Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
US must prioritize cybersecurity training for the militaryβs engineers
The Defense Department faces a startling capability gap. The post US must prioritize cybersecurity training for the militaryβs engineers appeared first on CyberScoop.
Published on: March 13, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Unpatched Edimax Camera Flaw Exploited Since at Least May 2024
A recently disclosed Edimax zero-day vulnerability has been exploited in the wild by Mirai botnets for nearly a year. The post Unpatched Edimax Camera Flaw Exploited Since at Least May 2024 appeared first on SecurityWeek.
Published on: March 13, 2025 | Source:FreeType Zero-Day Being Exploited in the Wild
Metaβs Facebook security team warns of live exploitation of a zero-day vulnerability in the open-source FreeType library. The post FreeType Zero-Day Being Exploited in the Wild appeared first on SecurityWeek.
Published on: March 13, 2025 | Source:Consumer Groups Push IoT Security Bill to Address End-of-Life Concerns
Consumer Reports, Secure Resilient Future Foundation (SRFF), and US Public Interest Research Group (PIRG) have introduced a model bill to increase transparency around when Internet of Things devices no longer have manufacturer support.
Published on: March 13, 2025 | Source:Car Exploit Allows You to Spy on Drivers in Real Time
Just like with any regular computer, researchers figured out how to crack into, force restart, and upload malware to an aftermarket in-vehicle infotainment system.
Published on: March 13, 2025 | Source:Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails
Microsoft has shed light on an ongoing phishing campaign that has targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware. The activity, the tech giant's threat intelligence team said, started in December 2024 and operates with the end goal of conducting
Published on: March 13, 2025 | Source:Grafana Flaws Likely Targeted in Broad SSRF Exploitation Campaign
Threat actors are likely targeting Grafana path traversal bugs for reconnaissance in a SSRF exploitation campaign targeting popular platforms. The post Grafana Flaws Likely Targeted in Broad SSRF Exploitation Campaign appeared first on SecurityWeek.
Published on: March 13, 2025 | Source:Microsoft Warns of Hospitality Sector Attacks Involving ClickFix
A cybercrime group named Storm-1865 has targeted hospitality organizations via fake Booking.com emails and the use of social engineering. The post Microsoft Warns of Hospitality Sector Attacks Involving ClickFix appeared first on SecurityWeek.
Published on: March 13, 2025 | Source:North Koreaβs ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps
The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It's not clear how successful these efforts were. "
Published on: March 13, 2025 | Source:Salt Typhoon: A Wake-up Call for Critical Infrastructure
The Salt Typhoon attacks underscored the need for unity, innovation, and resilience in the face of an increasingly sophisticated cyber-threat landscape.
Published on: March 13, 2025 | Source:DeepSeekβs Malware-Generation Capabilities Put to Test
Researchers have analyzed the ability of the Chinese gen-AI DeepSeek to create malware such as ransomware and keyloggers. The post DeepSeekβs Malware-Generation Capabilities Put to Test appeared first on SecurityWeek.
Published on: March 13, 2025 | Source:North Korean Hackers Distributed Android Spyware via Google Play
The North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play. The post North Korean Hackers Distributed Android Spyware via Google Play appeared first on SecurityWeek.
Published on: March 13, 2025 | Source:Medusa Ransomware Made 300 Critical Infrastructure Victims
CISA, FBI, and MS-ISAC warn of Medusa ransomware attacks targeting critical infrastructure organizations. The post Medusa Ransomware Made 300 Critical Infrastructure Victims appeared first on SecurityWeek.
Published on: March 13, 2025 | Source:GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks
Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections. SAML is an XML-based markup language and open-standard used for exchanging authentication and authorization data between parties, enabling features like single sign-on (SSO), which allows
Published on: March 13, 2025 | Source:Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution
Organizations can align their processes with one of two global industry standards for self-assessment and security maturityβBSIMM and OWASP SAMM. The post Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution appeared first on SecurityWeek.
Published on: March 13, 2025 | Source:Webinar on Demand: Protecting Executives and Enterprises from Digital, Narrative and Physical Attacks
How hyper agenda-driven threat actors, cybercriminals, and nation-states integrate digital, narrative, and physical attacks to target organizations through their executives. The post Webinar on Demand: Protecting Executives and Enterprises from Digital, Narrative and Physical Attacks appeared first on SecurityWeek.
Published on: March 13, 2025 | Source:Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025
As IT environments grow more complex, IT professionals are facing unprecedented pressure to secure business-critical data. With hybrid work the new standard and cloud adoption on the rise, data is increasingly distributed across different environments, providers and locations, expanding the attack surface for emerging cyberthreats. While the need for a strong data protection strategy has become
Published on: March 13, 2025 | Source:OpenAI Operator Agent Used in Proof-of-Concept Phishing Attack
Researchers from Symantec showed how OpenAI's Operator agent, currently in research preview, can be used to construct a basic phishing attack from start to finish.
