All Security News

Browse the full archive of security news and updates.

Security News – 2025-07-17

Thu Jul 17 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Cambodia Makes 1,000 Arrests in Latest Crackdown on Cybercrime

More than 1,000 suspects were arrested in raids in at least five provinces between Monday and Wednesday, according to Information Minister Neth Pheaktra and police.

The post Cambodia Makes 1,000 Arrests in Latest Crackdown on Cybercrime appeared first on SecurityWeek.

Europol-Coordinated Global Operation Takes Down Pro-Russian Cybercrime Network

Codenamed Eastwood, the operation targeted the so-called NoName057(16) group, which was identified as being behind a series of DDoS attacks on municipalities and organizations linked to a NATO summit.

The post Europol-Coordinated Global Operation Takes Down Pro-Russian Cybercrime Network appeared first on SecurityWeek.

United Natural Foods Projects Up to $400M Sales Hit From June Cyberattack

Cyberattack disrupted UNFI’s operations in June; company estimates $50–$60 million net income hit but anticipates insurance will cover most losses.

The post United Natural Foods Projects Up to $400M Sales Hit From June Cyberattack appeared first on SecurityWeek.

SonicWall SMA Appliances Targeted With New ‘Overstep’ Malware

A threat actor that may be financially motivated is targeting SonicWall devices with a backdoor and user-mode rootkit.

The post SonicWall SMA Appliances Targeted With New ‘Overstep’ Malware appeared first on SecurityWeek.

Virtual Event Today: Cloud & Data Security Summit – Tackling Exposed Attack Surfaces in the Cloud

Virtual event brings together leading experts, practitioners, and innovators for a full day of insightful discussions and tactical guidance on evolving threats and real-world defense strategies in cloud security.

The post Virtual Event Today: Cloud & Data Security Summit – Tackling Exposed Attack Surfaces in the Cloud appeared first on SecurityWeek.

Security News – 2025-07-16

Wed Jul 16 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Virtual Event Preview: Cloud & Data Security Summit – Tackling Exposed Attack Surfaces in the Cloud

The post Virtual Event Preview: Cloud & Data Security Summit – Tackling Exposed Attack Surfaces in the Cloud appeared first on SecurityWeek.

Threat Actors Use SVG Smuggling for Browser-Native Redirection

Obfuscated JavaScript code is embedded within SVG files for browser-native redirection to malicious pages.

The post Threat Actors Use SVG Smuggling for Browser-Native Redirection appeared first on SecurityWeek.

DDoS Attacks Blocked by Cloudflare in 2025 Already Surpass 2024 Total

Cloudflare has published its quarterly DDoS threat report for Q2 2025 and the company says it has blocked millions of attacks.

The post DDoS Attacks Blocked by Cloudflare in 2025 Already Surpass 2024 Total appeared first on SecurityWeek.

Data Breach at Debt Settlement Firm Impacts 160,000 People

Pennsylvania-based Century Support Services is disclosing a data breach after its systems were hacked in November 2024.

The post Data Breach at Debt Settlement Firm Impacts 160,000 People appeared first on SecurityWeek.

Zip Security Raises $13.5 Million in Series A Funding

Zip Security’s Series A funding round led by Ballistic Ventures will help the company grow its engineering and go-to-market teams.

The post Zip Security Raises $13.5 Million in Series A Funding appeared first on SecurityWeek.

Security News – 2025-07-15

Tue Jul 15 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Train Brakes Can Be Hacked Over Radio—And the Industry Knew for 20 Years

A vulnerability affecting systems named End-of-Train and Head-of-Train can be exploited by hackers to cause trains to brake.

The post Train Brakes Can Be Hacked Over Radio—And the Industry Knew for 20 Years appeared first on SecurityWeek.

CitrixBleed 2 Flaw Poses Unacceptable Risk: CISA

CISA considers the recently disclosed CitrixBleed 2 vulnerability an unacceptable risk and has added it to the KEV catalog.

The post CitrixBleed 2 Flaw Poses Unacceptable Risk: CISA appeared first on SecurityWeek.

Google Gemini Tricked Into Showing Phishing Message Hidden in Email

Google Gemini for Workspace can be tricked into displaying a phishing message when asked to summarize an email.

The post Google Gemini Tricked Into Showing Phishing Message Hidden in Email appeared first on SecurityWeek.

New Interlock RAT Variant Distributed via FileFix Attacks

The Interlock ransomware group has partnered with the KongTuke TDS to distribute a new RAT variant via FileFix attacks.

The post New Interlock RAT Variant Distributed via FileFix Attacks appeared first on SecurityWeek.

Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment

Vulnerabilities in Gigabyte firmware implementations could allow attackers to disable Secure Boot and execute code during the early boot phase.

The post Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment appeared first on SecurityWeek.

Security News – 2025-07-14

Mon Jul 14 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

13 Romanians Arrested for Phishing the UK’s Tax Service

Investigators from HMRC joined more than 100 Romanian police officers to arrest the 13 Romanian suspects in the counties of Ilfov, Giurgiu and Calarasi.

The post 13 Romanians Arrested for Phishing the UK’s Tax Service appeared first on SecurityWeek.

Grok-4 Falls to a Jailbreak Two Days After Its Release

The latest release of the xAI LLM, Grok-4, has already fallen to a sophisticated jailbreak.

The post Grok-4 Falls to a Jailbreak Two Days After Its Release appeared first on SecurityWeek.

In Other News: Microsoft Finds AMD CPU Flaws, ZuRu macOS Malware Evolves, DoNot APT Targets Govs

Noteworthy stories that might have slipped under the radar: Microsoft shows attack against AMD processors, SentinelOne details latest ZuRu macOS malware version, Indian APT DoNot targets governments.

The post In Other News: Microsoft Finds AMD CPU Flaws, ZuRu macOS Malware Evolves, DoNot APT Targets Govs appeared first on SecurityWeek.

Cyberstarts Launches $300M Liquidity Fund to Help Startups Retain Top Talent

With IPOs taking longer than ever, the venture firm’s fund aims to keep startup veterans motivated while staying private.

The post Cyberstarts Launches $300M Liquidity Fund to Help Startups Retain Top Talent appeared first on SecurityWeek.

EU Unveils AI Code of Practice to Help Businesses Comply With Bloc’s Rules

The EU code is voluntary and complements the EU’s AI Act, a comprehensive set of regulations that was approved last year and is taking effect in phases.

The post EU Unveils AI Code of Practice to Help Businesses Comply With Bloc’s Rules appeared first on SecurityWeek.

Security News – 2025-07-13

Sun Jul 13 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Grok-4 Falls to a Jailbreak Two days After Its Release

The latest release of the xAI LLM, Grok-4, has already fallen to a sophisticated jailbreak.

The post Grok-4 Falls to a Jailbreak Two days After Its Release appeared first on SecurityWeek.

In Other News: Microsoft Finds AMD CPU Flaws, ZuRu macOS Malware Evolves, DoNot APT Targets Govs

Noteworthy stories that might have slipped under the radar: Microsoft shows attack against AMD processors, SentinelOne details latest ZuRu macOS malware version, Indian APT DoNot targets governments.

The post In Other News: Microsoft Finds AMD CPU Flaws, ZuRu macOS Malware Evolves, DoNot APT Targets Govs appeared first on SecurityWeek.

Cyberstarts Launches $300M Liquidity Fund to Help Startups Retain Top Talent

With IPOs taking longer than ever, the venture firm’s fund aims to keep startup veterans motivated while staying private.

The post Cyberstarts Launches $300M Liquidity Fund to Help Startups Retain Top Talent appeared first on SecurityWeek.

EU Unveils AI Code of Practice to Help Businesses Comply With Bloc’s Rules

The EU code is voluntary and complements the EU’s AI Act, a comprehensive set of regulations that was approved last year and is taking effect in phases.

The post EU Unveils AI Code of Practice to Help Businesses Comply With Bloc’s Rules appeared first on SecurityWeek.

McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications

Two vulnerabilities in an internal API allowed unauthorized access to contacts and chats, exposing the information of 64 million McDonald’s applicants.

The post McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications appeared first on SecurityWeek.

Security News – 2025-07-12

Sat Jul 12 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

In Other News: Microsoft Finds AMD CPU Flaws, ZuRu macOS Malware Evolves, DoNot APT Targets Govs

Noteworthy stories that might have slipped under the radar: Microsoft shows attack against AMD processors, SentinelOne details latest ZuRu macOS malware version, Indian APT DoNot targets governments.

The post In Other News: Microsoft Finds AMD CPU Flaws, ZuRu macOS Malware Evolves, DoNot APT Targets Govs appeared first on SecurityWeek.

Cyberstarts Launches $300M Liquidity Fund to Help Startups Retain Top Talent

With IPOs taking longer than ever, the venture firm’s fund aims to keep startup veterans motivated while staying private.

The post Cyberstarts Launches $300M Liquidity Fund to Help Startups Retain Top Talent appeared first on SecurityWeek.

EU Unveils AI Code of Practice to Help Businesses Comply With Bloc’s Rules

The EU code is voluntary and complements the EU’s AI Act, a comprehensive set of regulations that was approved last year and is taking effect in phases.

