Home
Products & Services
Technology
Medical
Security
Home
Products & Services
Technology
Medical
Security
Security
Updates
LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer
LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through fake GitHub repositories that distribute malware-laced programs masquerading as legitimate tools. "In the case of LastPass, the fraudulent rep
20-09-2025 12:37
Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell
Cybersecurity researchers have discovered what they say is the earliest example known to date of a malware with that bakes in Large Language Model (LLM) capabilities. The malware has been codenamed MalTerminal by SentinelOne SentinelLABS research team. T
20-09-2025 11:18
ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent
Cybersecurity researchers have disclosed a zero-click flaw in OpenAI ChatGPT's Deep Research agent that could allow an attacker to leak sensitive Gmail inbox data with a single crafted email without any user action. The new class of attack has been coden
20-09-2025 11:01
UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware
An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 devices across 11 organizations as part of a recruitment-themed activity on LinkedIn.
19-09-2025 21:36
Scattered Spider Hackers Charged in Connection With Transport for London Attack
Victims collectively paid more than $115 million in ransomware payments, law enforcement said. The post appeared first on .
19-09-2025 21:16
SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers
A proxy network known as REM Proxy is powered by malware known as SystemBC, offering about 80% of the botnet to its users, according to new findings from the Black Lotus Labs team at Lumen Technologies. "REM Proxy is a sizeable network, which also market
19-09-2025 19:56
Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability
Fortra has disclosed details of a critical security flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution of arbitrary commands. The vulnerability, tracked as CVE-2025-10035, carries a CVSS score of 10.0, indicating m
19-09-2025 19:42
17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge
The phishing-as-a-service (PhaaS) offering known as Lighthouse and Lucid has been linked to more than 17,500 phishing domains targeting 316 brands from 74 countries. "Phishing-as-a-Service (PhaaS) deployments have risen significantly recently," Netcraft
19-09-2025 19:32
How To Automate Alert Triage With AI Agents and Confluence SOPs Using Tines
Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition
19-09-2025 16:30
In Other News: 600k Hit by Healthcare Breaches, Major ShinyHunters Hacks, DeepSeek’s Coding Bias
Noteworthy stories that might have slipped under the radar: Eve Security seed funding, Claroty report, patches from WatchGuard and Nokia. The post appeared first on .
19-09-2025 14:27
Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine
Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and co-comprise Ukrainian entities. Slovak cybersecurity company ESET said it observed the Gamaredon tools PteroGraphin a
19-09-2025 13:54
Turla and Gamaredon Working Together in Fresh Ukrainian Intrusions
Turla malware was deployed in February on select systems that Gamaredon had compromised in January. The post appeared first on .
19-09-2025 13:36
U.K. Arrests Two Teen Scattered Spider Hackers Linked to August 2024 TfL Cyber Attack
Law enforcement authorities in the U.K. have arrested two teen members of the Scattered Spider hacking group in connection with their alleged participation in an August 2024 cyber attack targeting Transport for London (TfL), the city's public transportat
19-09-2025 12:35
CISA Analyzes Malware From Ivanti EPMM Intrusions
Hackers chained two Ivanti EPMM vulnerabilities to collect system information, dump credentials, and execute malware. The post appeared first on .
19-09-2025 11:19
ChatGPT Tricked Into Solving CAPTCHAs
The AI agent was able to solve different types of CAPTCHAs and adjusted its cursor movements to better mimic human behavior. The post appeared first on .
19-09-2025 11:12
Netskope Raises Over $908 Million in IPO
Netskope has debuted on Nasdaq and its shares soared more than 18%, bringing the company’s value to $8.6 billion. The post appeared first on .
19-09-2025 10:36
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of two sets of malware that were discovered in an unnamed organization's network following the exploitation of security flaws in Ivanti Endpoint Manager Mobile
19-09-2025 09:40
Two Scattered Spider Suspects Arrested in UK; One Charged in US
Thalha Jubair and Owen Flowers were charged in the UK and the US with hacking critical infrastructure organizations. The post appeared first on .
19-09-2025 09:27
Unpatched Vulnerabilities Expose Novakon HMIs to Remote Hacking
Novakon HMIs are affected by remote code execution and information exposure vulnerabilities. The post appeared first on .
19-09-2025 07:53
SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers
SonicWall is urging customers to reset credentials after their firewall configuration backup files were exposed in a security breach impacting MySonicWall accounts. The company said it recently detected suspicious activity targeting the cloud backup serv
18-09-2025 19:42
CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader
Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to deliver post-exploitation tools like Cobalt Strike and AdaptixC2, and a remote access trojan known as PureHVNC RA
18-09-2025 18:26
SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers
Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows systems. "SilentSync is capable of remote command executio
18-09-2025 17:08
How CISOs Can Drive Effective AI Governance
AI’s growing role in enterprise environments has heightened the urgency for Chief Information Security Officers (CISOs) to drive effective AI governance. When it comes to any emerging technology, governance is hard – but effective governance is even hard
18-09-2025 17:00
ChatGPT Targeted in Server-Side Data Theft Attack
OpenAI has fixed this zero-click attack method called by researchers ShadowLeak. The post appeared first on .
18-09-2025 14:30
Watch Now: Attack Surface Management Summit – All Sessions Available
Videos from SecurityWeek's Attack Surface Management Virtual Summit are now available to watch on demand. The post appeared first on .
18-09-2025 12:21
Tiffany Data Breach Impacts Thousands of Customers
The high-end jewelry retailer is informing customers in the United States and Canada that hackers accessed information related to gift cards. The post appeared first on .
18-09-2025 11:48
Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions
Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been exploited in the wild. The zero-day vulnerability in question is CVE-2025-10585, which has been described as a t
18-09-2025 11:19
Threat Actor Infests Hotels With New RAT
RevengeHotels has been targeting hotels in Brazil and Spanish-speaking regions with VenomRAT implants in 2025. The post appeared first on .
18-09-2025 11:17
SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations
The company sent a new preferences file to less than 5% of customers, urging them to import it into firewalls and reset their passwords. The post appeared first on .
18-09-2025 09:41
Small businesses, big targets: Protecting your business against ransomware
Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprises
18-09-2025 09:00
Nearly 250,000 Impacted by Data Breach at Medical Associates of Brevard
The BianLian ransomware group took credit for the cyberattack on the healthcare organization in January 2025. The post appeared first on .
18-09-2025 08:38
Israeli Cyber Fund Glilot Capital Raises $500 Million
The top-performing venture fund heavily invests in startups building cybersecurity, AI, and enterprise software. The post appeared first on .
18-09-2025 08:11
Chrome 140 Update Patches Sixth Zero-Day of 2025
An exploited type confusion in the V8 JavaScript engine tracked as CVE-2025-10585 was found by Google Threat Analysis Group this week. The post appeared first on .
18-09-2025 07:54
Break Into Cybersecurity with 38 Hours of Training — Now Less Than $25 for Life
Build job-ready cybersecurity skills with 38 hours of self-paced training from this lifetime bundle. The post appeared first on .
18-09-2025 07:40
Insight Partners Confirms Data Breach Result of Ransomware Attack
Venture capital firm Insight Partners says the data breach disclosed in February 2025 impacts over 12,000 people. The post appeared first on .
18-09-2025 07:31
TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks
The threat actor known as TA558 has been attributed to a fresh set of attacks delivering various remote access trojans (RATs) like Venom RAT to breach hotels in Brazil and Spanish-speaking markets. Russian cybersecurity vendor Kaspersky is tracking the a
18-09-2025 00:00
From Quantum Hacks to AI Defenses – Expert Guide to Building Unbreakable Cyber Resilience
Quantum computing and AI working together will bring incredible opportunities. Together, the technologies will help us extend innovation further and faster than ever before. But, imagine the flip side, waking up to news that hackers have used a quantum c
17-09-2025 18:26
Chinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy Experts
A China-aligned threat actor known as TA415 has been attributed to spear-phishing campaigns targeting the U.S. government, think tanks, and academic organizations utilizing U.S.-China economic-themed lures. "In this activity, the group masqueraded as the
17-09-2025 18:26
Apple Releases iOS 26, macOS Tahoe 26 and 50+ Security Fixes
Apple just fixed more than 50 security flaws across iPhone, iPad, Mac, Watch, TV, and Vision Pro. The post appeared first on .
