA protests. Second, a discussion of all the video Tesla has from inside its cars. Lots of things are collecting lots of video of lots of other things. How and under what rules that video is used and reused will be a continuing source of debate.
Chain IQ, UBS Data Stolen in Ransomware Attack
A ransomware group has claimed the theft of millions of files from procurement service provider Chain IQ and 19 other companies. The post Chain IQ, UBS Data Stolen in Ransomware Attack appeared first on SecurityWeek.
Encryption Backdoors: The Security Practitioners’ View
After decades of failed attempts to access encrypted communications, governments are shifting from persuasion to coercion—security experts say the risks are too high. The post Encryption Backdoors: The Security Practitioners’ View appeared first on SecurityWeek.
Krispy Kreme Confirms Data Breach After Ransomware Attack
Krispy Kreme is sending notifications to thousands of people impacted by the data breach that came to light at the end of 2024. The post Krispy Kreme Confirms Data Breach After Ransomware Attack appeared first on SecurityWeek.
Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
Most cyberattacks today don’t start with loud alarms or broken firewalls. They start quietly—inside tools and websites your business already trusts. It’s called “Living Off Trusted Sites” (LOTS)—and it’s the new favorite strategy of modern attackers. Instead of breaking in, they blend in. Hackers are using well-known platforms like Google, Microsoft, Dropbox, and Slack as launchpads. They hide
Choosing a Clear Direction in the Face of Growing Cybersecurity Demands
In a rapidly changing AI environment, CISOs are worried about investing in the wrong solution or simply not investing because they can’t decide what the best option is. The post Choosing a Clear Direction in the Face of Growing Cybersecurity Demands appeared first on SecurityWeek.
Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign
Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords (or app passwords) as part of a novel social engineering tactic designed to gain access to victims' emails. Details of the highly targeted campaign were disclosed by Google Threat Intelligence Group (GTIG) and the Citizen Lab, stating the activity
Swedish Truck Giant Scania Investigating Hack
A hacker is selling allegedly valuable data stolen from Scania, but the truck maker believes impact is very limited. The post Swedish Truck Giant Scania Investigating Hack appeared first on SecurityWeek.
Meta Adds Passkey Login Support to Facebook for Android and iOS Users
Meta Platforms on Wednesday announced that it's adding support for passkeys, the next-generation password standard, on Facebook. "Passkeys are a new way to verify your identity and login to your account that's easier and more secure than traditional passwords," the tech giant said in a post. Support for passkeys is expected to be available "soon" on Android and iOS mobile devices. The feature is
Iran-Israel War Triggers a Maelstrom in Cyberspace
As Iran closes its cyberspace to the outside world, hacktivists are picking sides, while attacks against Israel surge and spread across the region.
New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions
Cybersecurity researchers have uncovered two local privilege escalation (LPE) flaws that could be exploited to gain root privileges on machines running major Linux distributions. The vulnerabilities, discovered by Qualys, are listed below - CVE-2025-6018 - LPE from unprivileged to allow_active in SUSE 15's Pluggable Authentication Modules (PAM) CVE-2025-6019 - LPE from allow_active to root in
OpenAI Awarded $200M Contract to Work With DoD
OpenAI intends to help streamline the Defense Department's administrative processes using artificial intelligence.
The Triple Threat of Burnout: Overworked, Unsatisfied, Trapped
Many cybersecurity professionals still don't feel comfortable admitting when they need a break. Yet their pressures continue to expand and involve, often leading to burnout and organizational risks.
GodFather Banking Trojan Debuts Virtualization Tactic
The Android malware is targeting Turkish financial institutions, completely taking over legitimate banking and crypto apps by creating an isolated virtualized environment on a device.
Russian Hackers Bypass Gmail MFA With App-Specific Password Ruse
Russian hackers posed as US State Department staff and convinced targets to generate and give up Google app-specific passwords. The post Russian Hackers Bypass Gmail MFA With App-Specific Password Ruse appeared first on SecurityWeek.
Russian Hackers Bypass Gmail MFA with App Specific Password Ruse
Russian hackers posed as US State Department staff and convinced targets to generate and give up Google app-specific passwords. The post Russian Hackers Bypass Gmail MFA with App Specific Password Ruse appeared first on SecurityWeek.