The post EU Unveils AI Code of Practice to Help Businesses Comply With Bloc’s Rules appeared first on SecurityWeek.

McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications

Two vulnerabilities in an internal API allowed unauthorized access to contacts and chats, exposing the information of 64 million McDonald’s applicants.

The post McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications appeared first on SecurityWeek.

Critical Wing FTP Server Vulnerability Exploited

Wing FTP Server vulnerability CVE-2025-47812 can be exploited for arbitrary command execution with root or system privileges.

The post Critical Wing FTP Server Vulnerability Exploited appeared first on SecurityWeek.

Security News – 2025-07-11

Fri Jul 11 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

eSIM Hack Allows for Cloning, Spying

Details have been disclosed for an eSIM hacking method that could impact many, but the industry is taking action.

The post eSIM Hack Allows for Cloning, Spying appeared first on SecurityWeek.

Ingram Micro Restores Systems Impacted by Ransomware

Ingram Micro has restored operations across all countries and regions after disconnecting systems to contain a ransomware attack.

The post Ingram Micro Restores Systems Impacted by Ransomware appeared first on SecurityWeek.

Four Arrested in UK Over M&S, Co-op Cyberattacks

Three teens and a woman have been arrested by the UK’s NCA over the hacking of M&S, Co-op and Harrods.

The post Four Arrested in UK Over M&S, Co-op Cyberattacks appeared first on SecurityWeek.

Qantas Confirms 5.7 Million Impacted by Data Breach

Hackers compromised names, addresses, email address, phone numbers, and other information pertaining to Qantas customers.

The post Qantas Confirms 5.7 Million Impacted by Data Breach appeared first on SecurityWeek.

Booz Allen Invests in Machine Identity Firm Corsha

‘Machine identities’, often used interchangeably with ‘non-human identities’ (NHIs), have been increasing rapidly since the start of digital transformation.

The post Booz Allen Invests in Machine Identity Firm Corsha appeared first on SecurityWeek.

Security News – 2025-07-10

Thu Jul 10 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Nippon Steel Subsidiary Blames Data Breach on Zero-Day Attack

Nippon Steel Solutions has disclosed a data breach that resulted from the exploitation of a zero-day in network equipment.

The post Nippon Steel Subsidiary Blames Data Breach on Zero-Day Attack appeared first on SecurityWeek.

Samsung Announces Security Improvements for Galaxy Smartphones

New Samsung Galaxy features include protections for on-device AI, expanded cross-device threat detection, and quantum-resistant encryption for network security.

The post Samsung Announces Security Improvements for Galaxy Smartphones appeared first on SecurityWeek.

ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact

Industrial solutions providers Siemens, Schneider Electric and Phoenix Contact have released July 2025 Patch Tuesday ICS security advisories.

The post ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact appeared first on SecurityWeek.

Unpatched Ruckus Vulnerabilities Allow Wireless Environment Hacking

Multiple vulnerabilities in Ruckus Wireless management products could be exploited to fully compromise the managed environments.

The post Unpatched Ruckus Vulnerabilities Allow Wireless Environment Hacking appeared first on SecurityWeek.

Canadian Electric Utility Says Power Meters Disrupted by Cyberattack

Nova Scotia Power is notifying individuals affected by the recent data breach, including in the United States.

The post Canadian Electric Utility Says Power Meters Disrupted by Cyberattack appeared first on SecurityWeek.

Security News – 2025-07-09

Wed Jul 09 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Adobe Patches Critical Code Execution Bugs

Adobe patches were also released for medium-severity flaws in After Effects, Audition, Dimension, Experience Manager Screens, FrameMaker, Illustrator, Substance 3D Stager, and Substance 3D Viewer.

The post Adobe Patches Critical Code Execution Bugs appeared first on SecurityWeek.

Microsoft Patches 130 Vulnerabilities for July 2025 Patch Tuesday

Patch Tuesday July 2025: Microsoft rolled out fixes for 130 vulnerabilities, including a zero-day in SQL Server.

The post Microsoft Patches 130 Vulnerabilities for July 2025 Patch Tuesday appeared first on SecurityWeek.

Impostor Uses AI to Impersonate Rubio and Contact Foreign and US Officials

The warning came after the department discovered that an impostor attempted to reach out to at least three foreign ministers, a U.S. senator and a governor.

The post Impostor Uses AI to Impersonate Rubio and Contact Foreign and US Officials appeared first on SecurityWeek.

Legitimate Shellter Pen-Testing Tool Used in Malware Attacks

A stolen copy of Shellter Elite shows how easily legitimate security tools can be repurposed by threat actors when vetting and oversight fail.

The post Legitimate Shellter Pen-Testing Tool Used in Malware Attacks appeared first on SecurityWeek.

The Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to Ignore

As organizations rush to adopt agentic AI, security leaders must confront the growing risk of invisible threats and new attack vectors.

The post The Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to Ignore appeared first on SecurityWeek.

Security News – 2025-07-08

Tue Jul 08 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Grafana Patches Chromium Bugs, Including Zero-Day Exploited in the Wild

CVE-2025-6554 and three other Chromium vulnerabilities could allow attackers to execute code and corrupt memory remotely.

The post Grafana Patches Chromium Bugs, Including Zero-Day Exploited in the Wild appeared first on SecurityWeek.

Hunters International Shuts Down, Offers Free Decryptors as It Morphs Into World Leaks

The notorious Hive successor ceases ransomware operations but pivots to pure data extortion under the new World Leaks brand.

The post Hunters International Shuts Down, Offers Free Decryptors as It Morphs Into World Leaks appeared first on SecurityWeek.

Ingram Micro Scrambling to Restore Systems After Ransomware Attack

The IT products and services giant did not say how the intrusion occurred or whether any data was stolen from its systems.

The post Ingram Micro Scrambling to Restore Systems After Ransomware Attack appeared first on SecurityWeek.

Police in Brazil Arrest a Suspect Over $100M Banking Hack

Officials identified the suspect as João Roque, a C&M employee who worked in information technology and allegedly helped others gain unauthorized access to PIX systems.

The post Police in Brazil Arrest a Suspect Over $100M Banking Hack appeared first on SecurityWeek.

In Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ransomware Negotiator Probed

Noteworthy stories that might have slipped under the radar: drug cartel hires hacker to identify FBI informants, prison time for Russian ransomware developer, ransomware negotiator investigated.

The post In Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ransomware Negotiator Probed appeared first on SecurityWeek.

Security News – 2025-07-07

Mon Jul 07 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

In Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ransomware Negotiator Probed

Noteworthy stories that might have slipped under the radar: drug cartel hires hacker to identify FBI informants, prison time for Russian ransomware developer, ransomware negotiator investigated.

The post In Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ransomware Negotiator Probed appeared first on SecurityWeek.

Undetectable Android Spyware Backfires, Leaks 62,000 User Logins

A vulnerability in the Catwatchful spyware allowed a security researcher to retrieve the usernames and passwords of over 62,000 accounts.

The post Undetectable Android Spyware Backfires, Leaks 62,000 User Logins appeared first on SecurityWeek.

Cisco Warns of Hardcoded Credentials in Enterprise Software

Hardcoded SSH credentials in Cisco Unified CM and Unified CM SME could allow attackers to execute commands as root.

The post Cisco Warns of Hardcoded Credentials in Enterprise Software appeared first on SecurityWeek.

North Korean Hackers Use Fake Zoom Updates to Install macOS Malware

SentinelOne says the fake Zoom update scam delivers ‘NimDoor’, a rare Nim-compiled backdoor.

The post North Korean Hackers Use Fake Zoom Updates to Install macOS Malware appeared first on SecurityWeek.

Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response

Ransomware is a major threat to the enterprise. Tools and training help, but survival depends on one thing: your organization’s muscle memory to respond fast and recover stronger.

The post Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response appeared first on SecurityWeek.

Security News – 2025-07-06

Sun Jul 06 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

In Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ransomware Negotiator Probed

Noteworthy stories that might have slipped under the radar: drug cartel hires hacker to identify FBI informants, prison time for Russian ransomware developer, ransomware negotiator investigated.

The post In Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ransomware Negotiator Probed appeared first on SecurityWeek.

Undetectable Android Spyware Backfires, Leaks 62,000 User Logins

A vulnerability in the Catwatchful spyware allowed a security researcher to retrieve the usernames and passwords of over 62,000 accounts.

The post Undetectable Android Spyware Backfires, Leaks 62,000 User Logins appeared first on SecurityWeek.

Cisco Warns of Hardcoded Credentials in Enterprise Software

Hardcoded SSH credentials in Cisco Unified CM and Unified CM SME could allow attackers to execute commands as root.

The post Cisco Warns of Hardcoded Credentials in Enterprise Software appeared first on SecurityWeek.

North Korean Hackers Use Fake Zoom Updates to Install macOS Malware

SentinelOne says the fake Zoom update scam delivers ‘NimDoor’, a rare Nim-compiled backdoor.

The post North Korean Hackers Use Fake Zoom Updates to Install macOS Malware appeared first on SecurityWeek.

Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response

Ransomware is a major threat to the enterprise. Tools and training help, but survival depends on one thing: your organization’s muscle memory to respond fast and recover stronger.

The post Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response appeared first on SecurityWeek.

Security News – 2025-07-05

Sat Jul 05 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

In Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ransomware Negotiator Probed

Noteworthy stories that might have slipped under the radar: drug cartel hires hacker to identify FBI informants, prison time for Russian ransomware developer, ransomware negotiator investigated.

The post In Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ransomware Negotiator Probed appeared first on SecurityWeek.

Undetectable Android Spyware Backfires, Leaks 62,000 User Logins

A vulnerability in the Catwatchful spyware allowed a security researcher to retrieve the usernames and passwords of over 62,000 accounts.

The post Undetectable Android Spyware Backfires, Leaks 62,000 User Logins appeared first on SecurityWeek.

Cisco Warns of Hardcoded Credentials in Enterprise Software

Hardcoded SSH credentials in Cisco Unified CM and Unified CM SME could allow attackers to execute commands as root.

The post Cisco Warns of Hardcoded Credentials in Enterprise Software appeared first on SecurityWeek.

North Korean Hackers Use Fake Zoom Updates to Install macOS Malware

SentinelOne says the fake Zoom update scam delivers ‘NimDoor’, a rare Nim-compiled backdoor.

The post North Korean Hackers Use Fake Zoom Updates to Install macOS Malware appeared first on SecurityWeek.

Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response

Ransomware is a major threat to the enterprise. Tools and training help, but survival depends on one thing: your organization’s muscle memory to respond fast and recover stronger.

The post Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response appeared first on SecurityWeek.

Security News – 2025-07-04

Fri Jul 04 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Undetectable Android Spyware Backfires, Leaks 62,000 User Logins

A vulnerability in the Catwatchful spyware allowed a security researcher to retrieve the usernames and passwords of over 62,000 accounts.

The post Undetectable Android Spyware Backfires, Leaks 62,000 User Logins appeared first on SecurityWeek.

Cisco Warns of Hardcoded Credentials in Enterprise Software

Hardcoded SSH credentials in Cisco Unified CM and Unified CM SME could allow attackers to execute commands as root.

The post Cisco Warns of Hardcoded Credentials in Enterprise Software appeared first on SecurityWeek.

North Korean Hackers Use Fake Zoom Updates to Install macOS Malware

SentinelOne says the fake Zoom update scam delivers ‘NimDoor’, a rare Nim-compiled backdoor.

The post North Korean Hackers Use Fake Zoom Updates to Install macOS Malware appeared first on SecurityWeek.

Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response

Ransomware is a major threat to the enterprise. Tools and training help, but survival depends on one thing: your organization’s muscle memory to respond fast and recover stronger.

The post Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response appeared first on SecurityWeek.

US Calls Reported Threats by Pro-Iran Hackers to Release Trump-Tied Material a ‘Smear Campaign’

The United States has warned of continued Iranian cyberattacks following American strikes on Iran’s nuclear facilities.

The post US Calls Reported Threats by Pro-Iran Hackers to Release Trump-Tied Material a ‘Smear Campaign’ appeared first on SecurityWeek.

Security News – 2025-07-03

Thu Jul 03 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response

Ransomware is a major threat to the enterprise. Tools and training help, but survival depends on one thing: your organization’s muscle memory to respond fast and recover stronger.

The post Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response appeared first on SecurityWeek.

US Calls Reported Threats by Pro-Iran Hackers to Release Trump-Tied Material a ‘Smear Campaign’

The United States has warned of continued Iranian cyberattacks following American strikes on Iran’s nuclear facilities.

The post US Calls Reported Threats by Pro-Iran Hackers to Release Trump-Tied Material a ‘Smear Campaign’ appeared first on SecurityWeek.

Cybersecurity M&A Roundup: 41 Deals Announced in June 2025

Forty-one cybersecurity merger and acquisition (M&A) deals were announced in June 2025.

The post Cybersecurity M&A Roundup: 41 Deals Announced in June 2025 appeared first on SecurityWeek.

Kelly Benefits Data Breach Impacts 550,000 People

As Kelly Benefits’s investigation into a recent data breach progressed, the number of impacted individuals continued to grow.

The post Kelly Benefits Data Breach Impacts 550,000 People appeared first on SecurityWeek.

Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover

A vulnerability in the Forminator WordPress plugin allows attackers to delete arbitrary files and take over impacted websites.

The post Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover appeared first on SecurityWeek.

Security News – 2025-07-02

Wed Jul 02 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Critical Microsens Product Flaws Allow Hackers to Go ‘From Zero to Hero’

CISA has informed organizations about critical authentication bypass and remote code execution vulnerabilities in Microsens NMP Web+.

The post Critical Microsens Product Flaws Allow Hackers to Go ‘From Zero to Hero’ appeared first on SecurityWeek.

LevelBlue to Acquire Trustwave to Create Major MSSP

LevelBlue has announced plans to acquire Trustwave to create the largest pure-play managed security services provider (MSSP).

The post LevelBlue to Acquire Trustwave to Create Major MSSP appeared first on SecurityWeek.

Cloudflare Puts a Default Block on AI Web Scraping

The move could reshape how LLM developers gather information — and force new deals between creators and AI companies.

The post Cloudflare Puts a Default Block on AI Web Scraping appeared first on SecurityWeek.

263,000 Impacted by Esse Health Data Breach

Esse Health says the personal information of over 263,000 individuals was stolen in an April 2025 cyberattack.

The post 263,000 Impacted by Esse Health Data Breach appeared first on SecurityWeek.

Thousands of Citrix NetScaler Instances Unpatched Against Exploited Vulnerabilities

Many Citrix NetScaler systems are exposed to attacks exploiting the vulnerabilities tracked as CVE-2025-5777 and CVE-2025-6543.

The post Thousands of Citrix NetScaler Instances Unpatched Against Exploited Vulnerabilities appeared first on SecurityWeek.

Security News – 2025-07-01

Tue Jul 01 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Cato Networks Raises $359 Million to Expand SASE Business

Founded in 2015, the Tel Aviv based company has now raised more than $1 billion and claims more than 3,500 customers.

The post Cato Networks Raises $359 Million to Expand SASE Business appeared first on SecurityWeek.

NASA Needs Agency-Wide Cybersecurity Risk Assessment: GAO

NASA needs to perform an agency-wide cybersecurity risk assessment and to complete important cybersecurity tasks for each of its projects.

The post NASA Needs Agency-Wide Cybersecurity Risk Assessment: GAO appeared first on SecurityWeek.

Rachel Tobac is a cyber social engineer. She is skilled at persuading people to do what she wants, rather than what they know they ought to do.

The post Hacker Conversations: Rachel Tobac and the Art of Social Engineering appeared first on SecurityWeek.

Casie Antalis Appointed to Lead CISA Program

Casie Antalis is the new program director of the Joint Cyber Coordination Group at the Cybersecurity and Infrastructure Security Agency.

The post Casie Antalis Appointed to Lead CISA Program appeared first on SecurityWeek.

Airoha Chip Vulnerabilities Expose Headphones to Takeover

Vulnerabilities in Airoha Bluetooth SoCs expose headphone and earbud products from multiple vendors to takeover attacks.

The post Airoha Chip Vulnerabilities Expose Headphones to Takeover appeared first on SecurityWeek.

Security News – 2025-06-30

Mon Jun 30 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Windows’ Infamous ‘Blue Screen of Death’ Will Soon Turn Black

After more than 40 years of being set against a very recognizable blue, the updated error message will soon be displayed across a black background.

The post Windows’ Infamous ‘Blue Screen of Death’ Will Soon Turn Black appeared first on SecurityWeek.

In Other News: Norway Dam Hacked, $177M Data Breach Settlement, UNFI Attack Update

Noteworthy stories that might have slipped under the radar: Norwegian dam hacked, AT&T agrees to $177 million data breach settlement, Whole Foods distributor restores systems after attack.

The post In Other News: Norway Dam Hacked, $177M Data Breach Settlement, UNFI Attack Update appeared first on SecurityWeek.

Microsoft to Preview New Windows Endpoint Security Platform After CrowdStrike Outage

Microsoft is preparing a private preview of new Windows endpoint security platform capabilities to help antimalware vendors create solutions that run outside the kernel.

The post Microsoft to Preview New Windows Endpoint Security Platform After CrowdStrike Outage appeared first on SecurityWeek.

RevEng.ai Raises $4.15 Million to Secure Software Supply Chain

RevEng.ai has raised $4.15 million in seed funding for an AI platform that automatically detects malicious code and vulnerabilities in software.

The post RevEng.ai Raises $4.15 Million to Secure Software Supply Chain appeared first on SecurityWeek.

Chinese Hackers Target Chinese Users With RAT, Rootkit

China-linked Silver Fox hacking group is targeting Chinese users with fake installers carrying a RAT and a rootkit.

The post Chinese Hackers Target Chinese Users With RAT, Rootkit appeared first on SecurityWeek.

Security News – 2025-06-29

Sun Jun 29 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Windows’ Infamous ‘Blue Screen of Death’ Will Soon Turn Black

After more than 40 years of being set against a very recognizable blue, the updated error message will soon be displayed across a black background.