17-09-2025 17:29
Rethinking AI Data Security: A Buyer's Guide
Generative AI has gone from a curiosity to a cornerstone of enterprise productivity in just a few short years. From copilots embedded in office suites to dedicated large language model (LLM) platforms, employees now rely on these tools to code, analyze,
17-09-2025 16:33
Virtual Event Today: Attack Surface Management Summit
SecurityWeek's Attack Surface Management Virtual Summit is now LIVE and runs today from 11AM – 4PM ET. The post appeared first on .
17-09-2025 14:47
Irregular Raises $80 Million for AI Security Testing Lab
Irregular is testing the cybersecurity capabilities of AI models, including Anthropic’s Claude and OpenAI’s ChatGPT. The post appeared first on .
17-09-2025 14:22
Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims
Cybersecurity researchers have tied a fresh round of cyber attacks targeting financial services to the notorious cybercrime group known as Scattered Spider, casting doubt on their claims of going "dark." Threat intelligence firm ReliaQuest said it has ob
17-09-2025 14:19
RegScale Raises $30 Million for GRC Platform
RegScale has raised a total of more than $50 million, with the latest investment being used to enhance its platform and expand. The post appeared first on .
17-09-2025 13:39
Details Emerge on Chinese Hacking Operation Impersonating US Lawmaker
The campaign targeted US government, think tank, and academic entities involved in US-China relations, international trade, and economic policy. The post appeared first on .
17-09-2025 12:59
BreachForums Owner Sent to Prison in Resentencing
Conor Fitzpatrick, who pleaded guilty in July 2023, was sentenced last year to time served and supervised release. The post appeared first on .
17-09-2025 12:13
Scalekit Raises $5.5 Million to Secure AI Agent Authentication
The startup provides an authentication stack that secures both incoming authentication and outgoing agent actions. The post appeared first on .
17-09-2025 12:03
DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM
The U.S. Department of Justice (DoJ) on Tuesday resentenced the former administrator of BreachForums to three years in prison in connection with his role in running the cybercrime forum and possessing child sexual abuse material (CSAM). Conor Brian Fitzp
17-09-2025 11:50
Decade-Old Pixie Dust Wi-Fi Hack Still Impacts Many Devices
NetRise has identified 20 device models from six vendors that are still vulnerable to Pixie Dust attacks. The post appeared first on .
17-09-2025 11:12
RaccoonO365 Phishing Network Dismantled as Microsoft, Cloudflare Take Down 338 Domains
Microsoft's Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that was behind a phishing-as-a-service (Phaas) toolkit used to steal more than 5,000 Mic
17-09-2025 10:01
Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit
The packages were injected with malicious code to harvest secrets, dump them to a public repository, and make private repositories public. The post appeared first on .
17-09-2025 09:09
RaccoonO365 Phishing Service Disrupted, Leader Identified
Microsoft and Cloudflare have teamed up to take down the infrastructure used by RaccoonO365. The post appeared first on .
17-09-2025 08:45
CrowdStrike to Acquire Pangea to Launch AI Detection and Response (AIDR)
Acquisition extends CrowdStrike’s Falcon platform into AI security, introducing AI Detection and Response (AIDR) to protect enterprise models, agents, and applications across the full AI lifecycle. The post appeared first on .
16-09-2025 22:26
Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover
Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments. "Attackers need only minimal in-cluster network access to exploi
16-09-2025 21:53
SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids
A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories. "These apps deliver their fraud payload using steganography and create hidden WebVie
16-09-2025 19:49
Check Point to Acquire AI Security Firm Lakera
Move highlights rising demand for AI-native security as enterprises face new risks from generative models and autonomous agents The post appeared first on .
16-09-2025 18:47
New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site
Cybersecurity researchers have warned of a new campaign that's leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware. "The observed campaign uses a highly convincing, multilingual phishing site (e
16-09-2025 18:03
Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result
16-09-2025 16:36
Securing the Agentic Era: Introducing Astrix's AI Agent Control Plane
AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making decisions about which systems to access and how to use them. But as agents grow in power and autonomy, so do the
16-09-2025 16:30
Security Analytics Firm Vega Emerges From Stealth With $65M in Funding
Vega provides security analytics and operations solutions designed to help organizations detect and respond to threats. The post appeared first on .
