Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Popular Topics
#General #Development #Mobile Development #Cloud & DevOps #Cybersecurity & Privacy #AI & Data Science #Hardware & Gadgets #Design & UXHackers Stole 300,000 Crash Reports From Texas Department of Transportation
The Texas Department of Transportation has disclosed a data breach impacting the personal information included in 300,000 crash reports. The post Hackers Stole 300,000 Crash Reports From Texas Department of Transportation appeared first on SecurityWeek.
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Swimlane Raises $45 Million for Security Automation Platform
Swimlane has raised $45 million in a growth funding round to fuel its global channel expansion and product innovation. The post Swimlane Raises $45 Million for Security Automation Platform appeared first on SecurityWeek.
Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud
Security researchers uncover critical flaws and widespread misconfigurations in Salesforceβs industry-specific CRM solutions. The post Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud appeared first on SecurityWeek.
Critical Vulnerability Patched in SAP NetWeaver
SAP has fixed a critical NetWeaver vulnerability allowing attackers to bypass authorization checks and escalate their privileges. The post Critical Vulnerability Patched in SAP NetWeaver appeared first on SecurityWeek.
The Hidden Threat in Your Stack: Why Non-Human Identity Management is the Next Cybersecurity Frontier
Modern enterprise networks are highly complex environments that rely on hundreds of apps and infrastructure services. These systems need to interact securely and efficiently without constant human oversight, which is where non-human identities (NHIs) come in. NHIs β including application secrets, API keys, service accounts, and OAuth tokens β have exploded in recent years, thanks to an
Sensitive Information Stolen in Sensata Ransomware Attack
Sensor manufacturer Sensata said a ransomware group had access to its network for more than a week and stole personal information. The post Sensitive Information Stolen in Sensata Ransomware Attack appeared first on SecurityWeek.
Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account
Google has stepped in to address a security flaw that could have made it possible to brute-force an account's recovery phone number, potentially exposing them to privacy and security risks. The issue, according to Singaporean security researcher "brutecat," leverages an issue in the company's account recovery feature. That said, exploiting the vulnerability hinges on several moving parts,
Exploited Vulnerability Impacts Over 80,000 Roundcube Servers
Exploitation of a critical-severity RCE vulnerability in Roundcube started only days after a patch was released. The post Exploited Vulnerability Impacts Over 80,000 Roundcube Servers appeared first on SecurityWeek.
Vulnerabilities Exposed Phone Number of Any Google User
Google has awarded $5,000 to a researcher who found security holes that enabled brute-forcing the phone number of any user. The post Vulnerabilities Exposed Phone Number of Any Google User appeared first on SecurityWeek.
Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises
The threat actor known as Rare Werewolf (formerly Rare Wolf) has been linked to a series of cyber attacks targeting Russia and the Commonwealth of Independent States (CIS) countries. "A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries," Kaspersky said. "The malicious functionality of the campaign
Whole Foods Distributor United Natural Foods Hit by Cyberattack
United Natural Foods has taken some systems offline after detecting unauthorized activity on its IT systems, causing disruptions to operations. The post Whole Foods Distributor United Natural Foods Hit by Cyberattack appeared first on SecurityWeek.
CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-32433 (CVSS score: 10.0) - A missing authentication for a critical
United Natural Foods, distributor for Whole Foods Market, hit by cyberattack
The incident follows a spree of ransomware and extortion attacks targeting multiple U.S.- and U.K.-based retailers, including grocery stores. The logistics company said its operations are impacted. The post United Natural Foods, distributor for Whole Foods Market, hit by cyberattack appeared first on CyberScoop.
New Trump Cybersecurity Order Reverses Biden, Obama Priorities
The White House put limits on cyber sanctions, killed the digital ID program, and refocused the government's cyber activities to enabling AI, rolling out post-quantum cryptography, and promoting secure software design.
OpenAI Bans ChatGPT Accounts Linked to Nation-State Threat Actors
The AI company's investigative team found that many accounts were using the program to engage in malicious activity around the world, such as employment schemes, social engineering, and cyber espionage.
'Librarian Ghouls' Cyberattackers Strike at Night
Since at least December, the advanced persistent threat (APT) group has been using legit tools to steal data, dodge detection, and drop cryptominers on systems belonging to organizations in Russia.
Gartner: How Security Teams Can Turn Hype Into Opportunity
During the opening keynote at Gartner Security & Risk Management Summit 2025, analysts weighed in on how CISOs and security teams can use security fervor around AI and other tech to the betterment of their security posture.
SIEMs Missing the Mark on MITRE ATT&CK Techniques
CardinalOps' report shows that organizations are struggling to keep up with the evolution of the latest threats while a significant number of detection rules remain non-functional.
