Latest Cybersecurity News and Articles
25 March 2025
Charm Security has emerged from stealth mode with $8 million in funding for AI-powered scams and social engineering prevention.
The post Charm Security Emerges From Stealth With $8 Million in Funding appeared first on SecurityWeek.
25 March 2025
Email-related data breach suffered by wheelchair and other mobility equipment provider Numotion affects almost 500,000 individuals.
The post Numotion Data Breach Impacts Nearly 500,000 People appeared first on SecurityWeek.
25 March 2025
Weaver Ant, a cyberespionage-focused APT operating out of China, is targeting telecom providers for persistent access.
The post Chinese APT Weaver Ant Targeting Telecom Providers in Asia appeared first on SecurityWeek.
25 March 2025
A major telecommunications company located in Asia was allegedly breached by Chinese state-sponsored hackers who spent over four years inside its systems, according to a new report from incident response firm Sygnia.
The cybersecurity company is tracking the activity under the name Weaver Ant, describing the threat actor as stealthy and highly persistent. The name of the telecom provider was not
25 March 2025
Threats themselves change very little, but the tactics used are continually revised to maximize the criminals’ return on investment and effort.
The post Ransomware Shifts Tactics as Payouts Drop: Critical Infrastructure in the Crosshairs appeared first on SecurityWeek.
25 March 2025
Frank Trezza is fairly typical of most hackers. Early pranks sometimes leading to something more serious.
The post Hacker Conversations: Frank Trezza – From Phreaker to Pentester appeared first on SecurityWeek.
25 March 2025
Organizations now use an average of 112 SaaS applications—a number that keeps growing. In a 2024 study, 49% of 644 respondents who frequently used Microsoft 365 believed that they had less than 10 apps connected to the platform, despite the fact that aggregated data indicated over 1,000+ Microsoft 365 SaaS-to-SaaS connections on average per deployment. And that’s just one major SaaS provider.
25 March 2025
Authorities in seven African countries arrested 300 suspects in an international crackdown on cybercriminal networks targeting businesses.
The post 300 Arrested in Crackdown on Cybercrime Rings in Africa appeared first on SecurityWeek.
25 March 2025
Critical remote code execution vulnerabilities found by Wiz researchers in Ingress NGINX Controller for Kubernetes.
The post IngressNightmare Flaws Expose Many Kubernetes Clusters to Remote Hacking appeared first on SecurityWeek.
25 March 2025
Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft's .NET Multi-platform App UI (.NET MAUI) framework to create bogus banking and social media apps targeting Indian and Chinese-speaking users.
"These threats disguise themselves as legitimate apps, targeting users to steal sensitive information," McAfee Labs researcher Dexter Shin said.
.NET
25 March 2025
Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation codenamed Red Card that took place between November 2024 and February 2025.
The coordinated effort "aims to disrupt and dismantle cross-border criminal networks which cause significant harm to individuals and businesses," INTERPOL said, adding it
25 March 2025
Although there has been a reduction in rooted and jailbroken devices, these devices are still a security concern for users and enterprises.
24 March 2025
A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet.
The vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974 ), assigned a CVSS score of
24 March 2025
Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser.
The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence (GenAI) apps like OpenAI ChatGPT, Google Gemini, and DeepSeek. The list will be expanded over time to
24 March 2025
The effects of the backlog is already being felt in vulnerability management circles where NVD data promises an enriched source of truth.
The post NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD appeared first on SecurityWeek.
24 March 2025
Oracle has denied that Cloud systems have been breached after a hacker claimed to have stolen millions of records.
The post Oracle Denies Cloud Breach After Hacker Offers to Sell Data appeared first on SecurityWeek.
24 March 2025
A Russian exploit acquisition firm is offering up to $4 million for a full-chain exploit targeting messaging service Telegram.
The post Russian Firm Offers $4 Million for Telegram Exploits appeared first on SecurityWeek.
24 March 2025
A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025.
"The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit. Affiliates keep 80% of the ransom payments, while the core operators earn 20%," Check Point said in a report published over the weekend
24 March 2025
Understand whether BAS, Automated Penetration Testing, or the combined approach of Adversarial Exposure Validation (AEV) aligns best with your organization’s unique security needs.
The post Webinar Tomorrow: Which Security Testing Approach is Right for You? appeared first on SecurityWeek.
24 March 2025
The Pennsylvania State Education Association announced a data breach impacting the private personal information of 501,183 education professionals.