Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Information of 883,000 Stolen in Crippling Attack on Hospital Sisters Health System
Hospital Sisters Health System says the personal information of 883,000 individuals was compromised in a 2023 crippling cyberattack. The post Information of 883,000 Stolen in Crippling Attack on Hospital Sisters Health System appeared first on SecurityWeek.
Published on: February 07, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution. "This could
Published on: February 07, 2025 | Source:UK Engineering Giant IMI Hit by Cyberattack
UK engineering firm IMI says it suffered a cyberattack that resulted in unauthorized access to some of its systems. The post UK Engineering Giant IMI Hit by Cyberattack appeared first on SecurityWeek.
Published on: February 07, 2025 | Source:430,000 Impacted by Data Breaches at New York, Pennsylvania Healthcare Organizations
University Diagnostic Medical Imaging and Allegheny Health Network have disclosed data breaches impacting approximately 430,000 patients. The post 430,000 Impacted by Data Breaches at New York, Pennsylvania Healthcare Organizations appeared first on SecurityWeek.
Published on: February 07, 2025 | Source:AI-Powered Social Engineering: Reinvented Threats
The foundations for social engineering attacks β manipulating humans β might not have changed much over the years. Itβs the vectors β how these techniques are deployed β that are evolving. And like most industries these days, AI is accelerating its evolution. This article explores how these changes are impacting business, and how cybersecurity leaders can respond. Impersonation attacks:
Published on: February 07, 2025 | Source:Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks
Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers' pathway. The tech giant's threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET
Published on: February 07, 2025 | Source:Indiaβs RBI Introduces Exclusive "bank.in" Domain to Combat Digital Banking Fraud
India's central bank, the Reserve Bank of India (RBI), said it's introducing an exclusive "bank.in" internet domain for banks in the country to combat digital financial fraud. "This initiative aims to reduce cyber security threats and malicious activities like phishing; and, streamline secure financial services, thereby enhancing trust in digital banking and payment services," the RBI said in a
Published on: February 07, 2025 | Source:Trimble Cityworks Customers Warned of Zero-Day Exploitation
Trimble Cityworks is affected by a zero-day vulnerability that has been exploited in attacks involving the delivery of malware. The post Trimble Cityworks Customers Warned of Zero-Day Exploitation appeared first on SecurityWeek.
Published on: February 07, 2025 | Source:Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware
Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp's Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a
Published on: February 07, 2025 | Source:Cybercrime Forces Local Law Enforcement to Shift Focus
Local law enforcements need to steer away from "place-based policing" when investigating cybercrimes.
Published on: February 06, 2025 | Source:7AI Streamlines Security Operations With Autonomous AI Agents
Cybereason co-founders launch their second act with a security startup focused on offering a platform that uses agentic AI to offload repetitive tasks commonly performed by security analysts.
Published on: February 06, 2025 | Source:DOJ disbands foreign influence task force, limits scope of FARA prosecutionsΒ
Both the task force and FARA were used by the bureau to investigate, charge and disrupt foreign and domestic actors accused of working to influence American policy on behalf of other nations. The post DOJ disbands foreign influence task force, limits scope of FARA prosecutions appeared first on CyberScoop.
Published on: February 06, 2025 | Source:Researcher Outsmarts, Jailbreaks OpenAI's New o3-mini
OpenAI's latest tech can reason better than its previous models could, but not well enough to ferret out careful social engineering.
Published on: February 06, 2025 | Source:US Cybersecurity Efforts for Spacecraft Are Up in the Air
While President Trump supported federal space efforts during his first administration, the addition of SpaceX chief Elon Musk to his circle likely means challenges for regulating spacecraft cybersecurity, experts say.
Published on: February 06, 2025 | Source:Experts Flag Security, Privacy Risks in DeepSeek AI App
New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three "free" downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek's design choices -- such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies -- introduce a number of glaring security and privacy...
Published on: February 06, 2025 | Source:DeepSeek Phishing Sites Pursue User Data, Crypto Wallets
Riding the wave of notoriety from the Chinese company's R1 AT chatbot, attackers are spinning up lookalike sites for different malicious use cases.
Published on: February 06, 2025 | Source:Agencies Sound Alarm on Patient Monitors With Hardcoded Backdoor
CISA and the FDA are warning that Contec CMS8000 and Epsimed MN-120 patient monitors are open to meddling and data theft; Claroty Team82 flagged the vulnerability as an avoidable insecure design issue.
Published on: February 06, 2025 | Source:House Lawmakers Push to Ban AI App DeepSeek From US Government Devices
A bipartisan duo in the the U.S. House is proposing legislation to ban the Chinese artificial intelligence app DeepSeek from federal devices. The post House Lawmakers Push to Ban AI App DeepSeek From US Government Devices appeared first on SecurityWeek.
Published on: February 06, 2025 | Source:1,000 Apps Used in Malicious Campaign Targeting Android Users in India
Zimperium warns that threat actors have stolen the information of tens of thousands of Android users in India using over 1,000 malicious applications. The post 1,000 Apps Used in Malicious Campaign Targeting Android Users in India appeared first on SecurityWeek.
Published on: February 06, 2025 | Source:Hugging Face platform continues to be plagued by vulnerable βpicklesβ
A widely used python module for machine-learning developers can be loaded with malware and bypass detection measures. The post Hugging Face platform continues to be plagued by vulnerable βpicklesβ appeared first on CyberScoop.
Published on: February 06, 2025 | Source:The Cyber Savanna: A Rigged Race You Can't Win, but Must Run Anyway
When it comes to protecting your company from cyberattacks, you don't have to be the fastest gazelle β you just can't afford to be the slowest.
Published on: February 06, 2025 | Source:Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking
Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT. The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China. "This actor has increasingly targeted key roles
Published on: February 06, 2025 | Source:Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023
Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023. The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by about 3.94%. "The number of ransomware events increased into H2, but on-chain payments declined,
Published on: February 06, 2025 | Source:Astra, Invary Raise Millions for AI-Powered Pentesting, Runtime Security
Astra Security and Invary have received new funding to fuel development of their vulnerability scanning and runtime security solutions. The post Astra, Invary Raise Millions for AI-Powered Pentesting, Runtime Security appeared first on SecurityWeek.
Published on: February 06, 2025 | Source:Hacker Who Targeted NATO, US Army Arrested in Spain
Spanish authorities have arrested an individual who allegedly hacked several high-profile organizations, including NATO and the US army. The post Hacker Who Targeted NATO, US Army Arrested in Spain appeared first on SecurityWeek.
Published on: February 06, 2025 | Source:Five Eyes Agencies Release Guidance on Securing Edge Devices
Five Eyes cybersecurity agencies have released guidance on securing edge devices against increasing threats. The post Five Eyes Agencies Release Guidance on Securing Edge Devices appeared first on SecurityWeek.
Published on: February 06, 2025 | Source:AIs and Robots Should Sound Robotic
Most people know that robots no longer sound like tinny trash cans. They sound like Siri, Alexa, and Gemini. They sound like the voices in labyrinthine customer support phone trees. And even those robot voices are being made obsolete by new AI-generated voices that can mimic every vocal nuance and tic of human speech, down to specific regional accents. And with just a few seconds of audio, AI can now clone someoneβs...
Published on: February 06, 2025 | Source:Security Teams Pay the Price: The Unfair Reality of Cyber Incidents
The blame of security incidents may be sharedβbut the burden of response always falls on the security team. Hereβs how to prepare for the inevitable. The post Security Teams Pay the Price: The Unfair Reality of Cyber Incidents appeared first on SecurityWeek.
Published on: February 06, 2025 | Source:SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images
A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets. The attacks leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to a command-and-control (C2) server,
Published on: February 06, 2025 | Source:Cisco Patches Critical Vulnerabilities in Enterprise Security Product
Critical vulnerabilities in Cisco Identity Services Engine could lead to elevation of privileges and system configuration modifications. The post Cisco Patches Critical Vulnerabilities in Enterprise Security Product appeared first on SecurityWeek.
Published on: February 06, 2025 | Source:The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025
Privileged Access Management (PAM) has emerged as a cornerstone of modern cybersecurity strategies, shifting from a technical necessity to a critical pillar in leadership agendas. With the PAM market projected to reach $42.96 billion by 2037 (according to Research Nester), organizations invest heavily in PAM solutions. Why is PAM climbing the ranks of leadership priorities? While Gartner
Published on: February 06, 2025 | Source:Fake DeepSeek Sites Used for Credential Phishing, Crypto Theft, Scams
Researchers see dozens of fake DeepSeek websites used for credential phishing, cryptocurrency theft, and scams. The post Fake DeepSeek Sites Used for Credential Phishing, Crypto Theft, Scams appeared first on SecurityWeek.
Published on: February 06, 2025 | Source:North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials
The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC). The attacks commence with phishing emails containing a Windows shortcut (LNK) file that's disguised as a Microsoft Office or PDF document.
Published on: February 06, 2025 | Source:Top 3 Ransomware Threats Active in 2025
You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: "Pay $2 million in Bitcoin within 48 hours or lose everything." And the worst part is that even after paying, thereβs no guarantee youβll get your data back. Many victims hand over the money, only to receive nothing in return, or worse, get
Published on: February 06, 2025 | Source:7AI Launches With $36 Million in Seed Funding for Agentic Security Platform
7AI has launched an agentic security platform, which uses AI agents to handle repetitive tasks. The post 7AI Launches With $36 Million in Seed Funding for Agentic Security Platform appeared first on SecurityWeek.
Published on: February 06, 2025 | Source: