Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
SANS Institute Warns of Novel Cloud-Native Ransomware Attacks
The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud providerβs storage security controls and default settings. βIn just the past few months, I have witnessed two different methods for
Published on: March 17, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories
Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow. The incident involved the tj-actions/changed-files GitHub Action, which is used in over 23,000 repositories. It's used to track and retrieve all
Published on: March 17, 2025 | Source:Popular GitHub Action Targeted in Supply Chain Attack
The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack. The post Popular GitHub Action Targeted in Supply Chain Attack appeared first on SecurityWeek.
Published on: March 17, 2025 | Source:AI's biggest surprises of 2024 | Unlocked 403 cybersecurity podcast (S2E1)
Here's what's been hot on the AI scene over the past 12 months, how it's changing the face of warfare, and how you can fight AI-powered scams
Published on: March 17, 2025 | Source:Intelβs Secure Data Tunnel Moves AI Training Models to Data Sources
The chip maker's Tiber Secure Federated AI service creates a secure tunnel between AI models on remote servers and data sources on origin systems.
Published on: March 16, 2025 | Source:Intel's Secure Data Tunnel Moves AI Training Models to Data Sources
The chipmaker's Tiber Secure Federated AI service creates a secure tunnel between AI models on remote servers and data sources on origin systems.
Published on: March 16, 2025 | Source:Malicious PyPI Packages Stole Cloud TokensβOver 14,100 Downloads Before Removal
Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as "time" related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain security firm ReversingLabs said it discovered two sets of packages totaling 20 of them. The packages
Published on: March 15, 2025 | Source:ClickFix: How to Infect Your PC in Three Easy Steps
A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix," the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.
Published on: March 14, 2025 | Source:Friday Squid Blogging: SQUID Band
A bagpipe and drum band: SQUID transforms traditional Bagpipe and Drum Band entertainment into a multi-sensory rush of excitement, featuring high energy bagpipes, pop music influences and visually stunning percussion! As usual, you can also use this squid post to talk about the security stories in the news that I havenβt covered.
Published on: March 14, 2025 | Source:Threat Actor Impersonates Booking.com in Phishing Scheme
Microsoft detailed a sophisticated campaign that relies on a social engineering technique, "ClickFix," in which a phisher uses security verification like captcha to give the target a false sense of safety.
Published on: March 14, 2025 | Source:Man-in-the-Middle Vulns Threaten Car Security
A pair of researchers plan on digging into the effectiveness of vehicle cybersecurity at the upcoming Black Hat Asia conference in Singapore.
Published on: March 14, 2025 | Source:Man-in-the-Middle Vulns Provide New Research Opportunities for Car Security
A pair of researchers plan on detailing effective tools to dig into the effectiveness of vehicle cybersecurity without breaking the bank.
Published on: March 14, 2025 | Source:Ransomware Developer Extradited, Admits Working for LockBit
Law enforcement discovered admin credentials on the suspect's computer for an online repository hosted on the Dark Web that stored source code for multiple versions of the LockBit builder.
Published on: March 14, 2025 | Source:Californiaβs legal push on geolocation data collection must take aim at the right targets, privacy experts say
An investigation by Californiaβs attorney general into use of location data could rein in the worst abusers, but should also be able to determine legitimate business use. The post Californiaβs legal push on geolocation data collection must take aim at the right targets, privacy experts say appeared first on CyberScoop.
Published on: March 14, 2025 | Source:Threat Actor Tied to LockBit Ransomware Targets Fortinet Users
The Mora_001 group uses similar post-exploitation patterns and ransomware customization originated by LockBit.
Published on: March 14, 2025 | Source:Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges
A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months after he was formally charged in connection with the e-crime scheme. Rostislav Panevwas previously arrested in Israel in August 2024. He is said to have been working as a developer for the ransomware gang from 2019
Published on: March 14, 2025 | Source:Water utilities would get cybersecurity boost under bipartisan Senate bill
The Cybersecurity for Rural Water Systems Act would expand USDAβs Circuit Rider Program. The post Water utilities would get cybersecurity boost under bipartisan Senate bill appeared first on CyberScoop.
Published on: March 14, 2025 | Source:CISA Cuts $10M in ISAC Funding & 100s of Employees
President Trump has long complained about perceived threats to election security. Now his DHS has kneecapped the agencies designed to support it. Experts are worried about what comes next.
Published on: March 14, 2025 | Source:GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging
The GSM Association (GSMA) has formally announced support for end-to-end encryption (E2EE) for securing messages sent via the Rich Communications Services (RCS) protocol, bringing much-needed security protections to cross-platform messages shared between Android and iOS platforms. To that end, the new GSMA specifications for RCS include E2EE based on the Messaging Layer Security (MLS) protocol
Published on: March 14, 2025 | Source:Biggest Cyber Threats to the Healthcare Industry Today
Healthcare organizations must enhance their cybersecurity arsenal. Doing so can help them prevent financial, compliance, and reputational damage.
