Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
SANS Institute Launches AI Cybersecurity Hackathon
Published on: February 18, 2025 | Source:
Microsoft: New Variant of macOS Threat XCSSET Spotted in the Wild
Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack.
Published on: February 18, 2025 | Source:How Phished Data Turns into Apple & Google Wallets
Carding -- the underground business of stealing, selling and swiping stolen payment card data -- has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile...
Published on: February 18, 2025 | Source:Pangea Launches AI Guard and Prompt Guard to Combat Gen-AI Security Risks
Guardrail specialist releases new products to aid the development and use of secure gen-AI apps. The post Pangea Launches AI Guard and Prompt Guard to Combat Gen-AI Security Risks appeared first on SecurityWeek.
Published on: February 18, 2025 | Source:New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks β Patch Now
Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below - CVE-2025-26465 (CVSS score: 6.8)- The
Published on: February 18, 2025 | Source:Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks
The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems. This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor's malicious payload into an external process, waitfor.exe,
Published on: February 18, 2025 | Source:Finastra Starts Notifying People Impacted by Recent Data Breach
Financial software firm Finastra is notifying individuals whose personal information was stolen in a recent data breach. The post Finastra Starts Notifying People Impacted by Recent Data Breach appeared first on SecurityWeek.
Published on: February 18, 2025 | Source:Critical Vulnerability Patched in Juniper Session Smart Router
A critical vulnerability tracked as CVE-2025-21589 has been patched in Juniper Networksβ Session Smart Router. The post Critical Vulnerability Patched in Juniper Session Smart Router appeared first on SecurityWeek.
Published on: February 18, 2025 | Source:New FrigidStealer Malware Targets macOS Users via Fake Browser Updates
Cybersecurity researchers are alerting to a new campaign that leverages web injects to deliver a new Apple macOS malware known as FrigidStealer. The activity has been attributed to a previously undocumented threat actor known as TA2727, with the information stealers for other platforms such as Windows (Lumma Stealer or DeerStealer) and Android (Marcher). TA2727 is a "threat actor that uses fake
Published on: February 18, 2025 | Source:Singulr Launches With $10M in Funding for AI Security and Governance Platform
Singulr AI announced its launch with $10 million in seed funding raised for an enterprise AI security and governance platform. The post Singulr Launches With $10M in Funding for AI Security and Governance Platform appeared first on SecurityWeek.
Published on: February 18, 2025 | Source:Golang Backdoor Abuses Telegram for C&C Communication
A newly discovered Golang backdoor is abusing Telegram for communication with its command-and-control (C&C) server. The post Golang Backdoor Abuses Telegram for C&C Communication appeared first on SecurityWeek.
Published on: February 18, 2025 | Source:Debunking the AI Hype: Inside Real Hacker Tactics
Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labsβ Red Report 2025 which analyzed over one million malware samples, there's been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a
Published on: February 18, 2025 | Source:Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication
Juniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be exploited to hijack control of susceptible devices. Tracked as CVE-2025-21589, the vulnerability carries a CVSS v3.1 score of 9.8 and a CVS v4 score of 9.3. "An Authentication Bypass Using an Alternate Path or
Published on: February 18, 2025 | Source:Story About Medical Device Security
Ben Rothke relates a story about me working with a medical device firm back when I was with BT. I donβt remember the story at all, or who the company was. But it sounds about right.
Published on: February 18, 2025 | Source:Microsoft Warns of Improved XCSSET macOS Malware
Microsoft has observed a new variant of the XCSSET malware being used in limited attacks against macOS users. The post Microsoft Warns of Improved XCSSET macOS Malware appeared first on SecurityWeek.
Published on: February 18, 2025 | Source:Palo Alto Networks Confirms Exploitation of Firewall Vulnerability
Palo Alto Networks has confirmed that a recently patched firewall vulnerability tracked as CVE-2025-0108 is being actively exploited. The post Palo Alto Networks Confirms Exploitation of Firewall Vulnerability appeared first on SecurityWeek.
Published on: February 18, 2025 | Source:No, youβre not fired β but beware of job termination scams
Some employment scams take an unexpected turn as cybercriminals shift from βhiringβ to βfiringβ staff
Published on: February 18, 2025 | Source:Ex-NSO Group CEOβs Security Firm Dream Raises $100M at $1.1B Valuation
Israeli cybersecurity startup Dream has raised $100 million in Series B funding and is now valued at $1.1 billion. The post Ex-NSO Group CEOβs Security Firm Dream Raises $100M at $1.1B Valuation appeared first on SecurityWeek.
Published on: February 18, 2025 | Source:Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign
The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024. The activity, detailed by Japanese cybersecurity company LAC, overlaps with a threat cluster tracked by Trend Micro as Earth Freybug, which has been assessed to be a subset within the APT41
Published on: February 18, 2025 | Source:New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials
Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services. "This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP's configuration and cause the MFP
Published on: February 18, 2025 | Source:Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers
Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar. MageCart is the name given to a malware that's capable of stealing sensitive payment information from online shopping sites. The attacks are known to
Published on: February 18, 2025 | Source:Atlas of Surveillance
The EFF has released its Atlas of Surveillance, which documents police surveillance technology across the US.
Published on: February 17, 2025 | Source:Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. "Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies," the Microsoft Threat Intelligence team said in a post shared on X. "These enhanced features add to
Published on: February 17, 2025 | Source:New FinalDraft Malware Spotted in Espionage Campaign
A newly identified malware family abuses the Outlook mail service for communication, via the Microsoft Graph API. The post New FinalDraft Malware Spotted in Espionage Campaign appeared first on SecurityWeek.
Published on: February 17, 2025 | Source:Russian State Hackers Target Organizations With Device Code Phishing
Russian hackers have been targeting government, defense, telecoms, and other organizations in a device code phishing campaign. The post Russian State Hackers Target Organizations With Device Code Phishing appeared first on SecurityWeek.
Published on: February 17, 2025 | Source:127 Servers of Bulletproof Hosting Service Zservers Seized by Dutch Police
After governments announced sanctions against the Zservers/XHost bulletproof hosting service, Dutch police took 127 servers offline. The post 127 Servers of Bulletproof Hosting Service Zservers Seized by Dutch Police appeared first on SecurityWeek.
Published on: February 17, 2025 | Source:South Korea Suspends DeepSeek AI Downloads Over Privacy Violations
South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations. Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement. The web service remains
Published on: February 17, 2025 | Source:Downloads of DeepSeekβs AI Apps Paused in South Korea Over Privacy Concerns
DeepSeek has temporarily paused downloads of its chatbot apps in South Korea while it works with local authorities to address privacy concerns. The post Downloads of DeepSeekβs AI Apps Paused in South Korea Over Privacy Concerns appeared first on SecurityWeek.
Published on: February 17, 2025 | Source:Xerox Versalink Printer Vulnerabilities Enable Lateral Movement
Xerox released security updates to resolve pass-back attack vulnerabilities in Versalink multifunction printers. The post Xerox Versalink Printer Vulnerabilities Enable Lateral Movement appeared first on SecurityWeek.
Published on: February 17, 2025 | Source:CISO's Expert Guide To CTEM And Why It Matters
Cyber threats evolveβhas your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity. This concise report makes a clear business case for why CTEMβs comprehensive approach is the best overall strategy for shoring up a businessβs cyber defenses in the face of evolving attacks. It also
Published on: February 17, 2025 | Source:Katharine Hayhoe: The most important climate equation | Starmus highlights
The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action
Published on: February 17, 2025 | Source:β‘ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More
Welcome to this weekβs Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights. Threat of the Week Russian Threat Actors Leverage Device Code Phishing to Hack
Published on: February 17, 2025 | Source:New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations
Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications. Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin. "The malware is compiled in Golang and once executed it acts like a backdoor," security researcher Leandro FrΓ³es said in an analysis
Published on: February 17, 2025 | Source: