Latest Cybersecurity News and Articles
18 March 2025
Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion.
"This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to use multiple clouds (multicloud)," the tech giant said today.
It added the acquisition, which is
18 March 2025
ZDI has uncovered 1,000 malicious .lnk files used by state-sponsored and cybercrime threat actors to execute malicious commands.
The post 11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft appeared first on SecurityWeek.
18 March 2025
A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions.
The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity.
"A local or remote attacker can exploit the vulnerability by accessing the
18 March 2025
Google has confirmed reports that it’s buying cloud security giant Wiz and says it’s prepared to pay $32 billion in cash.
The post Google to Acquire Cloud Security Giant Wiz for $32 Billion in Cash appeared first on SecurityWeek.
18 March 2025
Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store to serve full-screen ads and conduct phishing attacks.
"The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks," Bitdefender said in a report shared with
18 March 2025
Exploit and vulnerability intelligence provider VulnCheck has raised $12 million in a Series A funding round.
The post VulnCheck Raises $12 Million for Vulnerability Intelligence Platform appeared first on SecurityWeek.
18 March 2025
Cloudflare launches Cloudforce Threat Events Feed, a service designed to provide security teams with real-time threat intelligence.
The post New Cloudflare Service Provides Real-Time Threat Intelligence appeared first on SecurityWeek.
18 March 2025
A report found that the top predicted threat for 2025 is ransomware.
18 March 2025
The personal information of 22,000 Western Alliance Bank customers was stolen in a data breach linked to Cl0p’s hacking of the Cleo file transfer tool.
The post Western Alliance Bank Discloses Data Breach Linked to Cleo Hack appeared first on SecurityWeek.
18 March 2025
US representatives and senators have reintroduced a bipartisan bill to support the cybersecurity of small water and wastewater utilities.
The post US Lawmakers Reintroduce Bill to Boost Rural Water Cybersecurity appeared first on SecurityWeek.
18 March 2025
While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts.
Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this
18 March 2025
Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL.
The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo, which is scheduled to kick off in
18 March 2025
At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem.
This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV, according to new findings from the HUMAN Satori Threat Intelligence and Research team, published in
18 March 2025
A year-old vulnerability in ChatGPT is being exploited against financial entities and US government organizations.
The post ChatGPT Vulnerability Exploited Against US Government Organizations appeared first on SecurityWeek.
18 March 2025
Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data.
The malware contains capabilities to "steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored
17 March 2025
Exploits swirling for remote code execution vulnerability (CVE-2025-24813) in open-source Apache Tomcat web server.
The post Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum appeared first on SecurityWeek.
17 March 2025
First choices for both KEMs and DSAs are already standardized, and organizations should not wait for the backups to be available before migrating to PQC.
The post NIST Announces HQC as Fifth Standardized Post Quantum Algorithm appeared first on SecurityWeek.
17 March 2025
A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure.
The vulnerability, tracked as CVE-2025-24813, affects the below versions -
Apache Tomcat 11.0.0-M1 to 11.0.2
Apache Tomcat 10.1.0-M1 to 10.1.34
Apache Tomcat 9.0.0-M1 to 9.0.98
It concerns a
17 March 2025
Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes.
The post 8,000 New WordPress Vulnerabilities Reported in 2024 appeared first on SecurityWeek.
17 March 2025
Research shows DeepSeek can develop malware — what does this mean for organizations?