Published on: March 14, 2025 | Source:Remote Access Infra Remains Riskiest Corp. Attack Surface
Exposed login panels for VPNs and remote access systems leave companies open to attack, sometimes tripling the risk of ransomware and making it harder to get cyber insurance.
Published on: March 14, 2025 | Source:In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor Disputed, MassJacker
Noteworthy stories that might have slipped under the radar: Switzerland requires disclosure of critical infrastructure attacks, ESP32 chips donβt contain a backdoor, MassJacker cryptojacking malware. The post In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor Disputed, MassJacker appeared first on SecurityWeek.
Published on: March 14, 2025 | Source:ClickFix Widely Adopted by Cybercriminals, APT Groups
The ClickFix technique has been employed by cybercrime and APT groups for information stealer and other malware deployment. The post ClickFix Widely Adopted by Cybercriminals, APT Groups appeared first on SecurityWeek.
Published on: March 14, 2025 | Source:LockBit Ransomware Developer Extradited to US
Russian-Israeli LockBit ransomware developer Rostislav Panev has been extradited from Israel to the United States. The post LockBit Ransomware Developer Extradited to US appeared first on SecurityWeek.
Published on: March 14, 2025 | Source:New AI Security Tool Helps Organizations Set Trust Zones for Gen-AI Models
Measure the different level of risk inherent to all gen-AI foundational models and use that to fine-tune the operation of in-house AI deployments. The post New AI Security Tool Helps Organizations Set Trust Zones for Gen-AI Models appeared first on SecurityWeek.
Published on: March 14, 2025 | Source:RSA Conference Playbook: Smart Strategies from Seasoned Attendees
Your guide on how to get through the conference with your sanity, energy, and key performance indicators (KPIs) intact. The post RSA Conference Playbook: Smart Strategies from Seasoned Attendees appeared first on SecurityWeek.
Published on: March 14, 2025 | Source:New CCA Jailbreak Method Works Against Most AI Models
Two Microsoft researchers have devised a new jailbreak method that bypasses the safety mechanisms of most AI systems. The post New CCA Jailbreak Method Works Against Most AI Models appeared first on SecurityWeek.
Published on: March 14, 2025 | Source:Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom
Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfoldβfrom the initial breach to the moment hackers demand payment. Join Joseph Carson, Delineaβs Chief Security Scientist and Advisory CISO, who brings 25 years of enterprise security expertise. Through a live demonstration, he will break down every technical step of a ransomware attack, showing you how
Published on: March 14, 2025 | Source:TP-Link Router Botnet
There is a new botnet that is infecting TP-Link routers: The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity security flaw (tracked as CVE-2023-1389) has also been used to spread other malware families as far back as April 2023 when it was used in the Mirai botnet malware attacks. The...
Published on: March 14, 2025 | Source:Why Most Microsegmentation Projects FailβAnd How Andelyn Biosciences Got It Right
Most microsegmentation projects fail before they even get off the groundβtoo complex, too slow, too disruptive. But Andelyn Biosciences proved it doesnβt have to be that way. Microsegmentation: The Missing Piece in Zero Trust Security Security teams today are under constant pressure to defend against increasingly sophisticated cyber threats. Perimeter-based defenses alone can no
Published on: March 14, 2025 | Source:When IT meets OT: Cybersecurity for the physical world
While relatively rare, real-world incidents impacting operational technology highlight that organizations in critical infrastructure canβt afford to dismiss the OT threat
Published on: March 14, 2025 | Source:New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions
Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, according to findings from CyberArk. Clipper malware is a type of cryware (as coined by Microsoft) that's designed to monitor a victim's clipboard content and facilitate cryptocurrency theft by substituting copied cryptocurrency wallet addresses
Published on: March 14, 2025 | Source:OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection
A new malware campaign has been observed leveraging social engineering tactics to deliver an open-source rootkit called r77. The activity, condemned OBSCURE#BAT by Securonix, enables threat actors to establish persistence and evade detection on compromised systems. It's currently not known who is behind the campaign. The rootkit "has the ability to cloak or mask any file, registry key or task
Published on: March 14, 2025 | Source:OBSCURE#BAT Malware Highlights Risks of API Hooking
Researchers discovered an attack chain that uses several layers of obfuscated batch files and PowerShell scripts to deliver an advanced and persistent rootkit.
Published on: March 13, 2025 | Source:FBI, CISA Raise Alarms As Medusa Ransomware Attacks Grow
Medusa developers have been targeting a wide variety of critical infrastructure sectors, from healthcare and technology to manufacturing and insurance, racking up its victim count as it seemingly adds to its numbers of affiliates.
Published on: March 13, 2025 | Source: