Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXCritical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption
Trend Micro patches critical-severity Apex Central and Endpoint Encryption PolicyServer flaws leading to remote code execution. The post Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption appeared first on SecurityWeek.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
ZeroRISC Raises $10 Million for Open Source Silicon Security Solutions
ZeroRISC has raised $10 million in seed funding for production-grade open source silicon security, built on OpenTitan designs. The post ZeroRISC Raises $10 Million for Open Source Silicon Security Solutions appeared first on SecurityWeek.
Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1,
Inside a Dark Adtech Empire Fed by Fake CAPTCHAs
Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more resilient and incestuous than...
Researchers Detail Zero-Click Copilot Exploit 'EchoLeak'
Researchers at Aim Security disclosed a Microsoft Copilot vulnerability of critical severity this week that could have enabled sensitive data exfiltration via prompt injection attacks.
New COPPA Rules to Take Effect Over Child Data Privacy Concerns
New regulations and compliance standards for the Children's Online Privacy Protection Act reflect how much technology has grown since the Federal Trade Commission last updated it in 2013.
Hacking the Hackers: When Bad Guys Let Their Guard Down
A string of threat-actor OpSec failures have yielded unexpected windfalls for security researchers and defenders.
Predator spyware activity surfaces in new places with new tricks
The spywareβs developer, Intellexa, has been under pressure due to sanctions and public disclosure, but Recorded Future uncovered fresh activity. The post Predator spyware activity surfaces in new places with new tricks appeared first on CyberScoop.
WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
The threat actors behind the VexTrio Viper Traffic Distribution Service (TDS) have been linked to other TDS services like Help TDS and Disposable TDS, indicating that the sophisticated cybercriminal operation is a sprawling enterprise of its own that's designed to distribute malicious content. "VexTrio is a group of malicious adtech companies that distribute scams and harmful software via
Airlines Secretly Selling Passenger Data to the Government
This is news: A data broker owned by the countryβs major airlines, including Delta, American Airlines, and United, collected U.S. travellersβ domestic flight records, sold access to them to Customs and Border Protection (CBP), and then as part of the contract told CBP to not reveal where the data came from, according to internal CBP documents obtained by 404 Media. The data includes passenger names, their full flight...
Paragon βGraphiteβ Spyware Linked to Zero-Click Hacks on Newest iPhones
Citizen Lab publishes forensic proof that spyware maker Paragon can compromise up-to-date iPhones. Journalists in Europe among victims. The post Paragon βGraphiteβ Spyware Linked to Zero-Click Hacks on Newest iPhones appeared first on SecurityWeek.
The AI Arms Race: Deepfake Generation vs. Detection
AI-generated voice deepfakes have crossed the uncanny valley, fueling a surge in fraud that outpaces traditional security measures. Detection technology is racing to keep up. The post The AI Arms Race: Deepfake Generation vs. Detection appeared first on SecurityWeek.
Foundations of Cybersecurity: Reassessing What Matters
To truly future-proof your cybersecurity approach, it's vital to ensure that your security program is flexible and adaptable to both current and future business demands.
New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
Cybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model's (LLM) safety and content moderation guardrails with just a single character change. "The TokenBreak attack targets a text classification model's tokenization strategy to induce false negatives, leaving end targets vulnerable to attacks that the implemented
Paragon spyware found on the phones of Euro journos
Theyβre the first confirmed cases of Paragon spyware on Apple products, according to Citizen Lab. The post Paragon spyware found on the phones of Euro journos appeared first on CyberScoop.
AI Agents Run on Secret Accounts β Learn How to Secure Them in This Webinar
AI is changing everything β from how we code, to how we sell, to how we secure. But while most conversations focus on what AI can do, this one focuses on what AI can break β if youβre not paying attention. Behind every AI agent, chatbot, or automation script lies a growing number of non-human identities β API keys, service accounts, OAuth tokens β silently operating in the background. And hereβs
Hirundo Raises $8 Million to Eliminate AIβs Bad Behavior
Hirundo tackles AI hallucinations and bias by making trained models βforgetβ poisoned, malicious, and confidential data. The post Hirundo Raises $8 Million to Eliminate AIβs Bad Behavior appeared first on SecurityWeek.
New βSmartAttackβ Steals Air-Gapped Data Using Smartwatches
The new attack technique uses smartwatches to capture ultrasonic covert communication in air-gapped environments and exfiltrate data. The post New βSmartAttackβ Steals Air-Gapped Data Using Smartwatches appeared first on SecurityWeek.