The post Windows’ Infamous ‘Blue Screen of Death’ Will Soon Turn Black appeared first on SecurityWeek.

In Other News: Norway Dam Hacked, $177M Data Breach Settlement, UNFI Attack Update

Noteworthy stories that might have slipped under the radar: Norwegian dam hacked, AT&T agrees to $177 million data breach settlement, Whole Foods distributor restores systems after attack.

The post In Other News: Norway Dam Hacked, $177M Data Breach Settlement, UNFI Attack Update appeared first on SecurityWeek.

Microsoft to Preview New Windows Endpoint Security Platform After CrowdStrike Outage

Microsoft is preparing a private preview of new Windows endpoint security platform capabilities to help antimalware vendors create solutions that run outside the kernel.

The post Microsoft to Preview New Windows Endpoint Security Platform After CrowdStrike Outage appeared first on SecurityWeek.

RevEng.ai Raises $4.15 Million to Secure Software Supply Chain

RevEng.ai has raised $4.15 million in seed funding for an AI platform that automatically detects malicious code and vulnerabilities in software.

The post RevEng.ai Raises $4.15 Million to Secure Software Supply Chain appeared first on SecurityWeek.

Chinese Hackers Target Chinese Users With RAT, Rootkit

China-linked Silver Fox hacking group is targeting Chinese users with fake installers carrying a RAT and a rootkit.

The post Chinese Hackers Target Chinese Users With RAT, Rootkit appeared first on SecurityWeek.

Security News – 2025-06-28

Sat Jun 28 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Windows’ Infamous ‘Blue Screen of Death’ Will Soon Turn Black

After more than 40 years of being set against a very recognizable blue, the updated error message will soon be displayed across a black background.

The post Windows’ Infamous ‘Blue Screen of Death’ Will Soon Turn Black appeared first on SecurityWeek.

In Other News: Norway Dam Hacked, $177M Data Breach Settlement, UNFI Attack Update

Noteworthy stories that might have slipped under the radar: Norwegian dam hacked, AT&T agrees to $177 million data breach settlement, Whole Foods distributor restores systems after attack.

The post In Other News: Norway Dam Hacked, $177M Data Breach Settlement, UNFI Attack Update appeared first on SecurityWeek.

Microsoft to Preview New Windows Endpoint Security Platform After CrowdStrike Outage

Microsoft is preparing a private preview of new Windows endpoint security platform capabilities to help antimalware vendors create solutions that run outside the kernel.

The post Microsoft to Preview New Windows Endpoint Security Platform After CrowdStrike Outage appeared first on SecurityWeek.

RevEng.ai Raises $4.15 Million to Secure Software Supply Chain

RevEng.ai has raised $4.15 million in seed funding for an AI platform that automatically detects malicious code and vulnerabilities in software.

The post RevEng.ai Raises $4.15 Million to Secure Software Supply Chain appeared first on SecurityWeek.

Chinese Hackers Target Chinese Users With RAT, Rootkit

China-linked Silver Fox hacking group is targeting Chinese users with fake installers carrying a RAT and a rootkit.

The post Chinese Hackers Target Chinese Users With RAT, Rootkit appeared first on SecurityWeek.

Security News – 2025-06-27

Fri Jun 27 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Bipartisan Bill Aims to Block Chinese AI From Federal Agencies

The proposal seeks to ban all use of the technology in the U.S. government, with exceptions for use in research and counterterrorism efforts.

The post Bipartisan Bill Aims to Block Chinese AI From Federal Agencies appeared first on SecurityWeek.

Man Who Hacked Organizations to Advertise Security Services Pleads Guilty

Nicholas Michael Kloster has pleaded guilty to computer hacking after targeting at least two organizations.

The post Man Who Hacked Organizations to Advertise Security Services Pleads Guilty appeared first on SecurityWeek.

Bonfy.AI Raises $9.5 Million for Adaptive Content Security Platform

Bonfy.AI has emerged from stealth mode to help organizations prevent cybersecurity, privacy and compliance risks.

The post Bonfy.AI Raises $9.5 Million for Adaptive Content Security Platform appeared first on SecurityWeek.

CISA Warns AMI BMC Vulnerability Exploited in the Wild

CISA is urging federal agencies to patch a recent AMI BMC vulnerability and a half-a-decade-old bug in FortiOS by July 17.

The post CISA Warns AMI BMC Vulnerability Exploited in the Wild appeared first on SecurityWeek.

Central Kentucky Radiology Data Breach Impacts 167,000

The personal information of 167,000 individuals was compromised in an October 2024 data breach at Central Kentucky Radiology.

The post Central Kentucky Radiology Data Breach Impacts 167,000 appeared first on SecurityWeek.

Security News – 2025-06-26

Thu Jun 26 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Thousands of SaaS Apps Could Still Be Susceptible to nOAuth

New research suggests more than 10,000 SaaS apps could remain vulnerable to a nOAuth variant despite the basic issue being disclosed in June 2023.

The post Thousands of SaaS Apps Could Still Be Susceptible to nOAuth appeared first on SecurityWeek.

Microsoft Offers Free Windows 10 Extended Security Update Options as EOS Nears

With end of support scheduled for October 2025, Windows 10 users will be able to continue receiving important security updates.

The post Microsoft Offers Free Windows 10 Extended Security Update Options as EOS Nears appeared first on SecurityWeek.

Hackers Abuse ConnectWise to Hide Malware

G Data has observed a surge in malware infections originating from ConnectWise applications with modified certificate tables.

The post Hackers Abuse ConnectWise to Hide Malware appeared first on SecurityWeek.

SonicWall Warns of Trojanized NetExtender Stealing User Information

SonicWall says a modified version of the legitimate NetExtender application contains information-stealing code.

The post SonicWall Warns of Trojanized NetExtender Stealing User Information appeared first on SecurityWeek.

New Vulnerabilities Expose Millions of Brother Printers to Hacking

Rapid7 has found several serious vulnerabilities affecting over 700 printer models from Brother and other vendors.

The post New Vulnerabilities Expose Millions of Brother Printers to Hacking appeared first on SecurityWeek.

Security News – 2025-06-25

Wed Jun 25 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Siemens Notifies Customers of Microsoft Defender Antivirus Issue

Siemens is working with Microsoft to address a Defender Antivirus problem that can lead to no malware alerts or plant disruptions.

The post Siemens Notifies Customers of Microsoft Defender Antivirus Issue appeared first on SecurityWeek.

Identity Is the New Perimeter: Why Proofing and Verification Are Business Imperatives

The future of secure digital engagement depends on continuous identity verification and proofing that can scale with risk.

The post Identity Is the New Perimeter: Why Proofing and Verification Are Business Imperatives appeared first on SecurityWeek.

Prometei Botnet Activity Spikes

Palo Alto Networks has observed a spike in Prometei activity since March 2025, pointing to a resurgence of the botnet.

The post Prometei Botnet Activity Spikes appeared first on SecurityWeek.

Chinese APT Hacking Routers to Build Espionage Infrastructure

A Chinese APT has been infecting SOHO routers with the ShortLeash backdoor to build stealthy espionage infrastructure.

The post Chinese APT Hacking Routers to Build Espionage Infrastructure appeared first on SecurityWeek.

Photo-Stealing Spyware Sneaks Into Apple App Store, Google Play

Newly discovered spyware has sneaked into Apple’s App Store and Google Play to steal images from users’ mobile devices.

The post Photo-Stealing Spyware Sneaks Into Apple App Store, Google Play appeared first on SecurityWeek.

Security News – 2025-06-24

Tue Jun 24 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

North Korean Hackers Take Over Victims’ Systems Using Zoom Meeting

North Korean hackers employ social engineering to trick Zoom Meeting participants into executing system-takeover commands.

The post North Korean Hackers Take Over Victims’ Systems Using Zoom Meeting appeared first on SecurityWeek.

China’s Salt Typhoon Hackers Target Canadian Telecom Firms

Canada’s Centre for Cyber Security and the FBI warn of Chinese hackers targeting telecommunications and other companies in Canada.

The post China’s Salt Typhoon Hackers Target Canadian Telecom Firms appeared first on SecurityWeek.

New AI Jailbreak Bypasses Guardrails With Ease

New "Echo Chamber" attack bypasses advanced LLM safeguards by subtly manipulating conversational context, proving highly effective across leading AI models.

The post New AI Jailbreak Bypasses Guardrails With Ease appeared first on SecurityWeek.

Critical Authentication Bypass Flaw Patched in Teleport

A critical-severity vulnerability in Teleport could allow remote attackers to bypass SSH authentication and access managed systems.

The post Critical Authentication Bypass Flaw Patched in Teleport appeared first on SecurityWeek.

743,000 Impacted by McLaren Health Care Data Breach

The personal information of 743,000 individuals was compromised in a 2024 ransomware attack on McLaren Health Care.

The post 743,000 Impacted by McLaren Health Care Data Breach appeared first on SecurityWeek.

Security News – 2025-06-23

Mon Jun 23 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Aflac said that it’s in the early stages of a review of the incident, and so far is unable to determine the total number of affected individuals.

The post Aflac Finds Suspicious Activity on US Network That May Impact Social Security Numbers, Other Data appeared first on SecurityWeek.

In Other News: Viasat Hacked by China, Washington Post Cyberattack, Crowhammer

Noteworthy stories that might have slipped under the radar: China’s Salt Typhoon targeted Viasat, Washington Post emails compromised in hack, Rowhammer attack named Crowhammer.

The post In Other News: Viasat Hacked by China, Washington Post Cyberattack, Crowhammer appeared first on SecurityWeek.

Record-Breaking 7.3 Tbps DDoS Attack Targets Hosting Provider

Cloudflare has blocked yet another record-breaking DDoS attack, which delivered the equivalent of 9,000 HD movies in just 45 seconds.

The post Record-Breaking 7.3 Tbps DDoS Attack Targets Hosting Provider appeared first on SecurityWeek.

Godfather Android Trojan Creates Sandbox on Infected Devices

The Godfather Android trojan uses on-device virtualization to hijack legitimate applications and steal users’ funds.

The post Godfather Android Trojan Creates Sandbox on Infected Devices appeared first on SecurityWeek.

Motors Theme Vulnerability Exploited to Hack WordPress Websites

Threat actors are exploiting a critical-severity vulnerability in Motors theme for WordPress to change arbitrary user passwords.

The post Motors Theme Vulnerability Exploited to Hack WordPress Websites appeared first on SecurityWeek.

Security News – 2025-06-22

Sun Jun 22 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Aflac said that it’s in the early stages of a review of the incident, and so far is unable to determine the total number of affected individuals.

The post Aflac Finds Suspicious Activity on US Network That May Impact Social Security Numbers, Other Data appeared first on SecurityWeek.

In Other News: Viasat Hacked by China, Washington Post Cyberattack, Crowhammer

Noteworthy stories that might have slipped under the radar: China’s Salt Typhoon targeted Viasat, Washington Post emails compromised in hack, Rowhammer attack named Crowhammer.

The post In Other News: Viasat Hacked by China, Washington Post Cyberattack, Crowhammer appeared first on SecurityWeek.

Record-Breaking 7.3 Tbps DDoS Attack Targets Hosting Provider

Cloudflare has blocked yet another record-breaking DDoS attack, which delivered the equivalent of 9,000 HD movies in just 45 seconds.

The post Record-Breaking 7.3 Tbps DDoS Attack Targets Hosting Provider appeared first on SecurityWeek.

Godfather Android Trojan Creates Sandbox on Infected Devices

The Godfather Android trojan uses on-device virtualization to hijack legitimate applications and steal users’ funds.

The post Godfather Android Trojan Creates Sandbox on Infected Devices appeared first on SecurityWeek.

Motors Theme Vulnerability Exploited to Hack WordPress Websites

Threat actors are exploiting a critical-severity vulnerability in Motors theme for WordPress to change arbitrary user passwords.

The post Motors Theme Vulnerability Exploited to Hack WordPress Websites appeared first on SecurityWeek.

Security News – 2025-06-21

Sat Jun 21 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

In Other News: Viasat Hacked by China, Washington Post Cyberattack, Crowhammer

Noteworthy stories that might have slipped under the radar: China’s Salt Typhoon targeted Viasat, Washington Post emails compromised in hack, Rowhammer attack named Crowhammer.

The post In Other News: Viasat Hacked by China, Washington Post Cyberattack, Crowhammer appeared first on SecurityWeek.

Record-Breaking 7.3 Tbps DDoS Attack Targets Hosting Provider

Cloudflare has blocked yet another record-breaking DDoS attack, which delivered the equivalent of 9,000 HD movies in just 45 seconds.

The post Record-Breaking 7.3 Tbps DDoS Attack Targets Hosting Provider appeared first on SecurityWeek.

Godfather Android Trojan Creates Sandbox on Infected Devices

The Godfather Android trojan uses on-device virtualization to hijack legitimate applications and steal users’ funds.

The post Godfather Android Trojan Creates Sandbox on Infected Devices appeared first on SecurityWeek.

Motors Theme Vulnerability Exploited to Hack WordPress Websites

Threat actors are exploiting a critical-severity vulnerability in Motors theme for WordPress to change arbitrary user passwords.

The post Motors Theme Vulnerability Exploited to Hack WordPress Websites appeared first on SecurityWeek.

FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks

WhatsApp told SecurityWeek that it linked the exploited FreeType vulnerability CVE-2025-27363 to a Paragon exploit.

The post FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks appeared first on SecurityWeek.

Security News – 2025-06-20

Fri Jun 20 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Predatory Sparrow Burns $90 Million on Iranian Crypto Exchange in Cyber Shadow War

Israel-linked Predatory Sparrow hackers torched more than $90 million at Iran’s largest cryptobank as Israel-Iran cyberwar escalates.

The post Predatory Sparrow Burns $90 Million on Iranian Crypto Exchange in Cyber Shadow War appeared first on SecurityWeek.

New Campaigns Distribute Malware via Open Source Hacking Tools

Trend Micro and ReversingLabs uncovered over 100 GitHub accounts distributing malware embedded in open source hacking tools.

The post New Campaigns Distribute Malware via Open Source Hacking Tools appeared first on SecurityWeek.

Chain IQ, UBS Data Stolen in Ransomware Attack

A ransomware group has claimed the theft of millions of files from procurement service provider Chain IQ and 19 other companies.

The post Chain IQ, UBS Data Stolen in Ransomware Attack appeared first on SecurityWeek.

Encryption Backdoors: The Security Practitioners’ View

After decades of failed attempts to access encrypted communications, governments are shifting from persuasion to coercion—security experts say the risks are too high.

The post Encryption Backdoors: The Security Practitioners’ View appeared first on SecurityWeek.

Krispy Kreme Confirms Data Breach After Ransomware Attack

Krispy Kreme is sending notifications to thousands of people impacted by the data breach that came to light at the end of 2024.

The post Krispy Kreme Confirms Data Breach After Ransomware Attack appeared first on SecurityWeek.

Security News – 2025-06-19

Thu Jun 19 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Russian Hackers Bypass Gmail MFA With App-Specific Password Ruse

Russian hackers posed as US State Department staff and convinced targets to generate and give up Google app-specific passwords.

The post Russian Hackers Bypass Gmail MFA With App-Specific Password Ruse appeared first on SecurityWeek.

Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection

Misconfigured permissions in Google’s Gerrit code collaboration platform could have led to the compromise of ChromiumOS and other Google projects.

The post Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection appeared first on SecurityWeek.

Critical Vulnerability Patched in Citrix NetScaler

Citrix has released patches for critical- and high-severity vulnerabilities in NetScaler and Secure Access Client and Workspace for Windows.

The post Critical Vulnerability Patched in Citrix NetScaler appeared first on SecurityWeek.

Linux Security: New Flaws Allow Root Access, CISA Warns of Old Bug Exploitation

Qualys has disclosed two Linux vulnerabilities that can be chained for full root access, and CISA added a flaw to its KEV catalog.

The post Linux Security: New Flaws Allow Root Access, CISA Warns of Old Bug Exploitation appeared first on SecurityWeek.

Mitigating AI Threats: Bridging the Gap Between AI and Legacy Security

Adopting a layered defense strategy that includes human-centric tools and updating security components.

The post Mitigating AI Threats: Bridging the Gap Between AI and Legacy Security appeared first on SecurityWeek.

Security News – 2025-06-18

Wed Jun 18 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

New ClickFix Malware Variant ‘LightPerlGirl’ Targets Users in Stealthy Hack

Researchers identify a previously unknown ClickFix variant exploiting PowerShell and clipboard hijacking to deliver the Lumma infostealer via a compromised travel site.

The post New ClickFix Malware Variant ‘LightPerlGirl’ Targets Users in Stealthy Hack appeared first on SecurityWeek.

Zyxel Firewall Vulnerability Again in Attacker Crosshairs

GreyNoise warns of a spike in exploitation attempts targeting a two-year-old vulnerability in Zyxel firewalls.

The post Zyxel Firewall Vulnerability Again in Attacker Crosshairs appeared first on SecurityWeek.

US Insurance Industry Warned of Scattered Spider Attacks

Google is warning insurance companies that Scattered Spider appears to have shifted its focus from the retail sector.

The post US Insurance Industry Warned of Scattered Spider Attacks appeared first on SecurityWeek.

Circumvent Raises $6 Million for Cloud Security Platform

Cloud security startup Circumvent has raised $6 million to develop a network of agents for autonomous prioritization and remediation.

The post Circumvent Raises $6 Million for Cloud Security Platform appeared first on SecurityWeek.

Organizations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers

CISA warns that a vulnerability impacting multiple discontinued TP-Link router models is exploited in the wild.

The post Organizations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers appeared first on SecurityWeek.

Security News – 2025-06-17

Tue Jun 17 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report

According to reports, the US Department of Justice will assess whether the deal would harm competition in the cybersecurity market.

The post Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report appeared first on SecurityWeek.

Archetyp Dark Web Market Shut Down by Law Enforcement

The Archetyp Market drug marketplace has been targeted by law enforcement in an operation involving takedowns and arrests.

The post Archetyp Dark Web Market Shut Down by Law Enforcement appeared first on SecurityWeek.

Asheville Eye Associates Says 147,000 Impacted by Data Breach

Asheville Eye Associates says the personal information of 147,000 individuals was stolen in a November 2024 data breach.

The post Asheville Eye Associates Says 147,000 Impacted by Data Breach appeared first on SecurityWeek.

Zoomcar Says Hackers Accessed Data of 8.4 Million Users

The Indian car sharing marketplace Zoomcar learned that its systems were hacked after a threat actor contacted employees.

The post Zoomcar Says Hackers Accessed Data of 8.4 Million Users appeared first on SecurityWeek.

240,000 Impacted by Data Breach at Eyecare Tech Firm Ocuco

The KillSec ransomware group has stolen hundreds of gigabytes of data from Ireland-based eyecare technology company Ocuco.

The post 240,000 Impacted by Data Breach at Eyecare Tech Firm Ocuco appeared first on SecurityWeek.

Security News – 2025-06-16

Mon Jun 16 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost

Noteworthy stories that might have slipped under the radar: Cloudflare outage not caused by cyberattack, Dutch police identified 126 users of Cracked.io, the Victoria’s Secret cyberattack has cost $10 million.

The post In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost appeared first on SecurityWeek.

TeamFiltration Abused in Entra ID Account Takeover Campaign

Threat actors have abused the TeamFiltration pentesting framework to target over 80,000 Entra ID user accounts.

The post TeamFiltration Abused in Entra ID Account Takeover Campaign appeared first on SecurityWeek.

Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday

Industry professionals comment on the Trump administration’s new executive order on cybersecurity.

The post Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday appeared first on SecurityWeek.

SimpleHelp Vulnerability Exploited Against Utility Billing Software Users

CISA warns that vulnerable SimpleHelp RMM instances have been exploited against a utility billing software provider’s customers.

The post SimpleHelp Vulnerability Exploited Against Utility Billing Software Users appeared first on SecurityWeek.

Fog Ransomware Attack Employs Unusual Tools

Multiple legitimate, unusual tools were used in a Fog ransomware attack, including one employed by Chinese hacking group APT41.

The post Fog Ransomware Attack Employs Unusual Tools appeared first on SecurityWeek.

Security News – 2025-06-15

Sun Jun 15 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost

The post In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost appeared first on SecurityWeek.

TeamFiltration Abused in Entra ID Account Takeover Campaign

Threat actors have abused the TeamFiltration pentesting framework to target over 80,000 Entra ID user accounts.

The post TeamFiltration Abused in Entra ID Account Takeover Campaign appeared first on SecurityWeek.

Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday

Industry professionals comment on the Trump administration’s new executive order on cybersecurity.

The post Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday appeared first on SecurityWeek.

SimpleHelp Vulnerability Exploited Against Utility Billing Software Users

CISA warns that vulnerable SimpleHelp RMM instances have been exploited against a utility billing software provider’s customers.

The post SimpleHelp Vulnerability Exploited Against Utility Billing Software Users appeared first on SecurityWeek.

Fog Ransomware Attack Employs Unusual Tools

Multiple legitimate, unusual tools were used in a Fog ransomware attack, including one employed by Chinese hacking group APT41.

The post Fog Ransomware Attack Employs Unusual Tools appeared first on SecurityWeek.

Security News – 2025-06-14

Sat Jun 14 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost

The post In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost appeared first on SecurityWeek.

TeamFiltration Abused in Entra ID Account Takeover Campaign

Threat actors have abused the TeamFiltration pentesting framework to target over 80,000 Entra ID user accounts.

The post TeamFiltration Abused in Entra ID Account Takeover Campaign appeared first on SecurityWeek.

Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday

Industry professionals comment on the Trump administration’s new executive order on cybersecurity.

The post Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday appeared first on SecurityWeek.

SimpleHelp Vulnerability Exploited Against Utility Billing Software Users

CISA warns that vulnerable SimpleHelp RMM instances have been exploited against a utility billing software provider’s customers.

The post SimpleHelp Vulnerability Exploited Against Utility Billing Software Users appeared first on SecurityWeek.

Fog Ransomware Attack Employs Unusual Tools

Multiple legitimate, unusual tools were used in a Fog ransomware attack, including one employed by Chinese hacking group APT41.

The post Fog Ransomware Attack Employs Unusual Tools appeared first on SecurityWeek.

Security News – 2025-06-13

Fri Jun 13 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones

Citizen Lab publishes forensic proof that spyware maker Paragon can compromise up-to-date iPhones. Journalists in Europe among victims.

The post Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones appeared first on SecurityWeek.

The AI Arms Race: Deepfake Generation vs. Detection

AI-generated voice deepfakes have crossed the uncanny valley, fueling a surge in fraud that outpaces traditional security measures. Detection technology is racing to keep up.

The post The AI Arms Race: Deepfake Generation vs. Detection appeared first on SecurityWeek.

Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior

Hirundo tackles AI hallucinations and bias by making trained models “forget” poisoned, malicious, and confidential data.

The post Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior appeared first on SecurityWeek.

New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches

The new attack technique uses smartwatches to capture ultrasonic covert communication in air-gapped environments and exfiltrate data.

The post New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches appeared first on SecurityWeek.

Webcast Video: Rethinking Endpoint Hardening for Today’s Attack Landscape

Learn how attackers hide in plain sight—and what you can do to stop them without slowing down your business.

The post Webcast Video: Rethinking Endpoint Hardening for Today’s Attack Landscape appeared first on SecurityWeek.

Security News – 2025-06-12

Thu Jun 12 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

With Retail Cyberattacks on the Rise, Customers Find Orders Blocked and Shelves Empty

Beyond potentially halting sales of physical goods, breaches can expose customers’ personal data to future phishing or fraud attempts.

The post With Retail Cyberattacks on the Rise, Customers Find Orders Blocked and Shelves Empty appeared first on SecurityWeek.

Securonix Acquires Threat Intelligence Firm ThreatQuotient

Cybersecurity heavyweight Securonix acquires ThreatQuotient to boost plans to build an all-in-one security operations stack.

The post Securonix Acquires Threat Intelligence Firm ThreatQuotient appeared first on SecurityWeek.

Maze Banks $25M to Tackle Cloud Security With AI Agents

Maze and its investors are betting on finding profits in software that uses AI-powered agents to automate critical parts of the process.

The post Maze Banks $25M to Tackle Cloud Security With AI Agents appeared first on SecurityWeek.

Flaw in Industrial Computer Maker’s UEFI Apps Enables Secure Boot Bypass on Many Devices

Vulnerable DTResearch UEFI firmware applications can be used in BYOVD attacks to bypass Secure Boot.

The post Flaw in Industrial Computer Maker’s UEFI Apps Enables Secure Boot Bypass on Many Devices appeared first on SecurityWeek.

Webinar Today: Rethinking Endpoint Hardening for Today’s Attack Landscape

Learn how attackers hide in plain sight—and what you can do to stop them without slowing down your business.

The post Webinar Today: Rethinking Endpoint Hardening for Today’s Attack Landscape appeared first on SecurityWeek.

Security News – 2025-06-11

Wed Jun 11 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

How Scammers Are Using AI to Steal College Financial Aid

Fake college enrollments have been surging as crime rings deploy “ghost students” — chatbots that join online classrooms and stay just long enough to collect a financial aid check.

The post How Scammers Are Using AI to Steal College Financial Aid appeared first on SecurityWeek.

Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce

Patch Tuesday: Adobe documents hundreds of bugs across multiple products and warns of code execution, feature bypass risks.

The post Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce appeared first on SecurityWeek.

Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’

Redmond warns that external control of a file name or path in WebDAV "allows an unauthorized attacker to execute code over a network."

The post Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’ appeared first on SecurityWeek.

Hackers Stole 300,000 Crash Reports From Texas Department of Transportation

The Texas Department of Transportation has disclosed a data breach impacting the personal information included in 300,000 crash reports.

The post Hackers Stole 300,000 Crash Reports From Texas Department of Transportation appeared first on SecurityWeek.

Swimlane Raises $45 Million for Security Automation Platform

Swimlane has raised $45 million in a growth funding round to fuel its global channel expansion and product innovation.

The post Swimlane Raises $45 Million for Security Automation Platform appeared first on SecurityWeek.

Security News – 2025-06-10

Tue Jun 10 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Chinese Hackers and User Lapses Turn Smartphones Into a ‘Mobile Security Crisis’

Foreign hackers have increasingly identified smartphones, other mobile devices and the apps they use as a weak link in U.S. cyberdefenses.

The post Chinese Hackers and User Lapses Turn Smartphones Into a ‘Mobile Security Crisis’ appeared first on SecurityWeek.

Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign

Anti-malware vendor said it spent the past twelve months deflecting a stream of network reconnaissance probes from China-nexus threat actors

The post Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign appeared first on SecurityWeek.

