Latest Cybersecurity News and Articles


Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools

06 August 2025
Microsoft on Tuesday announced an autonomous artificial intelligence (AI) agent that can analyze and classify software without assistance in an effort to advance malware detection efforts. The large language model (LLM)-powered autonomous malware classification system, currently a prototype, has been codenamed Project Ire by the tech giant. The system "automates what is considered the gold

Black Hat USA 2025 – Summary of Vendor Announcements (Part 2)

06 August 2025
Many companies are showcasing their products and services this week at the 2025 edition of the Black Hat conference in Las Vegas. The post Black Hat USA 2025 – Summary of Vendor Announcements (Part 2) appeared first on SecurityWeek.

Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC

06 August 2025
Adobe has released urgent security updates to resolve two AEM Forms vulnerabilities for which proof-of-concept (PoC) code exists. The post Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC appeared first on SecurityWeek.

Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems

06 August 2025
Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild. The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both rated 9.4 on the CVSS scoring system, have been described as management console command injection and remote code execution flaws. "A vulnerability in Trend Micro

CERT-UA Warns of HTA-Delivered C# Malware Attacks Using Court Summons Lures

06 August 2025
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks carried out by a threat actor called UAC-0099 targeting government agencies, the defense forces, and enterprises of the defense-industrial complex in the country. The attacks, which leverage phishing emails as an initial compromise vector, are used to deliver malware families like MATCHBOIL, MATCHWOK, and

AI Is Transforming Cybersecurity Adversarial Testing - Pentera Founder’s Vision

06 August 2025
When Technology Resets the Playing Field In 2015 I founded a cybersecurity testing software company with the belief that automated penetration testing was not only possible, but necessary. At the time, the idea was often met with skepticism, but today, with 1200+ of enterprise customers and thousands of users, that vision has proven itself. But I also know that what we’ve built so far is only

CISA Adds 3 D-Link Router Flaws to KEV Catalog After Active Exploitation Reports

06 August 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The high-severity vulnerabilities, which are from 2020 and 2022, are listed below - CVE-2020-25078 (CVSS score: 7.5) - An unspecified vulnerability in D-Link

ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections

05 August 2025
A combination of propagation methods, narrative sophistication, and evasion techniques enabled the social engineering tactic known as ClickFix to take off the way it did over the past year, according to new findings from Guardio Labs. "Like a real-world virus variant, this new 'ClickFix' strain quickly outpaced and ultimately wiped out the infamous fake browser update scam that plagued the web

Microsoft’s Project Ire Autonomously Reverse Engineers Software to Find Malware

05 August 2025
Microsoft has unveiled Project Ire, a prototype autonomous AI agent that can analyze any software file to determine if it’s malicious. The post Microsoft’s Project Ire Autonomously Reverse Engineers Software to Find Malware appeared first on SecurityWeek.

Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild

05 August 2025
Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in the wild. The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6), by the chipmaker back in June 2025. CVE-2025-21479

Cisco Says User Data Stolen in CRM Hack

05 August 2025
Cisco has disclosed a data breach affecting Cisco.com user accounts, including names, email address, and phone numbers. The post Cisco Says User Data Stolen in CRM Hack appeared first on SecurityWeek.

Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval

05 August 2025
Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence (AI)-powered code editor Cursor that could result in remote code execution. The vulnerability, tracked as CVE-2025-54136 (CVSS score: 7.2), has been codenamed MCPoison by Check Point Research, owing to the fact that it exploits a quirk in the way the software handles modifications to Model

Black Hat USA 2025 – Summary of Vendor Announcements (Part 1)

05 August 2025
Many companies are showcasing their products and services this week at the 2025 edition of the Black Hat conference in Las Vegas. The post Black Hat USA 2025 – Summary of Vendor Announcements (Part 1) appeared first on SecurityWeek.

Vibe Coding: When Everyone’s a Developer, Who Secures the Code?

05 August 2025
As AI makes software development accessible to all, security teams face a new challenge: protecting applications built by non-developers at unprecedented speed and scale. The post Vibe Coding: When Everyone’s a Developer, Who Secures the Code? appeared first on SecurityWeek.

Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks

05 August 2025
In SaaS security conversations, “misconfiguration” and “vulnerability” are often used interchangeably. But they’re not the same thing. And misunderstanding that distinction can quietly create real exposure. This confusion isn’t just semantics. It reflects a deeper misunderstanding of the shared responsibility model, particularly in SaaS environments where the line between vendor and customer

Approov Raises $6.7 Million for Mobile App Security

05 August 2025
Approov has raised $6.7 million in Series A funding to advance its mobile application and API security solutions. The post Approov Raises $6.7 Million for Mobile App Security appeared first on SecurityWeek.

How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents

05 August 2025
Why do SOC teams still drown in alerts even after spending big on security tools? False positives pile up, stealthy threats slip through, and critical incidents get buried in the noise. Top CISOs have realized the solution isn’t adding more and more tools to SOC workflows but giving analysts the speed and visibility they need to catch real attacks before they cause damage.  Here’s how

Android’s August 2025 Update Patches Exploited Qualcomm Vulnerability

05 August 2025
Android’s light August 2025 security update resolves an Adreno GPU vulnerability confirmed as exploited in June. The post Android’s August 2025 Update Patches Exploited Qualcomm Vulnerability appeared first on SecurityWeek.

Microsoft Offers $5 Million at Zero Day Quest Hacking Contest

05 August 2025
Research demonstrating high-impact cloud and AI security flaws will be rewarded at Microsoft’s Zero Day Quest competition in spring 2026. The post Microsoft Offers $5 Million at Zero Day Quest Hacking Contest appeared first on SecurityWeek.

SonicWall Hunts for Zero-Day Amid Surge in Firewall Exploitation

05 August 2025
Threat actors might be exploiting a zero-day vulnerability in SonicWall firewalls in a fresh wave of ransomware attacks. The post SonicWall Hunts for Zero-Day Amid Surge in Firewall Exploitation appeared first on SecurityWeek.