Latest Cybersecurity News and Articles
03 March 2025
This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back the curtain on a scheme where cybercriminals used AI tools for harmful pranks, and a massive trove of live secrets was discovered, reminding us that even the tools we rely on can hide risky
03 March 2025
Angel One says client information was compromised in a data breach involving its AWS account.
The post Indian Stock Broker Angel One Discloses Data Breach appeared first on SecurityWeek.
03 March 2025
In 2024, global ransomware attacks hit 5,414, an 11% increase from 2023.
After a slow start, attacks spiked in Q2 and surged in Q4, with 1,827 incidents (33% of the year's total). Law enforcement actions against major groups like LockBit caused fragmentation, leading to more competition and a rise in smaller gangs. The number of active ransomware groups jumped 40%, from 68 in 2023 to 95
03 March 2025
A massive hoard of internal chats has been leaked from Black Basta, rivalling the Conti leaks of late February 2022.
The post Black Basta Leak Offers Glimpse Into Group’s Inner Workings appeared first on SecurityWeek.
03 March 2025
Explore industry moves and significant changes in the industry for the week of March 3, 2025. Stay updated with the latest industry trends and shifts.
03 March 2025
Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d.
The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of 1,590,299 on January 19, 2025, spanning 226 countries. As of February 25, 2025, India has experienced a
02 March 2025
A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say the inquiry could be grounds to reopen a number of adjudicated cases in which the expert's testimony may have been pivotal.
01 March 2025
Firefox browser maker Mozilla on Friday updated its Terms of Use a second time within a week following criticism overbroad language that appeared to give the company the rights to all information uploaded by users.
The revised Terms of Use now states -
You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It
28 February 2025
Amnesty International publishes technical details on zero-day vulnerabilities exploited by Cellebrite’s mobile forensic tools to spy on a Serbian student activist.
The post Amnesty Reveals Cellebrite Zero-Day Android Exploit on Serbian Student Activist appeared first on SecurityWeek.
28 February 2025
One of the most notorious providers of abuse-friendly "bulletproof" web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned.
28 February 2025
A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amnesty International.
"The Android phone of one student protester was exploited and unlocked by a sophisticated zero-day exploit chain targeting Android USB drivers, developed by Cellebrite," the international non-governmental
28 February 2025
The Director of National Intelligence said such a demand would violate Americans’ rights and raise concerns about a foreign government pressuring a U.S.-based technology company.
The post Gabbard Decries Britain’s Reported Demand for Apple to Provide Backdoor Access to Users’ Cloud Data appeared first on SecurityWeek.
28 February 2025
Remote Desktop Protocol (RDP) is an amazing technology developed by Microsoft that lets you access and control another computer over a network. It’s like having your office computer with you wherever you go. For businesses, this means IT staff can manage systems remotely, and employees can work from home or anywhere, making RDP a true game-changer in today’s work environment.
But here’s the
28 February 2025
Michael R. Centrella has been promoted to Assistant Director of the USSS Office of Field Operations.
28 February 2025
Cybersecurity researchers have uncovered a widespread phishing campaign that uses fake CAPTCHA images shared via PDF documents hosted on Webflow's content delivery network (CDN) to deliver the Lumma stealer malware.
Netskope Threat Labs said it discovered 260 unique domains hosting 5,000 phishing PDF files that redirect victims to malicious websites.
"The attacker uses SEO to trick victims into
28 February 2025
Noteworthy stories that might have slipped under the radar: Krispy Kreme data breach costs $11M, Pwn2Own moves to Berlin, the story of the 2024 Disney hack.
The post In Other News: Krispy Kreme Breach Cost, Pwn2Own Berlin, Disney Hack Story appeared first on SecurityWeek.
28 February 2025
The Qilin ransomware gang claims to have stolen 350 Gb of files from Lee Enterprises in the attack that caused newspaper disruptions.
The post Ransomware Group Takes Credit for Lee Enterprises Attack appeared first on SecurityWeek.
28 February 2025
The Vo1d botnet is now powered by 1.6 million Android TV devices, up from 1.3 million half a year ago.
The post Vo1d Botnet Evolves as It Ensnares 1.6 Million Android TV Boxes appeared first on SecurityWeek.
28 February 2025
In a lawsuit targeting cybercriminals who abuse AI services, Microsoft has named individuals from Iran, the UK, China and Vietnam.
The post Microsoft Names Suspects in Lawsuit Against AI Hackers appeared first on SecurityWeek.
28 February 2025
Microsoft on Thursday unmasked four of the individuals that it said were behind an Azure Abuse Enterprise scheme that involves leveraging unauthorized access to generative artificial intelligence (GenAI) services in order to produce offensive and harmful content.
The campaign, called LLMjacking, has targeted various AI offerings, including Microsoft's Azure OpenAI Service. The tech giant is