Chinese Hackers and User Lapses Turn Smartphones Into a βMobile Security Crisisβ
Foreign hackers have increasingly identified smartphones, other mobile devices and the apps they use as a weak link in U.S. cyberdefenses. The post Chinese Hackers and User Lapses Turn Smartphones Into a βMobile Security Crisisβ appeared first on SecurityWeek.
Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign
Anti-malware vendor said it spent the past twelve months deflecting a stream of network reconnaissance probes from China-nexus threat actors The post Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign appeared first on SecurityWeek.
FBI veteran Brett Leatherman to lead Cyber division
Leatherman, a 22-year FBI veteran, has been heavily involved in cyber investigations as section chief and deputy assistant director over the past three years. The post FBI veteran Brett Leatherman to lead Cyber division appeared first on CyberScoop.
Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group
The reconnaissance activity targeting American cybersecurity company SentinelOne was part of a broader set of partially-related intrusions into several targets between July 2024 and March 2025. "The victimology includes a South Asian government entity, a European media organization, and more than 70 organizations across a wide range of sectors," SentinelOne security researchers Aleksandar
Internet infamy drives The Comβs crime sprees
Unit 221Bβs Allison Nixon said crackdowns have effectively shown the group that their actions carry real consequences. The post Internet infamy drives The Comβs crime sprees appeared first on CyberScoop.
Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks
A now-patched critical security flaw in the Wazur Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct distributed denial-of-service (DDoS) attacks. Akamai, which first discovered the exploitation efforts in late March 2025, said the malicious campaign targets CVE-2025-24016 (CVSS score: 9.9), an unsafe deserialization vulnerability that
Guardz Banks $56M Series B for All-in-One SMB Security
The Israeli company said the Series B raise was led by ClearSky and included equity stakes for new backer Phoenix Financial. The post Guardz Banks $56M Series B for All-in-One SMB Security appeared first on SecurityWeek.
React Native Aria Packages Backdoored in Supply Chain Attack
A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack. The post React Native Aria Packages Backdoored in Supply Chain Attack appeared first on SecurityWeek.
Next-Gen Developers Are a Cybersecurity Powder Keg
AI coding tools promise productivity but deliver security problems, too. As developers embrace "vibe coding," enterprises face mounting risks from insecure code generation that security teams can't keep pace with.
Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems
Two malicious NPM packages contain code that would delete production systems when triggered with the right credentials. The post Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems appeared first on SecurityWeek.
iMessage Zero-Click Attacks Suspected in Targeting of High-Value Individuals
iVerify links iPhone crashes to sophisticated zero-click attacks via iMessage targeting individuals involved in politics in the EU and US. The post iMessage Zero-Click Attacks Suspected in Targeting of High-Value Individuals appeared first on SecurityWeek.
China-Backed Hackers Target SentinelOne in 'PurpleHaze' Attack Spree
Known threat groups APT15 and UNC5174 unleashed attacks against SentinelOne and more than 70 other high-value targets, as part of ongoing cyber-espionage and other malicious activity involving ShadowPad malware.
β‘ Weekly Recap: Chrome 0-Day, Data Wipers, Misused Tools and Zero-Click iPhone Attacks
Behind every security alert is a bigger story. Sometimes itβs a system being tested. Sometimes itβs trust being lost in quiet waysβthrough delays, odd behavior, or subtle gaps in control. This week, weβre looking beyond the surface to spot what really matters. Whether itβs poor design, hidden access, or silent misuse, knowing where to look can make all the difference. If you're responsible for
Think Your IdP or CASB Covers Shadow IT? These 5 Risks Prove Otherwise
You donβt need a rogue employee to suffer a breach. All it takes is a free trial that someone forgot to cancel. An AI-powered note-taker quietly syncing with your Google Drive. A personal Gmail account tied to a business-critical tool. Thatβs shadow IT. And today, itβs not just about unsanctioned apps, but also dormant accounts, unmanaged identities, over-permissioned SaaS
Unverified code is the next national security threat
Congress and federal agencies can take some simple steps to better protect open-source software. The post Unverified code is the next national security threat appeared first on CyberScoop.
New Way to Track Covertly Android Users
Researchers have discovered a new way to covertly track Android users. Both Meta and Yandex were using it, but have suddenly stopped now that they have been caught. The details are interesting, and worth reading in detail: Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to...
New Way to Covertly Track Android Users
Researchers have discovered a new way to covertly track Android users. Both Meta and Yandex were using it, but have suddenly stopped now that they have been caught. The details are interesting, and worth reading in detail: Tracking code that Meta and Russia-based Yandex embed into millions of websites is de-anonymizing visitors by abusing legitimate Internet protocols, causing Chrome and other browsers to...