Latest Cybersecurity News and Articles
14 March 2025
Measure the different level of risk inherent to all gen-AI foundational models and use that to fine-tune the operation of in-house AI deployments.
The post New AI Security Tool Helps Organizations Set Trust Zones for Gen-AI Models appeared first on SecurityWeek.
14 March 2025
Cybersecurity leaders share their insights on the state of quantum computing.
14 March 2025
Your guide on how to get through the conference with your sanity, energy, and key performance indicators (KPIs) intact.
The post RSA Conference Playbook: Smart Strategies from Seasoned Attendees appeared first on SecurityWeek.
14 March 2025
Two Microsoft researchers have devised a new jailbreak method that bypasses the safety mechanisms of most AI systems.
The post New CCA Jailbreak Method Works Against Most AI Models appeared first on SecurityWeek.
14 March 2025
Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfold—from the initial breach to the moment hackers demand payment.
Join Joseph Carson, Delinea’s Chief Security Scientist and Advisory CISO, who brings 25 years of enterprise security expertise. Through a live demonstration, he will break down every technical step of a ransomware attack, showing you how
14 March 2025
Most microsegmentation projects fail before they even get off the ground—too complex, too slow, too disruptive. But Andelyn Biosciences proved it doesn’t have to be that way.
Microsegmentation: The Missing Piece in Zero Trust Security
Security teams today are under constant pressure to defend against increasingly sophisticated cyber threats. Perimeter-based defenses alone can no
14 March 2025
The newly discovered SuperBlack ransomware has been exploiting two vulnerabilities in Fortinet firewalls.
The post Recent Fortinet Vulnerabilities Exploited in ‘SuperBlack’ Ransomware Attacks appeared first on SecurityWeek.
14 March 2025
Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, according to findings from CyberArk.
Clipper malware is a type of cryware (as coined by Microsoft) that's designed to monitor a victim's clipboard content and facilitate cryptocurrency theft by substituting copied cryptocurrency wallet addresses
14 March 2025
A new malware campaign has been observed leveraging social engineering tactics to deliver an open-source rootkit called r77.
The activity, condemned OBSCURE#BAT by Securonix, enables threat actors to establish persistence and evade detection on compromised systems. It's currently not known who is behind the campaign.
The rootkit "has the ability to cloak or mask any file, registry key or task
13 March 2025
A recently disclosed Edimax zero-day vulnerability has been exploited in the wild by Mirai botnets for nearly a year.
The post Unpatched Edimax Camera Flaw Exploited Since at Least May 2024 appeared first on SecurityWeek.
13 March 2025
Meta’s Facebook security team warns of live exploitation of a zero-day vulnerability in the open-source FreeType library.
The post FreeType Zero-Day Being Exploited in the Wild appeared first on SecurityWeek.
13 March 2025
Cisco has released patches for 10 vulnerabilities in IOS XR, including five denial-of-service (DoS) bugs.
The post Cisco Patches 10 Vulnerabilities in IOS XR appeared first on SecurityWeek.
13 March 2025
Microsoft has shed light on an ongoing phishing campaign that targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware.
The activity, the tech giant said, started in December 2024 and operates with the end goal of conducting financial fraud and theft. It's
13 March 2025
Threat actors are likely targeting Grafana path traversal bugs for reconnaissance in a SSRF exploitation campaign targeting popular platforms.
The post Grafana Flaws Likely Targeted in Broad SSRF Exploitation Campaign appeared first on SecurityWeek.
13 March 2025
A cybercrime group named Storm-1865 has targeted hospitality organizations via fake Booking.com emails and the use of social engineering.
The post Microsoft Warns of Hospitality Sector Attacks Involving ClickFix appeared first on SecurityWeek.
13 March 2025
The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users.
Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It's not clear how successful these efforts were.
"
13 March 2025
Researchers have analyzed the ability of the Chinese gen-AI DeepSeek to create malware such as ransomware and keyloggers.
The post DeepSeek’s Malware-Generation Capabilities Put to Test appeared first on SecurityWeek.
13 March 2025
The North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play.
The post North Korean Hackers Distributed Android Spyware via Google Play appeared first on SecurityWeek.
13 March 2025
CISA, FBI, and MS-ISAC warn of Medusa ransomware attacks targeting critical infrastructure organizations.
The post Medusa Ransomware Made 300 Critical Infrastructure Victims appeared first on SecurityWeek.
13 March 2025
Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections.
SAML is an XML-based markup language and open-standard used for exchanging authentication and authorization data between parties, enabling features like single sign-on (SSO), which allows