Published on: March 13, 2025 | Source:Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk
Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has been assigned the CVE identifier CVE-2025-27363, and carries a CVSS score of 8.1, indicating high severity. Described as an out-of-bounds write flaw, it could be exploited to achieve remote code execution when parsing certain font
Published on: March 13, 2025 | Source:WARNING: Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback
Browser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending expiration of a root certificate. "On March 14, 2025, a root certificate used to verify signed content and add-ons for various Mozilla projects, including Firefox, will expire," Mozilla said. "Without updating to Firefox
Published on: March 13, 2025 | Source:Abu Dhabi Guidelines Offer Blueprint for Cybersecurity in Health
Following increasing attacks on healthcare organizations, the United Arab Emirates has refined its regulatory strategy for improving cybersecurity in healthcare.
Published on: March 13, 2025 | Source:F5 Integrates API Security and Networking to Address AI Onslaught
The new F5 Application Delivery Controller and Security Platform combines BIG-IP, NGNIX, and Distributed Cloud Services, plus new AI gateway and AI assistants.
Published on: March 12, 2025 | Source:Lazarus Group deceives developers with 6 new malicious npm packages
Socket researchers said the malware-ridden packages were collectively downloaded over 330 times. GitHub removed all of the malicious packages Wednesday. The post Lazarus Group deceives developers with 6 new malicious npm packages appeared first on CyberScoop.
Published on: March 12, 2025 | Source:Legislative push for child online safety runs afoul of encryption advocates (again)
The Stop CSAM Act would compel companies to curb online child sexual abuse material, but critics argue it would also weaken encrypted services for all users. The post Legislative push for child online safety runs afoul of encryption advocates (again) appeared first on CyberScoop.
Published on: March 12, 2025 | Source:China-Backed Hackers Backdoor US Carrier-Grade Juniper MX Routers
Mandiant researchers found the routers of several unnamed organizations (likely telcos and ISPs) were hacked by UNC3886, and contained a custom backdoor called "TinyShell."
Published on: March 12, 2025 | Source:NIST Finalizes Differential Privacy Rules to Protect Data
The National Institute of Standards and Technology (NIST) has released updated differential privacy guidelines for organizations to follow to protect personally identifiable information when sharing data.
Published on: March 12, 2025 | Source:Apple Drops Another WebKit Zero-Day Bug
A threat actor leveraged the vulnerability in an "extremely sophisticated" attack on targeted iOS users, the company says.
Published on: March 12, 2025 | Source:Volt Typhoon Strikes Massachusetts Power Utility
The prolonged attack, which lasted 300+ days, is the first known compromise of the US electric grid by the Voltzite subgroup of the Chinese APT; during it, the APT attempted to exfiltrate critical OT infrastructure data.
Published on: March 12, 2025 | Source:Security Validation Firm Pentera Banks $60M Series DΒ Β
Israeli startup in the automated security validation space secures a $60 million round led by Evolution Equity Partners. The post Security Validation Firm Pentera Banks $60M Series D appeared first on SecurityWeek.
Published on: March 12, 2025 | Source:Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers
China-nexus cyberespionage group caught planting custom backdoors on end-of-life Juniper Networks Junos OS routers. The post Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers appeared first on SecurityWeek.
Published on: March 12, 2025 | Source:Webinar Today: Protecting Executives and Enterprises from Digital, Narrative and Physical Attacks
How hyper agenda-driven threat actors, cybercriminals, and nation-states integrate digital, narrative, and physical attacks to target organizations through their executives. The post Webinar Today: Protecting Executives and Enterprises from Digital, Narrative and Physical Attacks appeared first on SecurityWeek.
Published on: March 12, 2025 | Source:360 Privacy Raises $36 Million for Digital Executive Protection Platform
360 Privacy has raised $36 million in equity investment to scour the surface and dark web for leaked PII and remove it. The post 360 Privacy Raises $36 Million for Digital Executive Protection Platform appeared first on SecurityWeek.
Published on: March 12, 2025 | Source:'Ballista' Botnet Exploits 2023 Vulnerability in TP-Link Routers
In the past, the vulnerability was exploited to drop Mirai botnet malware. Today, it's being used once more for another botnet campaign with its own malware.
Published on: March 12, 2025 | Source:A Guide to Security Investments: The Anatomy of a Cyberattack
Organizations must recognize that security is not about the number of tools deployed, it is about ensuring those tools effectively disrupt the attack chain at every stage. The post A Guide to Security Investments: The Anatomy of a Cyberattack appeared first on SecurityWeek.
Published on: March 12, 2025 | Source:Beware of DeepSeek Hype: Itβs a Breeding Ground for Scammers
Exploiting trust in the DeepSeek brand, scammers attempt to harvest personal information or steal user credentials. The post Beware of DeepSeek Hype: Itβs a Breeding Ground for Scammers appeared first on SecurityWeek.
Published on: March 12, 2025 | Source: