Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
CISA is facing a tight CIRCIA deadline. Hereβs how Sean Plankey can attempt to meet it
The agency has two months to publish its final rule. It will not meet that mark, but a new CISA director has the tools to move the program forward. The post CISA is facing a tight CIRCIA deadline. Hereβs how Sean Plankey can attempt to meet it appeared first on CyberScoop.
Published on: July 30, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Research shows data breach costs have reached an all-time high
IBMβs yearly report finds that a data breach now costs U.S. organizations more than $10 million for recovery. The post Research shows data breach costs have reached an all-time high appeared first on CyberScoop.
Published on: July 30, 2025 | Source:Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero
Google has announced that it's making available a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks. DBSC, first introduced as a prototype in April 2024, is designed to bind authentication sessions to a device so as to prevent threat actors from using stolen cookies to sign-in to victims'
Published on: July 30, 2025 | Source:African Orgs Fall to Mass Microsoft SharePoint Exploits
The National Treasury of South Africa is among the half-dozen known victims in South Africa β along with other nations β of the mass compromise of on-premises Microsoft SharePoint servers.
Published on: July 30, 2025 | Source:Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware
Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025. "Over the course of three days, a threat actor gained access to the customer's network, attempted to download several suspicious files and communicated with malicious infrastructure linked to Auto-Color
Published on: July 30, 2025 | Source:Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure
Google Cloud's Mandiant Consulting has revealed that it has witnessed a drop in activity from the notorious Scattered Spider group, but emphasized the need for organizations to take advantage of the lull to shore up their defenses. "Since the recent arrests tied to the alleged Scattered Spider (UNC3944) members in the U.K., Mandiant Consulting hasn't observed any new intrusions directly
Published on: July 30, 2025 | Source:Minnesota governor activates National Guard amid St. Paul cyberattack
Minnesota Gov. Tim Walz activated the state national guard to help respond to an ongoing cyberattack on the state's capital city. The post Minnesota governor activates National Guard amid St. Paul cyberattack appeared first on CyberScoop.
Published on: July 29, 2025 | Source:Nimble 'Gunra' Ransomware Evolves With Linux Variant
The emerging cybercriminal gang, which initially targeted Microsoft Windows systems, is looking to go cross-platform using sophisticated, multithread encryption.
Published on: July 29, 2025 | Source:CISA says it will release telecom security report sought by Sen. Wyden to lift hold on Plankey nomination
The Oregon Democrat has vowed to place a hold on the nomination to lead the agency until CISA releases the report. The post CISA says it will release telecom security report sought by Sen. Wyden to lift hold on Plankey nomination appeared first on CyberScoop.
Published on: July 29, 2025 | Source:Lenovo Firmware Vulnerabilities Allow Persistent Implant Deployment
Vulnerabilities discovered by Binarly in Lenovo devices allow privilege escalation, code execution, and security bypass. The post Lenovo Firmware Vulnerabilities Allow Persistent Implant Deployment appeared first on SecurityWeek.
Published on: July 29, 2025 | Source:Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44
Cybersecurity researchers have disclosed a now-patched critical security flaw in a popular vibe coding platform called Base44 that could allow unauthorized access to private applications built by its users. "The vulnerability we discovered was remarkably simple to exploit -- by providing only a non-secret 'app_id' value to undocumented registration and email verification endpoints, an attacker
Published on: July 29, 2025 | Source:PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain
The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that's targeting users in an attempt to redirect them to fake PyPI sites. The attack involves sending email messages bearing the subject line "[PyPI] Email verification" that are sent from the email address noreply@pypj[.]org (note that the domain is not "pypi[.]org"). "This is
Published on: July 29, 2025 | Source:Critical Flaw in Vibe-Coding Platform Base44 Exposes Apps
A now-patched authentication issue on the popular vibe-coding platform gave unauthorized users open access to any private application on Base44.
Published on: July 29, 2025 | Source:The Hidden Threat of Rogue Access
With the right IGA tools, governance policies, and risk thresholds, enterprises can continuously detect and act on rogue access before attackers do.
Published on: July 29, 2025 | Source:Seal Security Raises $13 Million to Secure Software Supply Chain
The open source security firm will use the investment to enhance go-to-market efforts and accelerate platform expansion. The post Seal Security Raises $13 Million to Secure Software Supply Chain appeared first on SecurityWeek.
Published on: July 29, 2025 | Source:Chaos RaaS Emerges After BlackSuit Takedown, Demanding $300K from U.S. Victims
A newly emerged ransomware-as-a-service (RaaS) gang called Chaos is likely made up of former members of the BlackSuit crew, as the latter's dark web infrastructure has been the subject of a law enforcement seizure. Chaos, which sprang forth in February 2025, is the latest entrant in the ransomware landscape to conduct big-game hunting and double extortion attacks. "Chaos RaaS actors initiated
Published on: July 29, 2025 | Source:Supply Chain Attacks Spotted in GitHub Actions, Gravity Forms, npm
Researchers discovered backdoors, poisoned code, and malicious commits in some of the more popular tool developers, jeopardizing software supply chains.
Published on: July 29, 2025 | Source:Promptfoo Raises $18.4β―Million for AI Security Platform
Promptfoo has raised $18.4million in Series A funding to help organizations secure LLMs and generative AI applications. The post Promptfoo Raises $18.4Million for AI Security Platform appeared first on SecurityWeek.
Published on: July 29, 2025 | Source:Order out of Chaos β Using Chaos Theory Encryption to Protect OT and IoT
The need for secure encryption in IoT and IIoT devices is obvious, and potentially critical for OT and, by extension, much of the critical infrastructure. The post Order out of Chaos β Using Chaos Theory Encryption to Protect OT and IoT appeared first on SecurityWeek.
Published on: July 29, 2025 | Source:How the Browser Became the Main Cyber Battleground
Until recently, the cyber attacker methodology behind the biggest breaches of the last decade or so has been pretty consistent: Compromise an endpoint via software exploit, or social engineering a user to run malware on their device; Find ways to move laterally inside the network and compromise privileged identities; Repeat as needed until you can execute your desired attack β usually
Published on: July 29, 2025 | Source:Sploitlight: macOS Vulnerability Leaks Sensitive Information
The TCC bypass could expose information cached by Apple Intelligence, including geolocation and biometric data. The post Sploitlight: macOS Vulnerability Leaks Sensitive Information appeared first on SecurityWeek.
Published on: July 29, 2025 | Source:Dropzone AI Raises $37 Million for Autonomous SOC Analyst
Dropzone AI has announced a Series B funding round led by Theory Ventures to boost its AI SOC solution. The post Dropzone AI Raises $37 Million for Autonomous SOC Analyst appeared first on SecurityWeek.
Published on: July 29, 2025 | Source:Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asiaβs Mobile Networks
Cybersecurity researchers have discovered a new, large-scale mobile malware campaign that's targeting Android and iOS platforms with fake dating, social networking, cloud storage, and car service apps to steal sensitive personal data. The cross-platform threat has been codenamed SarangTrap by Zimperium zLabs. Users in South Korea appear to be the primary focus. "This extensive campaign involved
Published on: July 29, 2025 | Source:From Ex Machina to Exfiltration: When AI Gets Too Curious
From prompt injection to emergent behavior, todayβs curious AI models are quietly breaching trust boundaries. The post From Ex Machina to Exfiltration: When AI Gets Too Curious appeared first on SecurityWeek.
Published on: July 29, 2025 | Source:Why React Didn't Kill XSS: The New JavaScript Injection Playbook
React conquered XSS? Think again. That's the reality facing JavaScript developers in 2025, where attackers have quietly evolved their injection techniques to exploit everything from prototype pollution to AI-generated code, bypassing the very frameworks designed to keep applications secure. Full 47-page guide with framework-specific defenses (PDF, free). JavaScript conquered the web, but with
Published on: July 29, 2025 | Source:Organizations Warned of Exploited PaperCut Flaw
Threat actors are exploiting a two-year-old vulnerability in PaperCut that allows them to execute arbitrary code remotely. The post Organizations Warned of Exploited PaperCut Flaw appeared first on SecurityWeek.
Published on: July 29, 2025 | Source:The hidden risks of browser extensions β and how to stay safe
Not all browser add-ons are handy helpers β some may contain far more than you have bargained for
Published on: July 29, 2025 | Source:Fable Security Raises $31 Million for Human Risk Management Platform
Fable Security has emerged from stealth mode with a solution designed to detect risky behaviors and educate employees. The post Fable Security Raises $31 Million for Human Risk Management Platform appeared first on SecurityWeek.
Published on: July 29, 2025 | Source:CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security vulnerability impacting PaperCutNG/MF print management software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2023-2533 (CVSS score: 8.4), is a cross-site request forgery (CSRF) bug that could
Published on: July 29, 2025 | Source:Root Evidence Bets on New Concept for Vulnerability Patch Management
The number of concerning vulnerabilities may be much smaller than organizations think. This cybersecurity startup aims to narrow down the list to the most critical ones.
Published on: July 28, 2025 | Source:Researchers flag flaw in Googleβs AI coding assistant that allowed for βsilentβ code exfiltrationΒ
The findings are part of a growing list of instances where βagenticβ AI software has taken actions that are more akin to a malicious hacker than a helpful AI assistant. The post Researchers flag flaw in Googleβs AI coding assistant that allowed for βsilentβ code exfiltration appeared first on CyberScoop.
Published on: July 28, 2025 | Source:Insurance Giant Allianz Life Grapples With Breach Affecting 'Majority' of Customers
The company has yet to report an exact number of how many individuals were impacted by the breach and plans to start the notification process around Aug. 1.
Published on: July 28, 2025 | Source:Chaos Ransomware Rises as BlackSuit Gang Falls
Researchers detailed a newer double-extortion ransomware group made up of former members of BlackSuit, which was recently disrupted by international law enforcement.
Published on: July 28, 2025 | Source:Ghost Students Drain Money, Resources From Educational Sector
The education sector is haunted by a significant fraud problem where fake students impersonate celebrities and employ other identity techniques to steal resources and money from legitimate students.
Published on: July 28, 2025 | Source:That Time Tom Lehrer Pranked the NSA
Bluesky thread. Hereβs the paper, from 1957. Note reference 3.
Published on: July 28, 2025 | Source: