Latest Cybersecurity News and Articles
26 February 2025
A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale.
Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign – dubbed 360XSS – affected over 350 websites,
26 February 2025
Threat Intelligence firm Kela warns of a new ransomware group called Anubis operating as a RaaS service with an extensive array of options for affiliates.
The post New Anubis Ransomware Could Pose Major Threat to Organizations appeared first on SecurityWeek.
26 February 2025
API security challenges are ongoing, with 99% reporting API security issues in the past 12 months.
26 February 2025
More than a year's worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented visibility into their tactics and internal conflicts among its members.
The Russian-language chats on the Matrix messaging platform between September 18, 2023, and September 28, 2024, were initially leaked on February 11, 2025, by an
26 February 2025
Richard Bird has been appointed CSO at Singulr AI. Bird will play a critical role in helping develop practices that keep pace with emerging threats.
26 February 2025
New Linux malware named Auto-Color, which allows full remote access to compromised devices, targets North America and Asia.
The post New ‘Auto-Color’ Linux Malware Targets North America, Asia appeared first on SecurityWeek.
26 February 2025
SecurityWeek's 2025 Ransomware Resilience & Recovery Summit takes place today, February 26th, as a fully immersive virtual event.
The post Virtual Event Today: Ransomware Resilience & Recovery Summit appeared first on SecurityWeek.
26 February 2025
The Open Source Security Foundation (OpenSSF) has created a structured set of security requirements for open source projects.
The post OpenSSF Releases Security Baseline for Open Source Projects appeared first on SecurityWeek.
26 February 2025
Organizations today face relentless cyber attacks, with high-profile breaches hitting the headlines almost daily. Reflecting on a long journey in the security field, it’s clear this isn’t just a human problem—it’s a math problem. There are simply too many threats and security tasks for any SOC to manually handle in a reasonable timeframe. Yet, there is a solution. Many refer to it as SOC 3.0—an
26 February 2025
Qualcomm says it’s working with Google to ensure that Android device manufacturers will be able to provide security updates for 8 years.
The post Qualcomm Extends Security Support for Android Devices to 8 Years appeared first on SecurityWeek.
26 February 2025
Universities and government organizations in North America and Asia have been targeted by a previously undocumented Linux malware called Auto-Color between November and December 2024, according to new findings from Palo Alto Networks Unit 42.
"Once installed, Auto-color allows threat actors full remote access to compromised machines, making it very difficult to remove without specialized
26 February 2025
Background and drug screening giant DISA has revealed that a 2024 data breach impacts more than 3.3 million people.
The post 3.3 Million People Impacted by DISA Data Breach appeared first on SecurityWeek.
26 February 2025
Passwords are rarely appreciated until a security breach occurs; suffice to say, the importance of a strong password becomes clear only when faced with the consequences of a weak one. However, most end users are unaware of just how vulnerable their passwords are to the most common password-cracking methods. The following are the three common techniques for cracking passwords and how to
26 February 2025
The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday warned of renewed activity from an organized criminal group it tracks as UAC-0173 that involves infecting computers with a remote access trojan named DCRat (aka DarkCrystal RAT).
The Ukrainian cybersecurity authority said it observed the latest attack wave starting in mid-January 2025. The activity is designed to target the
26 February 2025
Cybersecurity researchers have flagged a malicious Python library on the Python Package Index (PyPI) repository that facilitates unauthorized music downloads from music streaming service Deezer.
The package in question is automslc, which has been downloaded over 104,000 times to date. First published in May 2019, it remains available on PyPI as of writing.
"Although automslc, which has been
25 February 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities in question are as follows -
CVE-2024-49035 (CVSS score: 8.7) - An improper access control
25 February 2025
A China-linked botnet powered by 130,000 hacked devices has targeted Microsoft 365 accounts with password spraying attacks.
The post Chinese Botnet Powered by 130,000 Devices Targets Microsoft 365 Accounts appeared first on SecurityWeek.
25 February 2025
Dreadnode is building “offensive machine learning” tools to safely simulate how AI models might be exploited in the wild.
The post Offensive AI Startup Dreadnode Secures $14M to Stress-Test AI Systems appeared first on SecurityWeek.
25 February 2025
Cybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to extract information from social media platforms like Facebook and Instagram.
LightSpy is the name given to a modular spyware that's capable of infecting both Windows and Apple systems with an aim to harvest data. It was first documented in
25 February 2025
The sudden shutdown follows the sale of Skybox Security’s business and technology assets to rival Israeli cybersecurity firm Tufin.
The post Skybox Security Shuts Down, Lays off Entire Workforce appeared first on SecurityWeek.