Latest Cybersecurity News and Articles
13 March 2025
CISA, FBI, and MS-ISAC warn of Medusa ransomware attacks targeting critical infrastructure organizations.
The post Medusa Ransomware Made 300 Critical Infrastructure Victims appeared first on SecurityWeek.
13 March 2025
Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections.
SAML is an XML-based markup language and open-standard used for exchanging authentication and authorization data between parties, enabling features like single sign-on (SSO), which allows
13 March 2025
Organizations can align their processes with one of two global industry standards for self-assessment and security maturity—BSIMM and OWASP SAMM.
The post Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution appeared first on SecurityWeek.
13 March 2025
QuamCore’s secret sauce is a patented architecture that will allow the integration of 1 million qubits in a single cryostat.
The post QuamCore Emerges From Stealth With $9 Million to Build a Quantum Computer appeared first on SecurityWeek.
13 March 2025
An article in The Sunday Telegraph outlines guidance and information from the NCSC on actions to take when the cyber threat is heightened.
13 March 2025
As IT environments grow more complex, IT professionals are facing unprecedented pressure to secure business-critical data. With hybrid work the new standard and cloud adoption on the rise, data is increasingly distributed across different environments, providers and locations, expanding the attack surface for emerging cyberthreats. While the need for a strong data protection strategy has become
13 March 2025
Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild.
The vulnerability has been assigned the CVE identifier CVE-2025-27363, and carries a CVSS score of 8.1, indicating high severity. Described as an out-of-bounds write flaw, it could be exploited to achieve remote code execution when parsing certain font
13 March 2025
Browser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending expiration of a root certificate.
"On March 14, 2025, a root certificate used to verify signed content and add-ons for various Mozilla projects, including Firefox, will expire," Mozilla said.
"Without updating to Firefox
12 March 2025
Israeli startup in the automated security validation space secures a $60 million round led by Evolution Equity Partners.
The post Security Validation Firm Pentera Banks $60M Series D appeared first on SecurityWeek.
12 March 2025
China-nexus cyberespionage group caught planting custom backdoors on end-of-life Juniper Networks Junos OS routers.
The post Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers appeared first on SecurityWeek.
12 March 2025
360 Privacy has raised $36 million in equity investment to scour the surface and dark web for leaked PII and remove it.
The post 360 Privacy Raises $36 Million for Digital Executive Protection Platform appeared first on SecurityWeek.
12 March 2025
Organizations must recognize that security is not about the number of tools deployed, it is about ensuring those tools effectively disrupt the attack chain at every stage.
The post A Guide to Security Investments: The Anatomy of a Cyberattack appeared first on SecurityWeek.
12 March 2025
Zoom has patched five vulnerabilities in its applications, including four high-severity flaws.
The post Zoom Patches 4 High-Severity Vulnerabilities appeared first on SecurityWeek.
12 March 2025
FTC says reported losses to fraud exceeded $12.5 billion in 2024, with $5.7 billion lost to investment scams.
The post Fraud Losses Reached $12.5 Billion in 2024: FTC appeared first on SecurityWeek.
12 March 2025
Exploiting trust in the DeepSeek brand, scammers attempt to harvest personal information or steal user credentials.
The post Beware of DeepSeek Hype: It’s a Breeding Ground for Scammers appeared first on SecurityWeek.
12 March 2025
The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX routers from Juniper Networks as part of a campaign designed to deploy custom backdoors, highlighting their ability to focus on internal networking infrastructure.
"The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script that
12 March 2025
A joint advisory from the NCSC and international partners details the 15 most commonly exploited vulnerabilities in 2021.
12 March 2025
Organisations should follow NCSC advice and take action to improve their resilience with the cyber threat heightened.
12 March 2025
The NCSC has issued advice to UK organisations following an update from Microsoft on malicious cyber campaigns.
12 March 2025
The NCSC, FBI and DHS have issued a joint Technical Alert about malicious cyber activity carried out by the Russian Government.