Guardz Banks $56M Series B for All-in-One SMB Security

The Israeli company said the Series B raise was led by ClearSky and included equity stakes for new backer Phoenix Financial.

The post Guardz Banks $56M Series B for All-in-One SMB Security appeared first on SecurityWeek.

Mirai Botnets Exploiting Wazuh Security Platform Vulnerability

CVE-2025-24016, a critical remote code execution vulnerability affecting Wazuh servers, has been exploited by Mirai botnets.

The post Mirai Botnets Exploiting Wazuh Security Platform Vulnerability appeared first on SecurityWeek.

React Native Aria Packages Backdoored in Supply Chain Attack

A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.

The post React Native Aria Packages Backdoored in Supply Chain Attack appeared first on SecurityWeek.

Security News – 2025-06-09

Mon Jun 09 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

In Other News: FBI Warns of BadBox 2, NSO Disputes WhatsApp Fine, 1,000 Leave CISA

Noteworthy stories that might have slipped under the radar: FBI issues an alert on BadBox 2 botnet, NSO disputing the $168 million WhatsApp fine, 1,000 people left CISA since Trump took office.

The post In Other News: FBI Warns of BadBox 2, NSO Disputes WhatsApp Fine, 1,000 Leave CISA appeared first on SecurityWeek.

Cybersecurity M&A Roundup: 42 Deals Announced in May 2025

The number of cybersecurity-related merger and acquisition (M&A) announcements surged in May 2025.

The post Cybersecurity M&A Roundup: 42 Deals Announced in May 2025 appeared first on SecurityWeek.

MIND Raises $30 Million for Data Loss Prevention

Data security firm MIND has raised $30 million in Series A funding to expand its R&D and go-to-market teams.

The post MIND Raises $30 Million for Data Loss Prevention appeared first on SecurityWeek.

Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure

A Russia-linked threat actor has used the destructive malware dubbed PathWiper against a critical infrastructure organization in Ukraine.

The post Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure appeared first on SecurityWeek.

Cisco Patches Critical ISE Vulnerability With Public PoC

Cisco has released patches for a critical vulnerability impacting cloud deployments of Identity Services Engine (ISE).

The post Cisco Patches Critical ISE Vulnerability With Public PoC appeared first on SecurityWeek.

Security News – 2025-06-08

Sun Jun 08 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

In Other News: FBI Warns of BadBox 2, NSO Disputes WhatsApp Fine, 1,000 Leave CISA

Noteworthy stories that might have slipped under the radar: FBI issues an alert on BadBox 2 botnet, NSO disputing the $168 million WhatsApp fine, 1,000 people left CISA since Trump took office.

The post In Other News: FBI Warns of BadBox 2, NSO Disputes WhatsApp Fine, 1,000 Leave CISA appeared first on SecurityWeek.

Cybersecurity M&A Roundup: 42 Deals Announced in May 2025

The number of cybersecurity-related merger and acquisition (M&A) announcements surged in May 2025.

The post Cybersecurity M&A Roundup: 42 Deals Announced in May 2025 appeared first on SecurityWeek.

MIND Raises $30 Million for Data Loss Prevention

Data security firm MIND has raised $30 million in Series A funding to expand its R&D and go-to-market teams.

The post MIND Raises $30 Million for Data Loss Prevention appeared first on SecurityWeek.

Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure

A Russia-linked threat actor has used the destructive malware dubbed PathWiper against a critical infrastructure organization in Ukraine.

The post Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure appeared first on SecurityWeek.

Cisco Patches Critical ISE Vulnerability With Public PoC

Cisco has released patches for a critical vulnerability impacting cloud deployments of Identity Services Engine (ISE).

The post Cisco Patches Critical ISE Vulnerability With Public PoC appeared first on SecurityWeek.

Security News – 2025-06-07

Sat Jun 07 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

In Other News: FBI Warns of BadBox 2, NSO Disputes WhatsApp Fine, 1,000 Leave CISA

Noteworthy stories that might have slipped under the radar: FBI issues an alert on BadBox 2 botnet, NSO disputing the $168 million WhatsApp fine, 1,000 people left CISA since Trump took office.

The post In Other News: FBI Warns of BadBox 2, NSO Disputes WhatsApp Fine, 1,000 Leave CISA appeared first on SecurityWeek.

Cybersecurity M&A Roundup: 42 Deals Announced in May 2025

The number of cybersecurity-related merger and acquisition (M&A) announcements surged in May 2025.

The post Cybersecurity M&A Roundup: 42 Deals Announced in May 2025 appeared first on SecurityWeek.

MIND Raises $30 Million for Data Loss Prevention

Data security firm MIND has raised $30 million in Series A funding to expand its R&D and go-to-market teams.

The post MIND Raises $30 Million for Data Loss Prevention appeared first on SecurityWeek.

Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure

A Russia-linked threat actor has used the destructive malware dubbed PathWiper against a critical infrastructure organization in Ukraine.

The post Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure appeared first on SecurityWeek.

Cisco Patches Critical ISE Vulnerability With Public PoC

Cisco has released patches for a critical vulnerability impacting cloud deployments of Identity Services Engine (ISE).

The post Cisco Patches Critical ISE Vulnerability With Public PoC appeared first on SecurityWeek.

Security News – 2025-06-06

Fri Jun 06 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Misconfigured HMIs Expose US Water Systems to Anyone With a Browser

Censys researchers follow some clues and find hundreds of control-room dashboards for US water utilities on the public internet.

The post Misconfigured HMIs Expose US Water Systems to Anyone With a Browser appeared first on SecurityWeek.

Backdoored Open Source Malware Repositories Target Novice Cybercriminals

A threat actor has been creating backdoored open source malware repositories to target novice cybercriminals and game cheaters.

The post Backdoored Open Source Malware Repositories Target Novice Cybercriminals appeared first on SecurityWeek.

Controversial Firms Cellebrite and Corellium Announce $200 Million Acquisition Deal

Cellebrite and Corellium, whose names have been mentioned in spyware stories, are joining forces to provide advanced investigative solutions.

The post Controversial Firms Cellebrite and Corellium Announce $200 Million Acquisition Deal appeared first on SecurityWeek.

Men Who Hacked Law Enforcement Database for Doxing Sentenced to Prison

Sagar Steven Singh and Nicholas Ceraolo, members of the Vile group, get prison sentences for identity theft and hacking.

The post Men Who Hacked Law Enforcement Database for Doxing Sentenced to Prison appeared first on SecurityWeek.

ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware

Researchers have discovered and analyzed a ClickFix attack that uses a fake Cloudflare ‘humanness’ check.

The post ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware appeared first on SecurityWeek.

Security News – 2025-06-05

Thu Jun 05 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Google Warns of Vishing, Extortion Campaign Targeting Salesforce Customers

A financially motivated threat actor employing vishing to compromise Salesforce customers, and extort them.

The post Google Warns of Vishing, Extortion Campaign Targeting Salesforce Customers appeared first on SecurityWeek.

AI is transforming the cybersecurity landscape—empowering attackers with powerful new tools while offering defenders a chance to fight back. But without stronger awareness and strategy, organizations risk falling behind.

The post Going Into the Deep End: Social Engineering and the AI Flood appeared first on SecurityWeek.

Compyl Raises $12 Million for GRC Platform

Compyl has raised $12 million in a Series A funding round that will be invested in go-to-market initiatives, hirings, and GRC platform expansion.

The post Compyl Raises $12 Million for GRC Platform appeared first on SecurityWeek.

Ramnit Malware Infections Spike in OT as Evidence Suggests ICS Shift

Industrial giant Honeywell has published its 2025 Cybersecurity Threat Report with information on the latest trends.

The post Ramnit Malware Infections Spike in OT as Evidence Suggests ICS Shift appeared first on SecurityWeek.

Webinar Today: Redefining Vulnerability Management With Exposure Validation

Learn why your security controls matter more than theoretical risk scores and how exposure validation helps slash massive patch lists down to the few vulnerabilities that truly demand action.

The post Webinar Today: Redefining Vulnerability Management With Exposure Validation appeared first on SecurityWeek.

Security News – 2025-06-04

Wed Jun 04 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Trustifi Raises $25 Million for AI-Powered Email Security

Trustifi has raised $25 million in Series A funding to accelerate its product roadmap and go-to-market initiatives.

The post Trustifi Raises $25 Million for AI-Powered Email Security appeared first on SecurityWeek.

The UK Brings Cyberwarfare Out of the Closet

The UK’s 2025 Strategic Defence Review outlines a unified approach to modern warfare, integrating cyber, AI, and electromagnetic capabilities across military domains.

The post The UK Brings Cyberwarfare Out of the Closet appeared first on SecurityWeek.

Mikko Hypponen Leaves Anti-Malware Industry to Fight Against Drones

Mikko Hypponen has joined the Finnish anti-drone company Sensofusion as Chief Research Officer after three decades of fighting malware.

The post Mikko Hypponen Leaves Anti-Malware Industry to Fight Against Drones appeared first on SecurityWeek.

Why Scamming Can’t Be Stopped—But It Can Be Managed

With crime-as-a-service lowering the barrier to entry and prosecution lagging behind, enterprise security teams must rethink their strategies to detect and disrupt scams at scale.

The post Why Scamming Can’t Be Stopped—But It Can Be Managed appeared first on SecurityWeek.

1,000 Instantel Industrial Monitoring Devices Possibly Exposed to Hacking

A critical command execution vulnerability has been found by a researcher in Instantel Micromate monitoring units.

The post 1,000 Instantel Industrial Monitoring Devices Possibly Exposed to Hacking appeared first on SecurityWeek.

Security News – 2025-06-03

Tue Jun 03 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed

Luxury brand Cartier disclosed a data breach in which an unauthorized party gained access to its systems and obtained some client information.

The post Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed appeared first on SecurityWeek.

Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure

Cryptocurrency mining operation hits exposed Consul dashboards, Docker Engine APIs and Gitea code-hosting instances to push Monero miner.

The post Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure appeared first on SecurityWeek.

Qualcomm Flags Exploitation of Adreno GPU Flaws, Urges OEMs to Patch Urgently

Chipmaker says there are indications from Google Threat Analysis Group that a trio of flaws “may be under limited, targeted exploitation.”

The post Qualcomm Flags Exploitation of Adreno GPU Flaws, Urges OEMs to Patch Urgently appeared first on SecurityWeek.

vBulletin Vulnerability Exploited in the Wild

Exploitation of the vBulletin vulnerability tracked as CVE-2025-48827 and CVE-2025-48828 started shortly after disclosure.

The post vBulletin Vulnerability Exploited in the Wild appeared first on SecurityWeek.

Chrome to Distrust Chunghwa Telecom and Netlock Certificates

Patterns of concerning behavior led Google to remove trust in certificates from Chunghwa Telecom and Netlock from Chrome.

The post Chrome to Distrust Chunghwa Telecom and Netlock Certificates appeared first on SecurityWeek.

Security News – 2025-06-02

Mon Jun 02 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Firebase, Google Apps Script Abused in Fresh Phishing Campaigns

Security researchers flag two phishing campaigns abusing Firebase and Google Apps Script to host malware and fake login pages.

The post Firebase, Google Apps Script Abused in Fresh Phishing Campaigns appeared first on SecurityWeek.

US Sanctions Philippine Company for Supporting Crypto Scams

The US Treasury Department US has slapped sanctions on Funnull Technology for providing support to cryptocurrency investment scams.

The post US Sanctions Philippine Company for Supporting Crypto Scams appeared first on SecurityWeek.

Watch Now: Why Context is a Secret Weapon in Application Security Posture Management

Join the live webinar to understand why data in itself is not enough to make informed decisions for prioritization.

The post Watch Now: Why Context is a Secret Weapon in Application Security Posture Management appeared first on SecurityWeek.

Chinese Hacking Group APT41 Exploits Google Calendar to Target Governments

China-linked hackers used a compromised government site to target other government entities with the ToughProgress malware that uses an attacker-controlled Google Calendar for C&C.

The post Chinese Hacking Group APT41 Exploits Google Calendar to Target Governments appeared first on SecurityWeek.

MITRE Publishes Post-Quantum Cryptography Migration Roadmap

The roadmap provides an overview of four key stages of the migration process, namely preparation, baseline understanding, planning and execution, and monitoring and evaluation.

The post MITRE Publishes Post-Quantum Cryptography Migration Roadmap appeared first on SecurityWeek.

Security News – 2025-06-01

Sun Jun 01 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Firebase, Google Apps Script Abused in Fresh Phishing Campaigns

Security researchers flag two phishing campaigns abusing Firebase and Google Apps Script to host malware and fake login pages.

The post Firebase, Google Apps Script Abused in Fresh Phishing Campaigns appeared first on SecurityWeek.

US Sanctions Philippine Company for Supporting Crypto Scams

The US Treasury Department US has slapped sanctions on Funnull Technology for providing support to cryptocurrency investment scams.

The post US Sanctions Philippine Company for Supporting Crypto Scams appeared first on SecurityWeek.

Watch Now: Why Context is a Secret Weapon in Application Security Posture Management

Join the live webinar to understand why data in itself is not enough to make informed decisions for prioritization.

The post Watch Now: Why Context is a Secret Weapon in Application Security Posture Management appeared first on SecurityWeek.

Chinese Hacking Group APT41 Exploits Google Calendar to Target Governments

China-linked hackers used a compromised government site to target other government entities with the ToughProgress malware that uses an attacker-controlled Google Calendar for C&C.

The post Chinese Hacking Group APT41 Exploits Google Calendar to Target Governments appeared first on SecurityWeek.

MITRE Publishes Post-Quantum Cryptography Migration Roadmap

The roadmap provides an overview of four key stages of the migration process, namely preparation, baseline understanding, planning and execution, and monitoring and evaluation.

The post MITRE Publishes Post-Quantum Cryptography Migration Roadmap appeared first on SecurityWeek.

Security News – 2025-05-31

Sat May 31 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Firebase, Google Apps Script Abused in Fresh Phishing Campaigns

Security researchers flag two phishing campaigns abusing Firebase and Google Apps Script to host malware and fake login pages.

The post Firebase, Google Apps Script Abused in Fresh Phishing Campaigns appeared first on SecurityWeek.

US Sanctions Philippine Company for Supporting Crypto Scams

The US Treasury Department US has slapped sanctions on Funnull Technology for providing support to cryptocurrency investment scams.

The post US Sanctions Philippine Company for Supporting Crypto Scams appeared first on SecurityWeek.

Watch Now: Why Context is a Secret Weapon in Application Security Posture Management

Join the live webinar to understand why data in itself is not enough to make informed decisions for prioritization.

The post Watch Now: Why Context is a Secret Weapon in Application Security Posture Management appeared first on SecurityWeek.

Chinese Hacking Group APT41 Exploits Google Calendar to Target Governments

China-linked hackers used a compromised government site to target other government entities with the ToughProgress malware that uses an attacker-controlled Google Calendar for C&C.

The post Chinese Hacking Group APT41 Exploits Google Calendar to Target Governments appeared first on SecurityWeek.

MITRE Publishes Post-Quantum Cryptography Migration Roadmap

The roadmap provides an overview of four key stages of the migration process, namely preparation, baseline understanding, planning and execution, and monitoring and evaluation.

The post MITRE Publishes Post-Quantum Cryptography Migration Roadmap appeared first on SecurityWeek.

Security News – 2025-05-30

Fri May 30 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Chinese Hacking Group ‘Earth Lamia’ Targets Multiple Industries

Active since at least 2023, the hacking group has been targeting the financial, government, IT, logistics, retail, and education sectors.

The post Chinese Hacking Group ‘Earth Lamia’ Targets Multiple Industries appeared first on SecurityWeek.

Unbound Raises $4 Million to Secure Gen-AI Adoption

Security startup Unbound has raised $4 million in funding to help organizations adopt generative-AI tools securely and responsibly.

The post Unbound Raises $4 Million to Secure Gen-AI Adoption appeared first on SecurityWeek.

GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability

Professional hackers have built a network of ASUS routers that can survive firmware upgrades, factory reboots and most anti-malware scans.

The post GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability appeared first on SecurityWeek.

Victoria’s Secret Website Taken Offline After Cyberattack

Website remains offline following suspected cyber incident, as experts warn of escalating threats targeting major retailers

The post Victoria’s Secret Website Taken Offline After Cyberattack appeared first on SecurityWeek.

Adidas Data Breach Linked to Third-Party Vendor

Adidas said hackers accessed a “third-party customer service provider” and stole customer information.

The post Adidas Data Breach Linked to Third-Party Vendor appeared first on SecurityWeek.

Security News – 2025-05-29

Thu May 29 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Victoria’s Secret Website Taken Offline After Cyberattack

Website remains offline following suspected cyber incident, as experts warn of escalating threats targeting major retailers

The post Victoria’s Secret Website Taken Offline After Cyberattack appeared first on SecurityWeek.

Adidas Data Breach Linked to Third-Party Vendor

Adidas said hackers accessed a “third-party customer service provider” and stole customer information.

The post Adidas Data Breach Linked to Third-Party Vendor appeared first on SecurityWeek.

Webinar Today: Why Context is a Secret Weapon in Application Security Posture Management

Join the live webinar to understand why data in itself is not enough to make informed decisions for prioritization.

The post Webinar Today: Why Context is a Secret Weapon in Application Security Posture Management appeared first on SecurityWeek.

Beyond GenAI: Why Agentic AI Was the Real Conversation at RSA 2025

Agentic AI can be a great tool for many of the ‘gray area’ tasks that SOC analysts undertake.

The post Beyond GenAI: Why Agentic AI Was the Real Conversation at RSA 2025 appeared first on SecurityWeek.

MATLAB Maker MathWorks Recovering From Ransomware Attack

The incident impacted multiple web and mobile applications, licensing services, downloads and online store, website, wiki, MathWorks accounts, and other services.

The post MATLAB Maker MathWorks Recovering From Ransomware Attack appeared first on SecurityWeek.

Security News – 2025-05-28

Wed May 28 2025 00:00:00 GMT+0000 (Coordinated Universal Time)