Latest Cybersecurity News and Articles
21 February 2025
Noteworthy stories that might have slipped under the radar: Black Basta ransomware chat logs leaked, SEC launches new cyber unit, DOGE website hacked.
The post In Other News: Black Basta Chats Leaked, New SEC Cyber Unit, DOGE Site Hacked appeared first on SecurityWeek.
21 February 2025
OPSWAT details two critical vulnerabilities in the Mongoose ODM library for MongoDB leading to remote code execution on the Node.js server.
The post Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers appeared first on SecurityWeek.
21 February 2025
The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform appear to be readying a new version that allows prospective customers and cyber crooks to clone any brand's legitimate website and create a phishing version, further bringing down the technical expertise required to pull off phishing attacks at scale.
The latest iteration of the phishing suite "represents a significant
21 February 2025
CISA and FBI issue an advisory about Ghost ransomware activity.
21 February 2025
A researcher dives into Chinese reports attributing cyberattacks on Northwestern Polytechnical University to the NSA’s TAO division.
The post How China Pinned University Cyberattacks on NSA Hackers appeared first on SecurityWeek.
21 February 2025
CISA has added a Craft CMS flaw tracked as CVE-2025-23209 to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Warns of Attacks Exploiting Craft CMS Vulnerability appeared first on SecurityWeek.
21 February 2025
In today’s rapidly evolving digital landscape, weak identity security isn’t just a flaw—it’s a major risk that can expose your business to breaches and costly downtime.
Many organizations are overwhelmed by an excess of user identities and aging systems, making them vulnerable to attacks. Without a strategic plan, these security gaps can quickly turn into expensive liabilities.
Join us for "
21 February 2025
Palo Alto Networks is warning customers that a second vulnerability patched in February is being exploited in attacks.
The post Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls appeared first on SecurityWeek.
21 February 2025
Wherever there’s been conflict in the world, propaganda has never been far away. Travel back in time to 515 BC and read the Behistun Inscription, an autobiography by Persian King Darius that discusses his rise to power. More recently, see how different newspapers report on wars, where it’s said, ‘The first casualty is the truth.’
While these forms of communication
21 February 2025
A global venture capital firm has announced it experienced a cyber incident.
21 February 2025
Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies.
"The threat actor then demonstrated their ability to persist in target environments across equipment from multiple
21 February 2025
A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was addressed by the
21 February 2025
Research reveals a non-password-protected database associated with a clinical trial site network.
20 February 2025
China-linked cyberespionage toolkits are popping up in ransomware attacks, forcing defenders to rethink how they combat state-backed hackers.
The post Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines appeared first on SecurityWeek.
20 February 2025
A new report highlights trends in mobile-specific phishing attacks.
20 February 2025
NioCorp Developments has informed the SEC that it lost $0.5 million after its systems were compromised.
The post Mining Company NioCorp Loses $500,000 in BEC Hack appeared first on SecurityWeek.
20 February 2025
A new report offers insight into hiring trends, cyber professional compensation and job satisfaction.
20 February 2025
AI systems can sometimes struggle with complex or nuanced situations, so human intervention can help identify and address potential issues that algorithms might not.
The post AI Can Supercharge Productivity, But we Still Need a Human-in-the-Loop appeared first on SecurityWeek.
20 February 2025
Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail and InvisibleFerret.
The activity, linked to North Korea, has been codenamed DeceptiveDevelopment, which overlaps with clusters tracked under the names Contagious Interview (aka CL-STA-0240), DEV#POPPER, Famous Chollima,
20 February 2025
Atlassian has released patches for 12 critical- and high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd, and Jira.
The post Atlassian Patches Critical Vulnerabilities in Confluence, Crowd appeared first on SecurityWeek.