Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Serbian Police Hack Protester's Phone With Cellebrite Exploit Chain
Amnesty International said Serbian police used an exploit chain in tandem with a legitimate mobile extraction dongle from vendor Cellebrite in an attack that brings up questions around ethical technology development.
Published on: March 04, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Jamf Buys Identity Automation, Expands IAM Capabilities
The $215 million acquisition will allow Jamf to offer dynamic identity capabilities and device access in a single platform.
Published on: March 04, 2025 | Source:North Korea's Latest 'IT Worker' Scheme Seeks Nuclear Funds
Fraudulent IT workers are looking for engineering and developer positions in the US and Japan, and this time it's not about espionage.
Published on: March 04, 2025 | Source:Pentagon, CISA Deny Change in US Cyber Policy on Russia
Media reports over the weekend suggested the Trump administration ordered US Cyber Command and CISA to draw down cyber activities targeting Russia.
Published on: March 04, 2025 | Source:ICS/OT Security Budgets Increasing, but Critical Areas Underfunded: Report
The SANS Institute and OPSWAT have published their 2025 ICS/OT Cybersecurity Budget Report. The post ICS/OT Security Budgets Increasing, but Critical Areas Underfunded: Report appeared first on SecurityWeek.
Published on: March 04, 2025 | Source:Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates
Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS. "Once infiltrated, it grants attackers a wide range of remote control capabilities, allowing them to execute
Published on: March 04, 2025 | Source:House passes bill requiring federal contractors to have vulnerability disclosure policies
The legislation to make contractors implement VDPs aligned with NIST guidelines is aimed at protecting Americansβ data, co-sponsor Rep. Nancy Mace says. The post House passes bill requiring federal contractors to have vulnerability disclosure policies appeared first on CyberScoop.
Published on: March 04, 2025 | Source:Intel TDX Connect Bridges the CPU-GPU Security Gap
AI is all about data β and keeping AIβs data confidential both within devices and between devices is problematic. Intel offers a solution. The post Intel TDX Connect Bridges the CPU-GPU Security Gap appeared first on SecurityWeek.
Published on: March 04, 2025 | Source:AI Asset Inventories: The Only Way to Stay on Top of a Lightning-fast Landscape
Unauthorized AI usage is a ticking time bomb. A tool that wasnβt considered a risk yesterday may introduce new AI-powered features overnight. The post AI Asset Inventories: The Only Way to Stay on Top of a Lightning-fast Landscape appeared first on SecurityWeek.
Published on: March 04, 2025 | Source:Why Cybersecurity Jobs Are Hard to Find Amid a Worker Shortage
The cybersecurity job market nowadays is facing an unusual paradox: Many roles seem open, but competition and hiring practices can make securing a position a real challenge.
Published on: March 04, 2025 | Source:Aryon Security Debuts With Platform to Prevent Cloud Misconfigurations
Misconfigurations are the cause of most cloud breaches. Aryon is on a mission to prevent them. The post Aryon Security Debuts With Platform to Prevent Cloud Misconfigurations appeared first on SecurityWeek.
Published on: March 04, 2025 | Source:VMware Security Flaws Exploited in the WildβBroadcom Releases Urgent Patches
Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure. The list of vulnerabilities is as follows - CVE-2025-22224 (CVSS score: 9.3) - A Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write, which a malicious actor with
Published on: March 04, 2025 | Source:Polish Space Agency Hit by Cyberattack
The Polish space agency POLSA says it has disconnected its network from the internet to contain a cyberattack. The post Polish Space Agency Hit by Cyberattack appeared first on SecurityWeek.
Published on: March 04, 2025 | Source:Jamf to Acquire Identity Automation for $215 Million
Apple device management firm Jamf has entered into an agreement to acquire IAM platform Identity Automation. The post Jamf to Acquire Identity Automation for $215 Million appeared first on SecurityWeek.
Published on: March 04, 2025 | Source:Trojaned AI Tool Leads to Disney Hack
This is a sad story of someone who downloaded a Trojaned AI tool that resulted in hackers taking over his computer and, ultimately, costing him his job.
Published on: March 04, 2025 | Source:Google Patches Pair of Exploited Vulnerabilities in Android
Androidβs March 2025 security update addresses over 40 vulnerabilities, including two actively exploited in the wild. The post Google Patches Pair of Exploited Vulnerabilities in Android appeared first on SecurityWeek.
Published on: March 04, 2025 | Source:How New AI Agents Will Transform Credential Stuffing Attacks
Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about to get worse still with Computer-Using Agents, a new kind of AI agent that enables low-cost, low-effort automation of common web tasks β including those frequently performed by attackers. Stolen credentials: The cyber criminalβs weapon of choice
Published on: March 04, 2025 | Source:Exploitation Long Known for Most of CISAβs Latest KEV Additions
Exploitation has been known for months or years for most of the latest vulnerabilities added by CISA to its KEV catalog. The post Exploitation Long Known for Most of CISAβs Latest KEV Additions appeared first on SecurityWeek.
Published on: March 04, 2025 | Source:Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector
Threat hunters are calling attention to a new highly-targeted phishing campaign that singled out "fewer than five" entities in the United Arab Emirates (U.A.E.) to deliver a previously undocumented Golang backdoor dubbed Sosano. The malicious activity was specifically directed against aviation and satellite communications organizations, according to Proofpoint, which detected it in late October
Published on: March 04, 2025 | Source:Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers
Internet service providers (ISPs) in China and the West Coast of the United States have become the target of a mass exploitation campaign that deploys information stealers and cryptocurrency miners on compromised hosts. The findings come from the Splunk Threat Research Team, which said the activity also led to the delivery of various binaries that facilitate data exfiltration as well as offer
Published on: March 04, 2025 | Source:Cisco, Hitachi, Microsoft, and Progress Flaws Actively ExploitedβCISA Sounds Alarm
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2023-20118 (CVSS score: 6.5) - A command injection
Published on: March 04, 2025 | Source:Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities
Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exploitation in the wild. The two high-severity vulnerabilities are listed below - CVE-2024-43093 - A privilege escalation flaw in the Framework component that could result in unauthorized access to "Android/data," "Android/obb,"
Published on: March 04, 2025 | Source:Android security update contains 2 actively exploited vulnerabilities
Googleβs monthly batch of security fixes addressed 43 vulnerabilities. The post Android security update contains 2 actively exploited vulnerabilities appeared first on CyberScoop.
Published on: March 03, 2025 | Source:Name That Edge Toon: On the Precipice
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
Published on: March 03, 2025 | Source:TikTok's Teen Data Use Probed by UK Regulators
Investigators at the ICO are looking into how (or if) TikTok, as well as Reddit and Imgur, are enforcing UK privacy protections for 13- to 17-year-old users.
Published on: March 03, 2025 | Source:Qilin Cybercrime Ring Claims Credit for Lee Newspaper Breach
The ransomware-as-a-service (RaaS) cybercrime group intends to leak the stolen information in just two days, it claims; but oddly, it doesn't seek a ransom payment from its victim.
Published on: March 03, 2025 | Source:Phishers Wreak 'Havoc,' Disguising Attack Inside SharePoint
A complex campaign allows cyberattackers to take over Windows systems by a combining a ClickFix-style attack and sophisticated obfuscation that abuses legitimate Microsoft services.
Published on: March 03, 2025 | Source:CISA: No Change on Defending Against Russian Cyber Threats
The CISA public clarification follows news the Trump administration is temporarily pausing offensive cyber operations against Moscow. The post CISA: No Change on Defending Against Russian Cyber Threats appeared first on SecurityWeek.
Published on: March 03, 2025 | Source:Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail
Threat actors are targeting Amazon Web Services (AWS) environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo Alto Networks Unit 42. The cybersecurity company is tracking the activity cluster under the name TGR-UNK-0011 (short for a threat group with unknown motivation), which it said overlaps with a group known as JavaGhost. TGR-UNK-0011 is known to
Published on: March 03, 2025 | Source:DHS says CISA wonβt stop looking at Russian cyber threats
The statement is a rebuttal to stories suggesting otherwise. The post DHS says CISA wonβt stop looking at Russian cyber threats appeared first on CyberScoop.
Published on: March 03, 2025 | Source:EU's New Product Liability Directive & Its Cybersecurity Impact
By proactively addressing liabilities tied to software updates, data loss, and AI technologies, businesses can mitigate risks and achieve compliance.
Published on: March 03, 2025 | Source:Latin American Orgs Face 40% More Attacks Than Global Average
Technological adoption, demographics, politics, and uniquely Latin American law enforcement challenges have combined to make the region uniquely fertile for cyberattacks.
Published on: March 03, 2025 | Source:Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites
Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc. "The threat actor hides each malware stage behind a SharePoint site and uses a modified version of Havoc Demon in conjunction with the Microsoft Graph API to obscure C2 communications within trusted, well-known
Published on: March 03, 2025 | Source:U.K. ICO Investigates TikTok, Reddit, and Imgur Over Children's Data Protection Practices
The U.K.'s Information Commissioner's Office (ICO) has opened an investigation into online platforms TikTok, Reddit, and Imgur to assess the steps they are taking to protect children between the ages of 13 and 17 in the country. To that end, the watchdog said it's probing how the ByteDance-owned video-sharing service uses the personal data of children in the age range to surface recommendations
Published on: March 03, 2025 | Source:Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks
Threat actors have been exploiting a security vulnerability in Paragon Partition Manager's BioNTdrv.sys driver in ransomware attacks to escalate privileges and execute arbitrary code. The zero-day flaw (CVE-2025-0289) is part of a set of five vulnerabilities that was discovered by Microsoft, according to the CERT Coordination Center (CERT/CC). "These include arbitrary kernel memory mapping and
Published on: March 03, 2025 | Source: