Latest Cybersecurity News and Articles
16 September 2025
The bootstrapped company will invest in an AI-powered unified enterprise platform combining configuration, compliance, patching, and vulnerability management.
The post Endpoint Security Firm Remedio Raises $65 Million in First Funding Round appeared first on SecurityWeek.
16 September 2025
A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5) memory chips from South Korean semiconductor vendor SK Hynix.
The RowHammer attack variant, codenamed Phoenix (CVE-2025-6202, CVSS score: 7.1), is capable of bypassing sophisticated protection mechanisms put in place to resist the attack.
"We have proven that
16 September 2025
U.S. Senator Ron Wyden (D-OR) has called for an investigation of Microsoft, claiming the company’s insecure software has enabled cyber threats.
16 September 2025
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers.
"The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling
15 September 2025
The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk.
"The worm only executes on devices with Thailand-based IP addresses and drops the Yokai backdoor," IBM X-Force researchers Golo Mühr and Joshua Chung said in an analysis published last week.
The tech giant's
15 September 2025
A former FinWise employee gained access to American First Finance customer information.
The post 689,000 Affected by Insider Breach at FinWise Bank appeared first on SecurityWeek.
15 September 2025
Fifteen years after its debut, Zero Trust remains the gold standard in cybersecurity theory — but its uneven implementation leaves organizations both stronger and dangerously exposed.
The post Zero Trust Is 15 Years Old — Why Full Adoption Is Worth the Struggle appeared first on SecurityWeek.
15 September 2025
Silent Push, which provides Indicators of Future Attack, has raised a total of $32 million in funding.
The post Silent Push Raises $10 Million for Threat Intelligence Platform appeared first on SecurityWeek.
15 September 2025
The Israeli cybersecurity startup plans to expand its offensive security offering to cover more enterprise attack surface.
The post Terra Security Raises $30 Million for AI Penetration Testing Platform appeared first on SecurityWeek.
15 September 2025
Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we’ll explore what a “browser-based attack” is, and why they’re proving to be so effective.
What is a browser-based attack?
First, it’s important to establish what a browser-based attack is.
In most scenarios, attackers don’t think of themselves as attacking your web browser.
15 September 2025
In a world where threats are persistent, the modern CISO’s real job isn't just to secure technology—it's to preserve institutional trust and ensure business continuity.
This week, we saw a clear pattern: adversaries are targeting the complex relationships that hold businesses together, from supply chains to strategic partnerships. With new regulations and the rise of AI-driven attacks, the
15 September 2025
The cybercrime groups tracked as UNC6040 and UNC6395 have been extorting organizations after stealing data from their Salesforce instances.
The post FBI Shares IoCs for Recent Salesforce Intrusion Campaigns appeared first on SecurityWeek.
15 September 2025
In April, Rhode Island resident Navah Hopkins received a plea for her help to defeat legislation thousands of miles away in California. The ask came from Google, maker of the world’s most used web browser, Chrome. The tech giant sent a message to an email list that Hopkins and other small business owners were subscribed […]
The post Google Launched Behind-the-Scenes Campaign Against California Privacy Legislation; It Passed Anyway appeared first on SecurityWeek.
15 September 2025
Two years after the fact, Fairmont Federal Credit Union tells customers their personal, financial, and medical information was compromised.
The post West Virginia Credit Union Notifying 187,000 People Impacted by 2023 Data Breach appeared first on SecurityWeek.
15 September 2025
Reported by Meta and WhatsApp, the vulnerability leads to remote code execution and was likely exploited by a spyware vendor.
The post Samsung Patches Zero-Day Exploited Against Android Users appeared first on SecurityWeek.
15 September 2025
A new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository, raising concerns that it could be repurposed by cybercriminals for malicious purposes.
Dubbed Villager, the framework is assessed to be the work of Cyberspike, which has positioned the tools as a red teaming
15 September 2025
Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware.
"The attackers manipulated search rankings with SEO plugins and registered lookalike domains that closely mimicked legitimate software sites," Fortinet FortiGuard Labs researcher Pei Han Liao said. "By using convincing language and small character
13 September 2025
The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for a string of data theft and extortion attacks.
"Both groups have recently been observed targeting organizations' Salesforce platforms via different initial access mechanisms," the FBI said.
UNC6395 is a
12 September 2025
Samsung has released its monthly security updates for Android, including a fix for a security vulnerability that it said has been exploited in zero-day attacks.
The vulnerability, CVE-2025-21043 (CVSS score: 8.8), concerns an out-of-bounds write that could result in arbitrary code execution.
"Out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to
12 September 2025
Apple has notified users in France of a spyware campaign targeting their devices, according to the Computer Emergency Response Team of France (CERT-FR).
The agency said the alerts were sent out on September 3, 2025, making it the fourth time this year that Apple has notified citizens in the county that at least one of the devices linked to their iCloud accounts may have been compromised as part