Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
WhatsApp Vulnerability Could Facilitate Remote Code Execution
An update for the WhatsApp desktop app for Windows patches CVE-2025-30401, a spoofing vulnerability that could be used to trick users. The post WhatsApp Vulnerability Could Facilitate Remote Code Execution appeared first on SecurityWeek.
Published on: April 08, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Arguing Against CALEA
At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in todayβs threat environment and should be rethought: In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, the infrastructure that must implement and protect it has changed radically. This...
Published on: April 08, 2025 | Source:Agentic AI in the SOC - Dawn of Autonomous Alert Triage
Security Operations Centers (SOCs) today face unprecedented alert volumes and increasingly sophisticated threats. Triaging and investigating these alerts are costly, cumbersome, and increases analyst fatigue, burnout, and attrition. While artificial intelligence has emerged as a go-to solution, the term βAIβ often blurs crucial distinctions. Not all AI is built equal, especially in the SOC. Many
Published on: April 08, 2025 | Source:UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware. The activity is aimed at military formations, law enforcement agencies, and local self-government bodies, particularly those located near Ukraine's eastern border, the agency said. The attacks involve distributing phishing emails
Published on: April 08, 2025 | Source:1 billion reasons to protect your identity online
Corporate data breaches are a gateway to identity fraud, but theyβre not the only one. Hereβs a lowdown on how your personal data could be stolen β and how to make sure it isnβt.
Published on: April 08, 2025 | Source:CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation
A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog after reports emerged of active exploitation in the wild. The vulnerability is a case of authentication bypass that could permit an unauthenticated attacker to take over susceptible instances. It has
Published on: April 08, 2025 | Source:Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities
Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two high-severity vulnerabilities are listed below - CVE-2024-53150 (CVSS score: 7.8) - An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure CVE-2024-53197 (CVSS score: 7.8) - A privilege escalation flaw in the USB sub-component of Kernel
Published on: April 08, 2025 | Source:Google hopes its experimental AI model can unearth new security use cases
SecGemini is free, but its access will initially be limited to a select group of organizations that will test the model in their own cybersecurity work. The post Google hopes its experimental AI model can unearth new security use cases appeared first on CyberScoop.
Published on: April 08, 2025 | Source:Experts Optimistic About Secure by Design Progress
Secure by Design is an important step to reduce the number of vulnerabilities present originally, but is it progressing fast enough? According to security experts Chris Wysopal and Jason Healey, the landscape is improving.
Published on: April 07, 2025 | Source:Palo Alto Networks Begins Unified Security Rollout
Cortex Cloud integrates Prisma Cloud with CDR to provide a consolidated security posture management and real-time threat detection and remediation platform.
Published on: April 07, 2025 | Source:Google addresses 2 actively exploited vulnerabilities in security update
Serbian security services exploited one of the actively exploited vulnerabilities to break into the phone of a youth activist in Serbia, according to Amnesty International. The post Google addresses 2 actively exploited vulnerabilities in security update appeared first on CyberScoop.
Published on: April 07, 2025 | Source:ToddyCat APT Targets ESET Bug to Load Silent Malware
Researchers found the threat actor attempting to use the now-patched flaw to load and execute a malicious dynamic link library on infected systems.
Published on: April 07, 2025 | Source:Voluntary βPall Mall Processβ seeks to curb spyware abuses
The 21 signatories support a number of steps, such as banning vendors who behave illegally, in a document agreed to last week in Paris. The post Voluntary βPall Mall Processβ seeks to curb spyware abuses appeared first on CyberScoop.
Published on: April 07, 2025 | Source:PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry
As PCI DSS 4.0.1 comes into force, it shows the power of industry collaboration in cybersecurity. The post PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry appeared first on SecurityWeek.
Published on: April 07, 2025 | Source:NIST to Implement 'Deferred' Status to Dated Vulnerabilities
The changes will go into effect over the next several days to reflect which CVEs are being prioritized in the National Vulnerability Database.
Published on: April 07, 2025 | Source:Scattered Spider's 'King Bob' Pleads Guilty to Cyber Charges
The 20-year-old was arrested in January 2024 alongside four other group members who carried out related cybercriminal acts, earning them similar charges.
Published on: April 07, 2025 | Source:Google Pushing βSec-Geminiβ AI Model for Threat-Intel Workflows
Experimental Sec-Gemini v1 touts a combination of Googleβs Gemini LLM capabilities with real-time security data and tooling from Mandiant. The post Google Pushing βSec-Geminiβ AI Model for Threat-Intel Workflows appeared first on SecurityWeek.
Published on: April 07, 2025 | Source:Autonomous, GenAI-Driven Attacker Platform Enters the Chat
"Xanthorox AI" provides a modular GenAI platform for offensive cyberattacks, which supplies a model-agnostic, one-stop shop for developing a range of cybercriminal operations.