16-09-2025 14:05
Ray Security Emerges From Stealth With $11M to Bring Real-Time, AI-Driven Data Protection
Tel Aviv, Israel-based Ray Security emerged from stealth with $11 million seed funding and a desire to change the way corporate data is protected. The funding was co-led by Venture Guides and Ibex Investors. The post appeared first on .
16-09-2025 13:45
Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds
A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5) memory chips from South Korean semiconductor vendor SK Hynix. The RowHammer attack variant, codenamed Phoenix (CVE-2025-
16-09-2025 12:57
Security Industry Skeptical of Scattered Spider-ShinyHunters Retirement Claims
The notorious cybercrime groups claim they are going dark, but experts believe they will continue their activities. The post appeared first on .
16-09-2025 12:42
HybridPetya: The Petya/NotPetya copycat comes with a twist
HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality
16-09-2025 11:33
Neon Cyber Emerges from Stealth, Shining a Light into the Browser
Neon Cyber argues that phishing, social engineering, and insider threats demand protections that follow users into the browser, where most attacks now begin. The post appeared first on .
16-09-2025 11:30
Rowhammer Attack Demonstrated Against DDR5
Researchers devise Phoenix, a new Rowhammer attack that achieves root on DDR5 systems in less than two minutes. The post appeared first on .
16-09-2025 11:28
ChatGPT’s Calendar Integration Can Be Exploited to Steal Emails
Researchers show how a crafted calendar invite can trigger ChatGPT to exfiltrate sensitive emails. The post appeared first on .
16-09-2025 10:51
Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. "The compromised versions include a function (NpmModule.updatePackage) tha
16-09-2025 10:30
40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. "The compromised versions include a function (NpmModule.updatePackage) tha
16-09-2025 10:30
Fraud Prevention Company SEON Raises $80 Million in Series C Funding
The company will invest in its AI and real-time detection platform, in global expansion, and in strategic partnerships. The post appeared first on .
16-09-2025 10:00
Apple Rolls Out iOS 26, macOS Tahoe 26 With Patches for Over 50 Vulnerabilities
Apple has announced major mobile and desktop platform releases and addressed an exploited bug in older platforms. The post appeared first on .
16-09-2025 08:44
Endpoint Security Firm Remedio Raises $65 Million in First Funding Round
The bootstrapped company will invest in an AI-powered unified enterprise platform combining configuration, compliance, patching, and vulnerability management. The post appeared first on .
16-09-2025 08:29
Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs
The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk. "The worm only executes on devices with Thailand-based IP addresses a
16-09-2025 00:15
689,000 Affected by Insider Breach at FinWise Bank
A former FinWise employee gained access to American First Finance customer information. The post appeared first on .
15-09-2025 18:02
Zero Trust Is 15 Years Old — Why Full Adoption Is Worth the Struggle
Fifteen years after its debut, Zero Trust remains the gold standard in cybersecurity theory — but its uneven implementation leaves organizations both stronger and dangerously exposed. The post appeared first on .
15-09-2025 18:02
6 Browser-Based Attacks Security Teams Need to Prepare For Right Now
Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we’ll explore what a “browser-based attack” is, and why they’re proving to be so effective. What is a browser-based attack? First, it’
15-09-2025 17:25
⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More
In a world where threats are persistent, the modern CISO’s real job isn't just to secure technology—it's to preserve institutional trust and ensure business continuity. This week, we saw a clear pattern: adversaries are targeting the complex relationship
15-09-2025 16:52
Skip Geo-Blocks, Not Security with This Lifetime $50 DNS & VPN
Unlock 500+ channels and secure your browsing with Getflix Smart DNS & VPN lifetime access — a 66% savings.
15-09-2025 15:08
Silent Push Raises $10 Million for Threat Intelligence Platform
Silent Push, which provides Indicators of Future Attack, has raised a total of $32 million in funding. The post appeared first on .
15-09-2025 14:45
Terra Security Raises $30 Million for AI Penetration Testing Platform
The Israeli cybersecurity startup plans to expand its offensive security offering to cover more enterprise attack surface. The post appeared first on .
