Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXData Breach at Healthcare Services Firm Episource Impacts 5.4 Million People
Hackers have stolen personal and health information belonging to the customers of healthcare organizations served by Episource. The post Data Breach at Healthcare Services Firm Episource Impacts 5.4 Million People appeared first on SecurityWeek.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed a security flaw impacting the Linux kernel in its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild. The vulnerability, CVE-2023-0386 (CVSS score: 7.8), is an improper ownership bug in the Linux kernel that could be exploited to escalate privileges on susceptible
Ex-CIA Analyst Sentenced to 37 Months for Leaking Top Secret National Defense Documents
A former U.S. Central Intelligence Agency (CIA) analyst has been sentenced to little more than three years in prison for unlawfully retaining and transmitting top secret National Defense Information (NDI) to people who were not entitled to receive them and for attempting to cover up the malicious activity. Asif William Rahman, 34, of Vienna, has been sentenced today to 37 months on charges of
Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication
Veeam has rolled out patches to contain a critical security flaw impacting its Backup & Replication software that could result in remote code execution under certain conditions. The security defect, tracked as CVE-2025-23121, carries a CVSS score of 9.9 out of a maximum of 10.0. "A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," the
Iran Slows Internet to Prevent Cyber Attacks Amid Escalating Regional Conflict
Iran has throttled internet access in the country in a purported attempt to hamper Israel's ability to conduct covert cyber operations, days after the latter launched an unprecedented attack on the country, escalating geopolitical tensions in the region. Fatemeh Mohajerani, the spokesperson of the Iranian Government, and the Iranian Cyber Police, FATA, said the internet slowdown was designed to
Indian Car-Sharing Firm Zoomcar Latest to Suffer Breach
The company acknowledged that cybercriminals had taken sensitive information on more than 8 million users, including names, phone numbers, car registration numbers, addresses, and emails.
Researchers say AI hacking tools sold online were powered by Grok, Mixtral
A pair of AI tools advertised on hacking forums were developed using commercial AI models from xAI and Mistral, according to Cato Networks. The post Researchers say AI hacking tools sold online were powered by Grok, Mixtral appeared first on CyberScoop.
Iranβs Bank Sepah disrupted by cyberattack claimed by pro-Israel hacktivist group
The attack introduces a clear cyber element with immediate consequences for the countryβs critical infrastructure amid a growing conflict between Israel and Iran. The post Iranβs Bank Sepah disrupted by cyberattack claimed by pro-Israel hacktivist group appeared first on CyberScoop.
'HoldingHands' Acts Like a Pickpocket With Taiwan Orgs
Since at least January, the threat actor has been employing multiple malware tools to steal information for potential future attacks against Taiwanese businesses and government agencies.
New ClickFix Malware Variant βLightPerlGirlβ Targets Users in Stealthy Hack
Researchers identify a previously unknown ClickFix variant exploiting PowerShell and clipboard hijacking to deliver the Lumma infostealer via a compromised travel site. The post New ClickFix Malware Variant βLightPerlGirlβ Targets Users in Stealthy Hack appeared first on SecurityWeek.
Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor
A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper. The attack, observed in mid-March 2025 by Positive Technologies, involved the use of a sandbox escape vulnerability tracked as CVE-2025-2783 (CVSS score: 8.3). Google addressed the flaw later that month after Kaspersky reported in-the-wild
LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents
Cybersecurity researchers have disclosed a now-patched security flaw in LangChain's LangSmith platform that could be exploited to capture sensitive data, including API keys and user prompts. The vulnerability, which carries a CVSS score of 8.8 out of a maximum of 10.0, has been codenamed AgentSmith by Noma Security. LangSmith is an observability and evaluation platform that allows users to
Cyber experts call for supercharging volunteer network to protect community organizations
To defend βtarget rich, resource poorβ critical infrastructure from cyberattacks, the U.S. must expand its patchwork volunteer system, a new report concludes. The post Cyber experts call for supercharging volunteer network to protect community organizations appeared first on CyberScoop.
Private 5G: New Possibilities β and Potential Pitfalls
While ushering in "great operational value" for organizations, private 5G networks add yet another layer to CISOs' responsibilities.
Operation Endgame: Do Takedowns and Arrests Matter?
Cybercrime response needs more aggressive actions from those seeking to protect victims and pursue criminals.
The Cyber Future Is Riskier Than You Think
Sound suggestions on how to tackle four "quiet problems" that often slip through the security cracks.
Hackers Exploit Critical Langflow Flaw to Unleash Flodrix Botnet
A vulnerability in the popular Python-based tool for building AI agents and workflows is under active exploitation, allowing for full system compromise, DDoS attacks, and potential loss or theft of sensitive data
Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware
Cybersecurity researchers are warning of a new phishing campaign that's targeting users in Taiwan with malware families such as HoldingHands RAT and Gh0stCringe. The activity is part of a broader campaign that delivered the Winos 4.0 malware framework earlier this January by sending phishing messages impersonating Taiwan's National Taxation Bureau, Fortinet FortiGuard Labs said in a report
WestJet Airlines App, Website Suffer After Cyber Incident
Though its operations are running smoothly, the airline warned customers and employees to exercise caution when sharing personal information online.
Federal cyber insurance backstop should be tied to expiring terrorism insurance law, report recommends
Congress should use renewal of an expiring terrorism insurance program to create a federal backstop for cybersecurity insurance, according to a report out Tuesday that tries to thread many difficult needles to bolster an industry that its author says isnβt developing fast enough. In an ideal world, cybersecurity insurance can be a valuable tool to [β¦] The post Federal cyber insurance backstop should be tied to expiring...
Google Warns of Scattered Spider Attacks Targeting IT Support Teams at U.S. Insurance Firms
The notorious cybercrime group known as Scattered Spider (aka UNC3944) that recently targeted various U.K. and U.S. retailers has begun to target major insurance companies, according to Google Threat Intelligence Group (GTIG). "Google Threat Intelligence Group is now aware of multiple intrusions in the U.S. which bear all the hallmarks of Scattered Spider activity," John Hultquist, chief analyst
US Insurance Industry Warned of Scattered Spider Attacks
Google is warning insurance companies that Scattered Spider appears to have shifted its focus from the retail sector. The post US Insurance Industry Warned of Scattered Spider Attacks appeared first on SecurityWeek.
Circumvent Raises $6 Million for Cloud Security Platform
Cloud security startup Circumvent has raised $6 million to develop a network of agents for autonomous prioritization and remediation. The post Circumvent Raises $6 Million for Cloud Security Platform appeared first on SecurityWeek.
Are Forgotten AD Service Accounts Leaving You at Risk?
For many organizations, Active Directory (AD) service accounts are quiet afterthoughts, persisting in the background long after their original purpose has been forgotten. To make matters worse, these orphaned service accounts (created for legacy applications, scheduled tasks, automation scripts, or test environments) are often left active with non-expiring or stale passwords. Itβs no surprise
Where AI Provides Value
If youβve worried that AI might take your job, deprive you of your livelihood, or maybe even replace your role in society, it probably feels good to see the latest AI tools fail spectacularly. If AI recommends glue as a pizza topping, then youβre safe for another day. But the fact remains that AI already has definite advantages over even the most skilled humans, and knowing where these advantages ariseβand where they...
Hard-Coded 'b' Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments
Cybersecurity researchers have disclosed three security flaws in the popular Sitecore Experience Platform (XP) that could be chained to achieve pre-authenticated remote code execution. Sitecore Experience Platform is an enterprise-oriented software that provides users with tools for content management, digital marketing, and analytics and reports. The list of vulnerabilities is as follows -
Backups Are Under Attack: How to Protect Your Backups
Ransomware has become a highly coordinated and pervasive threat, and traditional defenses are increasingly struggling to neutralize it. Todayβs ransomware attacks initially target your last line of defense β your backup infrastructure. Before locking up your production environment, cybercriminals go after your backups to cripple your ability to recover, increasing the odds of a ransom payout.
Asus Armoury Crate Vulnerability Leads to Full System Compromise
A high-severity authorization bypass vulnerability in Asus Armoury Crate provides attackers with low-level system privileges. The post Asus Armoury Crate Vulnerability Leads to Full System Compromise appeared first on SecurityWeek.
New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks
Cybersecurity researchers have called attention to a new campaign that's actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware. "Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which in turn fetch and install the Flodrix malware," Trend Micro researchers Aliakbar Zahravi, Ahmed Mohamed
TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2023-33538 (CVSS score: 8.8), a command injection bug that could result in the execution of arbitrary system commands when
Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement
Meta Platforms on Monday announced that it's bringing advertising to WhatsApp, but emphasized that the ads are "built with privacy in mind." The ads are expected to be displayed on the Updates tab through its Stories-like Status feature, which allows ephemeral sharing of photos, videos, voice notes, and text for 24 hours. These efforts are "rolling out gradually," per the company. The social
Malicious Chimera Turns Larcenous on Python Package Index
Unlike typical data-stealing malware, this attack tool targets data specific to corporate and cloud infrastructures in order to execute supply chain attacks.
Scattered Spider, fresh off retail sector attack spree, pivots to insurance industry
Multiple U.S.-based companies in the insurance sector have already been hit over the past week and a half, according to Mandiant. The post Scattered Spider, fresh off retail sector attack spree, pivots to insurance industry appeared first on CyberScoop.
How to Break the Security Theater Illusion
When security becomes a performance, the fallout isn't just technical. It's organizational.
Anubis Ransomware-as-a-Service Kit Adds Data Wiper
The threat of wiping files and servers clean gives Anubis affiliates yet another way to leverage ransomware victims who may be hesitant to pay to get their data back, Trend Micro said.