Published on: April 07, 2025 | Source:Intergenerational Mentoring: Key to Cybersecurity's AI Future
As threats evolve and technology changes, our ability to work together across generations will determine our success.
Published on: April 07, 2025 | Source:CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks
Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted by threat actors to obscure a command-and-control (C2) channel. "'Fast flux' is a technique used to obfuscate the locations of malicious servers through rapidly changing Domain Name System (DNS)
Published on: April 07, 2025 | Source:CRM, Bulk Email Providers Targeted in Crypto Phishing Campaign
βPoisonSeedβ phishing campaign targets CRM and bulk email providers to distribute βcrypto seed phraseβ messages. The post CRM, Bulk Email Providers Targeted in Crypto Phishing Campaign appeared first on SecurityWeek.
Published on: April 07, 2025 | Source:β‘ Weekly Recap: VPN Exploits, Oracle's Silent Breach, ClickFix Surge and More
Today, every unpatched system, leaked password, and overlooked plugin is a doorway for attackers. Supply chains stretch deep into the code we trust, and malware hides not just in shady apps β but in job offers, hardware, and cloud services we rely on every day. Hackers donβt need sophisticated exploits anymore. Sometimes, your credentials and a little social engineering are enough. This week,
Published on: April 07, 2025 | Source:DIRNSA Fired
In βSecrets and Liesβ (2000), I wrote: It is poor civic hygiene to install technologies that could someday facilitate a police state. Itβs something a bunch of us were saying at the time, in reference to the vast NSAβs surveillance capabilities. I have been thinking of that quote a lot as I read news stories of President Trump firing the Director of the National Security Agency. General Timothy Haugh. A couple of weeks...
Published on: April 07, 2025 | Source:NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog
NIST has marked pre-2018 CVEs in NVD as βDeferredβ and will no longer spend resources on enriching them. The post NIST Puts Pre-2018 CVEs on Back Burner as It Works to Clear Backlog appeared first on SecurityWeek.
Published on: April 07, 2025 | Source:Security Theater: Vanity Metrics Keep You Busy - and Exposed
After more than 25 years of mitigating risks, ensuring compliance, and building robust security programs for Fortune 500 companies, Iβve learned that looking busy isnβt the same as being secure. Itβs an easy trap for busy cybersecurity leaders to fall into. We rely on metrics that tell a story of the tremendous efforts weβre expending - how many vulnerabilities we patched, how fast we
Published on: April 07, 2025 | Source:Suspected Scattered Spider Hacker Pleads Guilty
A 20-year-old arrested last year and charged alongside others believed to be members of Scattered Spider has pleaded guilty. The post Suspected Scattered Spider Hacker Pleads Guilty appeared first on SecurityWeek.
Published on: April 07, 2025 | Source:PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks
A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management (CRM) tools and bulk email providers to send spam messages containing cryptocurrency seed phrases in an attempt to drain victims' digital wallets. "Recipients of the bulk spam are targeted with a cryptocurrency seed phrase poisoning attack," Silent Push said in an
Published on: April 07, 2025 | Source:Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws
A likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for discovering and reporting two security flaws in Windows last month, painting a picture of a "conflicted" individual straddling a legitimate career in cybersecurity and pursuing cybercrime. In a new extensive analysis published by Outpost24 KrakenLabs, the Swedish security company unmasked the up-and-coming
Published on: April 05, 2025 | Source:North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan (RAT) loader. "These latest samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling a variation
Published on: April 05, 2025 | Source:Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information and test stolen credit card data. Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a legitimate Python module called bitcoinlib, according to ReversingLabs. A third package discovered
Published on: April 05, 2025 | Source:Friday Squid Blogging: Two-Man Giant Squid
The Brooklyn indie art-punk group, Two-Man Giant Squid, just released a new album. As usual, you can also use this squid post to talk about the security stories in the news that I havenβt covered.
Published on: April 04, 2025 | Source:Gmail for Sensitive Comms: What's the Risk?
Is the new end-to-end Google Workspace Gmail encryption secure enough for an enterprise's most sensitive and prized data? Our experts weigh in.
Published on: April 04, 2025 | Source:Gmail Is Not a Secure Way to Send Sensitive Comms: A Friendly Reminder
New end-to-end Gmail encryption alone isn't secure enough for an enterprise's most sensitive and prized data, experts say.
Published on: April 04, 2025 | Source:RSAC Unveils Keynote Speaker Slate for RSAC (TM) 2025 Conference
Published on: April 04, 2025 | Source:
CISA Warns: Old DNS Trick 'Fast Flux' Is Still Thriving
An old DNS switcheroo technique is still helping attackers keep their infrastructure alive. But is it really a pressing issue in 2025?
Published on: April 04, 2025 | Source: