Latest Cybersecurity News and Articles
20 March 2025
A recent Menlo Security report identifies key drivers behind the rise in browser-based attacks, including AI, PhaaS and zero-day vulnerabilities.
20 March 2025
Veeam has released patches for a critical-severity remote code execution vulnerability in Backup & Replication.
The post Veeam Patches Critical Vulnerability in Backup & Replication appeared first on SecurityWeek.
20 March 2025
Pennsylvania State Education Association says the personal information of over 500,000 individuals was stolen in a data breach.
The post 500,000 Impacted by Pennsylvania Teachers Union Data Breach appeared first on SecurityWeek.
20 March 2025
SANS is seeing attempts to exploit two critical Cisco Smart Licensing Utility vulnerabilities tracked as CVE-2024-20439 and CVE-2024-20440.
The post Hackers Target Cisco Smart Licensing Utility Vulnerabilities appeared first on SecurityWeek.
20 March 2025
Cybersecurity isn't just another checkbox on your business agenda. It's a fundamental pillar of survival. As organizations increasingly migrate their operations to the cloud, understanding how to protect your digital assets becomes crucial. The shared responsibility model, exemplified through Microsoft 365's approach, offers a framework for comprehending and implementing effective cybersecurity
20 March 2025
Amazon is ending a little-used privacy feature that let some users of its Echo smart speaker prevent their voice commands from going to the company’s cloud.
The post Amazon Ends Little-Used Privacy Feature That Let Echo Users Opt Out of Sending Recordings to Company appeared first on SecurityWeek.
20 March 2025
The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are likely customers of spyware developed by Israeli company Paragon Solutions, according to a new report from The Citizen Lab.
Paragon, founded in 2019 by Ehud Barak and Ehud Schneorson, is the maker of a surveillance tool called Graphite that's capable of harvesting sensitive data from instant messaging applications
20 March 2025
Over 300 malicious applications displaying intrusive full-screen interstitial video ads amassed more than 60 million downloads on Google Play.
The post 300 Malicious ‘Vapor’ Apps Hosted on Google Play Had 60 Million Downloads appeared first on SecurityWeek.
20 March 2025
Regulatory compliance is no longer just a concern for large enterprises. Small and mid-sized businesses (SMBs) are increasingly subject to strict data protection and security regulations, such as HIPAA, PCI-DSS, CMMC, GDPR, and the FTC Safeguards Rule. However, many SMBs struggle to maintain compliance due to limited IT resources, evolving regulatory requirements, and complex security challenges
20 March 2025
Attacks involving Paragon’s Graphite spyware involved a WhatsApp zero-day that could be exploited without any user interaction.
The post Paragon Spyware Attacks Exploited WhatsApp Zero-Day appeared first on SecurityWeek.
20 March 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to
20 March 2025
A phishing campaign is leveraging Microsoft 365 infrastructure for attacks.
20 March 2025
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a new campaign that targets the defense sectors with Dark Crystal RAT (aka DCRat).
The campaign, detected earlier this month, has been found to target both employees of enterprises of the defense-industrial complex and individual representatives of the Defense Forces of Ukraine.
The activity involves
19 March 2025
A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration's continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to send their Social Security number or date of birth in a password-protected email attachment -- presumably with the password needed to view the file included in the body of the email.
19 March 2025
Orion protects against data exfiltration by using AI to compare actual data flows against permitted and expected data flows.
The post Orion Security Raises $6 Million to Tackle Insider Threats and Data Leaks with AI-Driven DLP appeared first on SecurityWeek.
19 March 2025
A new report assesses the cybersecurity posture of the education sector.
19 March 2025
Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT.
The vulnerability, assigned the CVE identifier CVE-2024-4577, refers to an argument injection vulnerability in PHP affecting Windows-based systems running in CGI mode that could allow remote attackers to run arbitrary code.
Cybersecurity company
19 March 2025
Defending high profile sporting events from adversarial attacks requires a mix of experienced capabilities and a solid threat intelligence program.
The post March Madness Requires Vigilance on Both an Individual and Corporate Level appeared first on SecurityWeek.
19 March 2025
News analysis: Google positions itself to compete with Microsoft for enterprise security dollars. How does this deal affect startup ecosystem?
The post What’s Behind Google’s $32 Billion Wiz Acquisition? appeared first on SecurityWeek.
19 March 2025
Infosys McCamish System has agreed to pay $17.5 million to settle six class action lawsuits filed over a 2023 data breach.
The post Infosys to Pay $17.5 Million in Settlement Over 2023 Data Breach appeared first on SecurityWeek.