Webcast Video: Rethinking Endpoint Hardening for Todayβs Attack Landscape
Learn how attackers hide in plain sightβand what you can do to stop them without slowing down your business. The post Webcast Video: Rethinking Endpoint Hardening for Todayβs Attack Landscape appeared first on SecurityWeek.
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
A novel attack technique named EchoLeak has been characterized as a "zero-click" artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 (M365) Copilot's context sans any user interaction. The critical-rated vulnerability has been assigned the CVE identifier CVE-2025-32711 (CVSS score: 9.3). It requires no customer action and has been
βEchoLeakβ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot
Microsoft recently patched CVE-2025-32711, a vulnerability that could have been used for zero-click attacks to steal data from Copilot. The post βEchoLeakβ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot appeared first on SecurityWeek.
The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce
Itβs time for enterprises to stop treating unmanaged devices as an edge case and start securing them as part of a unified Zero Trust strategy. The post The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce appeared first on SecurityWeek.
Non-Human Identities: How to Address the Expanding Security Risk
Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Non-human identities also referred to as machine identities. GitGuardianβs end-to-end NHI security platform is here to close the gap. Enterprises are Losing Track of Their Machine Identities Machine identitiesβservice
ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks
ConnectWise has disclosed that it's planning to rotate the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management (RMM) executables due to security concerns. The company said it's doing so "due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions.
Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool
Cybersecurity researchers have uncovered a new account takeover (ATO) campaign that leverages an open-source penetration testing framework called TeamFiltration to breach Microsoft Entra ID (formerly Azure Active Directory) user accounts. The activity, codenamed UNK_SneakyStrike by Proofpoint, has targeted over 80,000 user accounts across hundreds of organizations' cloud tenants since a surge in
Digital rights groups sound alarm on Stop CSAM ActΒ
The organizations say a reintroduced version of the bill would βbreakβ encryption for most Americans and make it impossible for end-to-end encrypted service providers to avoid lawsuits. The post Digital rights groups sound alarm on Stop CSAM Act appeared first on CyberScoop.
Infostealer Ring Bust-up Takes Down 20,000 Malicious IPs
Interpol's Operation Secure arrested more than 30 suspects across Vietnam, Sri Lanka, and Nauru, and seized 117 command-and-control servers allegedly used to run widespread phishing, business email compromise, and other cyber scams.
ConnectWise to Rotate Code-Signing Certificates
The move is unrelated to a recent nation-state attack the vendor endured but stems from a report by a third-party researcher.
Agentic AI Takes Over Gartner's SRM Summit
Agentic AI was everywhere at Gartner's Security & Risk Management Summit in Washington, DC, this year, as the AI security product engine chugs ahead at full speed.
Global law enforcement action in Asia nets large infrastructure seizure, 32 arrests
Operation Secure targeted malicious IPs, domains and servers used for infostealer operations that claimed more than 216,000 victims. The post Global law enforcement action in Asia nets large infrastructure seizure, 32 arrests appeared first on CyberScoop.
Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks
Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access to target networks. "Recently, attackers have introduced Python script execution alongside these techniques, using cURL requests to fetch and deploy malicious payloads," ReliaQuest said in a report
Dems want watchdog study of two troubled federally-funded vulnerability tracking initiatives
The CVE program publishes standardized information about known cyber vulnerabilities, while the NVD is a storehouse for vulnerability management data. The post Dems want watchdog study of two troubled federally-funded vulnerability tracking initiatives appeared first on CyberScoop.
Google Bug Allowed Brute-Forcing of Any User Phone Number
The weakness in Google's password-recovery page, discovered by a researcher called Brutecat, exposed private user contact information to attackers, opening the door to phishing, SIM-swapping, and other attacks.
Securonix Acquires Threat Intelligence Firm ThreatQuotient
The deal will combine Securonix's security information and event management (SIEM) platform with ThreatQuotient's threat detection and incident response (TDIR) offering to build an all-in-one security operations stack.
Maze Banks $25M to Tackle Cloud Security with AI Agents
Maze and its investors are betting on finding profits in software that uses AI-powered agents to automate critical parts of the process. The post Maze Banks $25M to Tackle Cloud Security with AI Agents appeared first on SecurityWeek.