Iran’s financial sector takes another hit as largest crypto exchange is targeted
A $90 million crypto theft from Nobitex marks the second cyberattack on Iran’s financial systems in as many days. Predatory Sparrow claimed responsibility for both attacks. The post Iran’s financial sector takes another hit as largest crypto exchange is targeted appeared first on CyberScoop.
Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection
Misconfigured permissions in Google’s Gerrit code collaboration platform could have led to the compromise of ChromiumOS and other Google projects. The post Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection appeared first on SecurityWeek.
Unusually patient suspected Russian hackers pose as State Department in ‘sophisticated’ attacks on researchers
They weren’t in any hurry, according to Citizen Lab, and used an interesting attack vector. Google Threat Intelligence Group also provided details on the attacks. The post Unusually patient suspected Russian hackers pose as State Department in ‘sophisticated’ attacks on researchers appeared first on CyberScoop.
New Tool Traps Jitters to Detect Beacons
Concerned by rapidly evolving evasion tactics, the new Jitter-Trap tool from Varonis aims to help organizations detect beacons that help attackers establish communication inside a victim network.
New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains
A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments embedded in phishing emails. The ongoing campaign has been codenamed SERPENTINE#CLOUD by Securonix. It leverages "the Cloudflare Tunnel infrastructure and Python-based loaders to deliver memory-injected payloads through a chain of shortcut files and obfuscated
Ghostwriting Scam
The variations seem to be endless. Here’s a fake ghostwriting scam that seems to be making boatloads of money. This is a big story about scams being run from Texas and Pakistan estimated to run into tens if not hundreds of millions of dollars, viciously defrauding Americans with false hopes of publishing bestseller books (a scam you’d not think many people would fall for but is surprisingly huge). In January, three...
1,500+ Minecraft Players Infected by Java Malware Masquerading as Game Mods on GitHub
A new multi-stage malware campaign is targeting Minecraft users with a Java-based malware that employs a distribution-as-service (DaaS) offering called Stargazers Ghost Network. "The campaigns resulted in a multi-stage attack chain targeting Minecraft users specifically," Check Point researchers Jaromír Hořejší and Antonis Terefos said in a report shared with The Hacker News. "The malware was
How CISOs Can Govern AI & Meet Evolving Regulations
Security teams are no longer just the last line of defense — they are the foundation for responsible AI adoption.
Serpentine#Cloud Uses Cloudflare Tunnels in Sneak Attacks
An unidentified threat actor is using .lnk Windows shortcut files in a series of sophisticated attacks utilizing in-memory code execution and living-off-the-land cyberattack strategies.
Linux Security: New Flaws Allow Root Access, CISA Warns of Old Bug Exploitation
Qualys has disclosed two Linux vulnerabilities that can be chained for full root access, and CISA added a flaw to its KEV catalog. The post Linux Security: New Flaws Allow Root Access, CISA Warns of Old Bug Exploitation appeared first on SecurityWeek.
FedRAMP at Startup Speed: Lessons Learned
For organizations eyeing the federal market, FedRAMP can feel like a gated fortress. With strict compliance requirements and a notoriously long runway, many companies assume the path to authorization is reserved for the well-resourced enterprise. But that’s changing. In this post, we break down how fast-moving startups can realistically achieve FedRAMP Moderate authorization without derailing
Mitigating AI Threats: Bridging the Gap Between AI and Legacy Security
Adopting a layered defense strategy that includes human-centric tools and updating security components. The post Mitigating AI Threats: Bridging the Gap Between AI and Legacy Security appeared first on SecurityWeek.
OpenAI to Help DoD With Cyber Defense Under New $200 Million Contract
OpenAI has been awarded a $200 million contract for AI capabilities to help the Defense Department address national security challenges. The post OpenAI to Help DoD With Cyber Defense Under New $200 Million Contract appeared first on SecurityWeek.
Water Curse Employs 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign
Cybersecurity researchers have exposed a previously unknown threat actor known as Water Curse that relies on weaponized GitHub repositories to deliver multi-stage malware. "The malware enables data exfiltration (including credentials, browser data, and session tokens), remote access, and long-term persistence on infected systems," Trend Micro researchers Jovit Samaniego, Aira Marcelo, Mohamed
Chrome 137 Update Patches High-Severity Vulnerabilities
Google has released a Chrome 137 update to resolve two memory bugs in the browser’s V8 and Profiler components. The post Chrome 137 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Products
Veeam and BeyondTrust have resolved several vulnerabilities that could be exploited for remote code execution. The post Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Products appeared first on SecurityWeek.