Latest Cybersecurity News and Articles
21 August 2025
Apple has rolled out iOS and macOS updates that resolve a zero-day vulnerability exploited in highly targeted attacks.
The post Apple Patches Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek.
21 August 2025
A 20-year-old member of the notorious cybercrime gang known as Scattered Spider has been sentenced to ten years in prison in the U.S. in connection with a series of major hacks and cryptocurrency thefts.
Noah Michael Urban pleaded guilty to charges related to wire fraud and aggravated identity theft back in April 2025. News of Urban's sentencing was reported by Bloomberg and Jacksonville news
21 August 2025
Research reveals a shift in consumer behavior in regard to data privacy.
21 August 2025
A $50,000 reward from Europol for two members of the Qilin ransomware group is a ‘scam’, according to the law enforcement agency.
The post Europol Says Qilin Ransomware Reward Fake appeared first on SecurityWeek.
21 August 2025
Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild.
The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300, resides in the ImageIO framework that could result in memory corruption when processing a malicious image.
"Apple is aware of a report that this issue may have been
20 August 2025
A 21-year-old Florida man at the center of a prolific cybercrime group known as "Scattered Spider" was sentenced to 10 years in federal prison today, and ordered to pay roughly $13 million in restitution to victims.
Noah Michael Urban of Palm Coast, Fla. pleaded guilty in April 2025 to charges of wire fraud and conspiracy. Florida prosecutors alleged Urban conspired with others to steal at least $800,000 from five victims via SIM-swapping attacks that diverted their mobile phone calls and text messages to devices controlled by Urban and his co-conspirators.
20 August 2025
Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication (2FA) codes, and credit card details under certain conditions.
The technique has been dubbed Document Object Model (DOM)-based extension clickjacking by independent security researcher Marek Tóth,
20 August 2025
A Russian state-sponsored cyber espionage group known as Static Tundra has been observed actively exploiting a seven-year-old security flaw in Cisco IOS and Cisco IOS XE software as a means to establish persistent access to target networks.
Cisco Talos, which disclosed details of the activity, said the attacks single out organizations in telecommunications, higher education and manufacturing
20 August 2025
According to a report from EisnerAmper, artificial intelligence (AI) is becoming increasingly popular in the workplace.
20 August 2025
Instead of GPT-5 Pro, your query could be quietly redirected to an older, weaker model, opening the door to jailbreaks, hallucinations, and unsafe outputs.
The post GPT-5 Has a Vulnerability: Its Router Can Send You to Older, Less Safe Models appeared first on SecurityWeek.
20 August 2025
By focusing on fundamentals, enterprises can avoid the distraction of hype and build security programs that are consistent, resilient, and effective over the long run.
The post Slow and Steady Security: Lessons from the Tortoise and the Hare appeared first on SecurityWeek.
20 August 2025
Elastic has found no evidence of a vulnerability leading to RCE after details and PoC of a Defend EDR bypass were published online.
The post Elastic Refutes Claims of Zero-Day in EDR Product appeared first on SecurityWeek.
20 August 2025
Cybersecurity researchers have demonstrated a new prompt injection technique called PromptFix that tricks a generative artificial intelligence (GenAI) model into carrying out intended actions by embedding the malicious instruction inside a fake CAPTCHA check on a web page.
Described by Guardio Labs an "AI-era take on the ClickFix scam," the attack technique demonstrates how AI-driven browsers,
20 August 2025
The US Department of Justice has announced the takedown of the RapperBot botnet and charges against its American administrator.
The post RapperBot Botnet Disrupted, American Administrator Indicted appeared first on SecurityWeek.
20 August 2025
Seemplicity announced a Series B funding round that will be used to create AI agents for its exposure management solution.
The post Seemplicity Raises $50 Million for Exposure Management Platform appeared first on SecurityWeek.
20 August 2025
Workday, a human resources organization, has announced it experienced a cybersecurity incident.
20 August 2025
CERT/CC has disclosed the details of information exposure vulnerabilities in a Workhorse Software application after patches were released.
The post Flaws in Software Used by Hundreds of Cities and Towns Exposed Sensitive Data appeared first on SecurityWeek.
20 August 2025
Inotiv has notified the SEC that its business operations took a hit after hackers compromised and encrypted its internal systems.
The post Pharmaceutical Company Inotiv Confirms Ransomware Attack appeared first on SecurityWeek.
20 August 2025
Modern businesses face a rapidly evolving and expanding threat landscape, but what does this mean for your business? It means a growing number of risks, along with an increase in their frequency, variety, complexity, severity, and potential business impact.
The real question is, “How do you tackle these rising threats?” The answer lies in having a robust BCDR strategy. However, to build a
20 August 2025
North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025.
The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted diplomatic contacts with the goal of luring embassy staff and foreign ministry personnel with convincing meeting invites