Latest Cybersecurity News and Articles
25 February 2025
Opposition activists in Belarus as well as Ukrainian military and government organizations are the target of a new campaign that employs malware-laced Microsoft Excel documents as lures to deliver a new variant of PicassoLoader.
The threat cluster has been assessed to be an extension of a long-running campaign mounted by a Belarus-aligned threat actor dubbed Ghostwriter (aka Moonscape,
25 February 2025
86% of codebases had open source software vulnerabilities while 81% had high- or critical-risk vulnerabilities.
25 February 2025
Seattle startup building technology to mitigate lateral movement and block “living off the land” techniques wins interest from investors.
The post Edera Banks $15M for Kubernetes Workload Isolation Tech appeared first on SecurityWeek.
25 February 2025
The EU has announced new sanctions against entities aiding Russia’s war against Ukraine, including an individual who leads North Korean hackers.
The post Leader of North Korean Hackers Sanctioned by EU appeared first on SecurityWeek.
25 February 2025
John Carse has been hired as Field Chief Information Security Officer (CISO) at SquareX. Carse has over two decades of cybersecurity experience.
25 February 2025
Dragos has published its 2025 OT/ICS Cybersecurity Report, which provides information on the threats and trends observed in 2024.
The post Nine Threat Groups Active in OT Operations in 2024: Dragos appeared first on SecurityWeek.
25 February 2025
CISA has added CVE-2024-20953, an Oracle Agile PLM vulnerability patched in January 2024, to its KEV catalog.
The post CISA Warns of Attacks Exploiting Oracle Agile PLM Vulnerability appeared first on SecurityWeek.
25 February 2025
The first quarter of 2025 has been a battlefield in the world of cybersecurity. Cybercriminals continued launching aggressive new campaigns and refining their attack methods.
Below is an overview of five notable malware families, accompanied by analyses conducted in controlled environments.
NetSupport RAT Exploiting the ClickFix Technique
In early 2025, threat actors began exploiting a technique
25 February 2025
A large-scale malware campaign has been found leveraging a vulnerable Windows driver associated with Adlice's product suite to sidestep detection efforts and deliver the Gh0st RAT malware.
"To further evade detection, the attackers deliberately generated multiple variants (with different hashes) of the 2.0.2 driver by modifying specific PE parts while keeping the signature valid," Check Point
25 February 2025
Cybersecurity researchers are calling attention to an ongoing campaign that's targeting gamers and cryptocurrency investors under the guise of open-source projects hosted on GitHub.
The campaign, which spans hundreds of repositories, has been dubbed GitVenom by Kaspersky.
"The infected projects include an automation instrument for interacting with Instagram accounts, a Telegram bot that enables
25 February 2025
Security leaders discuss the 7-year-old vulnerability that was exploited in the Salt Typhoon attack.
25 February 2025
Various industrial organizations in the Asia-Pacific (APAC) region have been targeted as part of phishing attacks designed to deliver a known malware called FatalRAT.
"The threat was orchestrated by attackers using legitimate Chinese cloud content delivery network (CDN) myqcloud and the Youdao Cloud Notes service as part of their attack infrastructure," Kaspersky ICS CERT said in a Monday
24 February 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities in question are listed below -
CVE-2017-3066 (CVSS score: 9.8) - A deserialization vulnerability impacting
24 February 2025
The question is whether Majorana 1 advances progress toward quantum computing – or for security professionals, the arrival of computers powerful enough to break PKE.
The post What Microsoft’s Majorana 1 Chip Means for Quantum Decryption appeared first on SecurityWeek.
24 February 2025
Rad Security has raised $14 million in Series A funding for a defense platform for AI workloads and cloud infrastructure.
The post Rad Security Raises $14 Million for AI, Cloud Security Platform appeared first on SecurityWeek.
24 February 2025
OpenAI has banned ChatGPT accounts used by Chinese threat actors, including ones leveraged for the development of spying tools.
The post OpenAI Bans ChatGPT Accounts Used by Chinese Group for Spy Tools appeared first on SecurityWeek.
24 February 2025
The SEC has announced it established the Cyber and Emerging Technologies Unit.
24 February 2025
Cybersecurity researchers are warning of a new campaign that leverages cracked versions of software as a lure to distribute information stealers like Lumma and ACR Stealer.
The AhnLab Security Intelligence Center (ASEC) said it has observed a spike in the distribution volume of ACR Stealer since January 2025.
A notable aspect of the stealer malware is the use of a technique called dead drop
24 February 2025
Texas automated endpoint management vendor banks $500 million infusion in Series C extensions that values the company at $5 billion.
The post NinjaOne Scores $500M in Series C Extensions at $5 Billion Valuation appeared first on SecurityWeek.
24 February 2025
Recent research found that .1% of U.S. and U.K. consumers could accurately distinguish real from fake content across images and video.