15-09-2025 13:23
AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns
A new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository, raising concerns that it could be repurposed by cybercriminals for ma
15-09-2025 12:42
HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks
Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware. "The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely
15-09-2025 11:17
FBI Shares IoCs for Recent Salesforce Intrusion Campaigns
The cybercrime groups tracked as UNC6040 and UNC6395 have been extorting organizations after stealing data from their Salesforce instances. The post appeared first on .
15-09-2025 11:16
Google Launched Behind-the-Scenes Campaign Against California Privacy Legislation; It Passed Anyway
In April, Rhode Island resident Navah Hopkins received a plea for her help to defeat legislation thousands of miles away in California. The ask came from Google, maker of the world’s most used web browser, Chrome. The tech giant sent a message to an emai
15-09-2025 10:55
West Virginia Credit Union Notifying 187,000 People Impacted by 2023 Data Breach
Two years after the fact, Fairmont Federal Credit Union tells customers their personal, financial, and medical information was compromised. The post appeared first on .
15-09-2025 09:45
Samsung Patches Zero-Day Exploited Against Android Users
Reported by Meta and WhatsApp, the vulnerability leads to remote code execution and was likely exploited by a spyware vendor. The post appeared first on .
15-09-2025 08:08
FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks
The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for a string of data theft and extortion attacks. "Both groups hav
13-09-2025 14:34
Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks
Samsung has released its monthly security updates for Android, including a fix for a security vulnerability that it said has been exploited in zero-day attacks. The vulnerability, CVE-2025-21043 (CVSS score: 8.8), concerns an out-of-bounds write that cou
12-09-2025 20:46
Apple Warns French Users of Fourth Spyware Campaign in 2025, CERT-FR Confirms
Apple has notified users in France of a spyware campaign targeting their devices, according to the Computer Emergency Response Team of France (CERT-FR). The agency said the alerts were sent out on September 3, 2025, making it the fourth time this year th
12-09-2025 20:19
New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit
Cybersecurity researchers have discovered a new ransomware strain dubbed HybridPetya that resembles the notorious Petya/NotPetya malware, while also incorporating the ability to bypass the Secure Boot mechanism in Unified Extensible Firmware Interface (U
12-09-2025 17:20
Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software to its Known Exploited Vulnerabilities (KEV) catalog,
12-09-2025 16:33
In Other News: $900k for XSS Bugs, HybridPetya Malware, Burger King Censors Research
Noteworthy stories that might have slipped under the radar: Huntress research raises concerns, Google paid out $1.6 million for cloud vulnerabilities, California web browser bill. The post appeared first on .
12-09-2025 14:26
Cloud-Native Security in 2025: Why Runtime Visibility Must Take Center Stage
The security landscape for cloud-native applications is undergoing a profound transformation. Containers, Kubernetes, and serverless technologies are now the default for modern enterprises, accelerating delivery but also expanding the attack surface in w
12-09-2025 13:30
DELMIA Factory Software Vulnerability Exploited in Attacks
A deserialization of untrusted data in the MOM software allows attackers to achieve remote code execution. The post appeared first on .
12-09-2025 12:55
Apple Sends Fresh Wave of Spyware Notifications to French Users
Apple this year sent at least four rounds of notifications to French users potentially targeted by commercial spyware. The post appeared first on .
12-09-2025 12:03
F5 to Acquire CalypsoAI for $180 Million
F5 is buying CalypsoAI for its adaptive AI inference security solutions, which will be integrated into its Application Delivery and Security Platform. The post appeared first on .
12-09-2025 11:22
CISA: CVE Program to Focus on Vulnerability Data Quality
CISA says it is time for the CVE Program to focus on improving trust, responsiveness, and the caliber of vulnerability data. The post appeared first on .
12-09-2025 10:53
Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories
A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program. The issue stems from the fact that an out-of-the-bo
12-09-2025 10:19
VMScape: Academics Break Cloud Isolation With New Spectre Attack
Exploiting incomplete speculative execution attack mitigations extended to the branch predictor state, VMScape leaks arbitrary memory. The post appeared first on .
12-09-2025 09:49
Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass
UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal
12-09-2025 09:00
source : hackernews, securityweek, techrepublicsecurity, welivesecurity