Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits
The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX Series routers from Juniper Networks as part of a campaign designed to deploy custom backdoors, highlighting their ability to focus on internal networking infrastructure. "The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script
Published on: March 12, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
The CISO as Business Resilience Architect
To truly become indispensable in the boardroom, CISOs need to meet the dual demands of defending against sophisticated adversaries while leading resilience strategies.
Published on: March 12, 2025 | Source:Chinaβs Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days
Dragos case study reveals that Volt Typhoon hacked the US electric grid and stole information on OT systems. The post Chinaβs Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days appeared first on SecurityWeek.
Published on: March 12, 2025 | Source:Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack
Threat intelligence firm GreyNoise is warning of a "coordinated surge" in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning multiple platforms. "At least 400 IPs have been seen actively exploiting multiple SSRF CVEs simultaneously, with notable overlap between attack attempts," the company said, adding it observed the activity on March 9, 2025. The countries which
Published on: March 12, 2025 | Source:China, Russia, Iran, and North Korea Intelligence Sharing
Former CISA Director Jen Easterly writes about a new international intelligence sharing co-op: Historically, China, Russia, Iran & North Korea have cooperated to some extent on military and intelligence matters, but differences in language, culture, politics & technological sophistication have hindered deeper collaboration, including in cyber. Shifting geopolitical dynamics, however, could drive these states...
Published on: March 12, 2025 | Source:Pentesters: Is AI Coming for Your Role?
Weβve been hearing the same story for years: AI is coming for your job. In fact, in 2017, McKinsey printed a report, Jobs Lost, Jobs Gained: Workforce Transitions in a Time of Automation, predicting that by 2030, 375 million workers would need to find new jobs or risk being displaced by AI and automation. Queue the anxiety. There have been ongoing whispers about what roles would be
Published on: March 12, 2025 | Source:URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days
Microsoft on Tuesday released security updates to address 57 security vulnerabilities in its software, including a whopping six zero-days that it said have been actively exploited in the wild. Of the 56 flaws, six are rated Critical, 50 are rated Important, and one is rated Low in severity. Twenty-three of the addressed vulnerabilities are remote code execution bugs and 22 relate to privilege
Published on: March 12, 2025 | Source:Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks
Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in "extremely sophisticated" attacks. The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is rooted in the WebKit web browser engine component. It has been described as an out-of-bounds write issue that could allow an attacker to craft malicious web content such that it
Published on: March 12, 2025 | Source:Microsoft: 6 Zero-Days in March 2025 Patch Tuesday
Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation.
Published on: March 11, 2025 | Source:Apple discloses zero-day vulnerability, releases emergency patches
Apple released emergency software patches Tuesday that address a newly identified zero-day vulnerability in the companyβs WebKit web browser engine. Tracked as CVE-2025-24201, an attacker can potentially escape the constraints of Webkitβs Web Content sandbox, potentially leading to unauthorized actions. The sandbox is a security feature that isolates untrusted web content in order to prevent [β¦] The post Apple...
Published on: March 11, 2025 | Source:Whopping Number of Microsoft Zero-Days Under Attack
The number of zero-day vulnerabilities getting patched in Microsoft's March update is the company's second-largest ever.
Published on: March 11, 2025 | Source:Trump Taps Sean Plankey to Fill Empty CISA Director Chair
Plankey has served in numerous cybersecurity positions in the past, including during the first Trump presidency from 2018-2020.
Published on: March 11, 2025 | Source:X suffered a DDoS attack. Its CEO and security researchers canβt agree on who did it.
Xβs wave of outages resembled a DDoS attack and Dark Storm Team, a prolific threat group specializing in such attacks, claimed responsibility. The post X suffered a DDoS attack. Its CEO and security researchers canβt agree on who did it. appeared first on CyberScoop.
Published on: March 11, 2025 | Source:'Desert Dexter' Hot Button Facebook Ads Tag Mideast Victims
A Libya-linked threat actor has resurfaced attacking the Middle East and North Africa, using the same old political phishing tricks to deliver AsyncRAT that have worked for years.
Published on: March 11, 2025 | Source:Trade groups worry information sharing will worsen without critical infrastructure panel, CISA law renewal
The groups told lawmakers that both the committee and the law provide vital protections for cyber threat information swapping. The post Trade groups worry information sharing will worsen without critical infrastructure panel, CISA law renewal appeared first on CyberScoop.
Published on: March 11, 2025 | Source:Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader
Adobe documents 35 security flaws in a wide range of products, including code-execution issues in the Acrobat and Reader applications. The post Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader appeared first on SecurityWeek.
Published on: March 11, 2025 | Source:Silk Typhoon Hackers Indicted
Lots of interesting details in the story: The US Department of Justice on Wednesday announced the indictment of 12 Chinese individuals accused of more than a decade of hacker intrusions around the world, including eight staffers for the contractor i-Soon, two officials at Chinaβs Ministry of Public Security who allegedly worked with them, and two other alleged hackers who are said to be part of the Chinese hacker group...
Published on: March 11, 2025 | Source:Amid personnel turmoil at cyber agencies, a government shutdown could increase potential harm
Shutdowns always hamper government operations, but personnel cuts further exacerbate cyber risks, experts say. The post Amid personnel turmoil at cyber agencies, a government shutdown could increase potential harm appeared first on CyberScoop.
Published on: March 11, 2025 | Source:UK Government Report Calls for Stronger Open Source Supply Chain Security Practices
Report from the Department for Science, Innovation & Technology (DSIT) finds weaknesses in current practices. The post UK Government Report Calls for Stronger Open Source Supply Chain Security Practices appeared first on SecurityWeek.
Published on: March 11, 2025 | Source:Alleged Co-Founder of Garantex Arrested in India
Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov, 46, was apprehended while vacationing on the coast of India...
Published on: March 11, 2025 | Source:Balancing Cybersecurity Accountability & Deregulation
While deregulation may open opportunities for growth and innovation, it also creates new risks that demand a proactive, accountable approach to security.
Published on: March 11, 2025 | Source:Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks
The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. "The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates," Check Point said in a new analysis. "More than 1,600 victims were affected during one of
Published on: March 11, 2025 | Source:New York Sues Insurance Giant Over Data Breaches
The New York Attorney General sued National General and its parent company Allstate over two data breaches. The post New York Sues Insurance Giant Over Data Breaches appeared first on SecurityWeek.
Published on: March 11, 2025 | Source:Democratizing Security to Improve Security Posture
Analysts weigh in on how democratizing cybersecurity could benefit organizations, particularly SMBs, as threats increase across the landscape.
Published on: March 11, 2025 | Source:Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices
Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet," security researchers Ofek Vardi and Matan Mittelman said in a technical report shared with
Published on: March 11, 2025 | Source:Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 Devices
Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet," security researchers Ofek Vardi and Matan Mittelman said in a technical report shared with
Published on: March 11, 2025 | Source:Sola Security Deposits Hefty $30M Seed Funding
The financing was provided by S Capital and investor Mike Moritz, S32, Glilot Capital Partners, and several angel investors. The post Sola Security Deposits Hefty $30M Seed Funding appeared first on SecurityWeek.
Published on: March 11, 2025 | Source:1,600 Victims Hit by South American APTβs Malware
South American cyberespionage group Blind Eagle has infected over 1,600 organizations in Colombia in a recent campaign. The post 1,600 Victims Hit by South American APTβs Malware appeared first on SecurityWeek.
Published on: March 11, 2025 | Source:Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats
In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security, believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesnβt equal being secure. As Sun Tzu warned, βStrategy without tactics is
Published on: March 11, 2025 | Source:Binance Spoofers Compromise PCs in 'TRUMP' Crypto Scam
An email campaign luring users with offers of free President Trump meme coins can lead to computer takeover via the ConnectWise RAT, in less than 2 minutes.
Published on: March 11, 2025 | Source:Steganography Explained: How XWorm Hides Inside Images
Inside the most innocent-looking image, a breathtaking landscape, or a funny meme, something dangerous could be hiding, waiting for its moment to strike. No strange file names. No antivirus warnings. Just a harmless picture, secretly concealing a payload that can steal data, execute malware, and take over your system without a trace. This is steganography, a cybercriminalβs secret weapon for
Published on: March 11, 2025 | Source:Donβt let cybercriminals steal your Spotify account
Listen up, this is sure to be music to your ears β a few minutes spent securing your account today can save you a ton of trouble tomorrow
Published on: March 11, 2025 | Source:SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa
Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder. The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear energy
Published on: March 11, 2025 | Source:Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches
Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees. The vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0. "Multiple Moxa PT switches are vulnerable to an authentication bypass because of flaws in their
Published on: March 11, 2025 | Source:CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-57968 - An unrestricted file upload vulnerability in Advantive VeraCore
Published on: March 11, 2025 | Source: