Latest Cybersecurity News and Articles
19 February 2025
Venture capital firm Insight Partners has been targeted in a cyberattack that involved unauthorized access to its information systems.
The post VC Company Insight Partners Hacked appeared first on SecurityWeek.
19 February 2025
A CDG report found that 92% of IT professionals stated they had some degree of confidence in their ability to meet compliance requirements.
19 February 2025
Active infostealer infections have been found within U.S. agencies and defense contractors.
19 February 2025
Google and Mozilla resolve high-severity memory safety vulnerabilities with the latest Chrome and Firefox security updates.
The post Chrome 133, Firefox 135 Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
19 February 2025
A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain.
Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of the year.
"Typically delivered through phishing emails containing malicious attachments or links,
19 February 2025
A recently identified macOS infostealer named FrigidStealer has been distributed through a compromised website, as a fake browser update.
The post New FrigidStealer macOS Malware Distributed as Fake Browser Update appeared first on SecurityWeek.
19 February 2025
Admeritia has launched Cyber Decision Diagrams, a free tool designed to help organizations manage complex decisions related to ICS/OT cybersecurity.
The post Free Diagram Tool Aids Management of Complex ICS/OT Cybersecurity Decisions appeared first on SecurityWeek.
19 February 2025
Lee Enterprises has shared more details on the recent cyberattack, saying the attackers encrypted and stole files.
The post Lee Enterprises Newspaper Disruptions Caused by Ransomware appeared first on SecurityWeek.
19 February 2025
The growing demand for cybersecurity and compliance services presents a great opportunity for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) to offer virtual Chief Information Security Officer (vCISO) services—delivering high-level cybersecurity leadership without the cost of a full-time hire.
However, transitioning to vCISO services is not without its challenges
19 February 2025
Mandiant warns that multiple Russian APTs are abusing a nifty Signal Messenger feature to surreptitiously spy on encrypted conversations.
The post How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying appeared first on SecurityWeek.
19 February 2025
Users who are on the lookout for popular games were lured into downloading trojanized installers that led to the deployment of a cryptocurrency miner on compromised Windows hosts.
The large-scale activity has been codenamed StaryDobry by Russian cybersecurity company Kaspersky, which first detected it on December 31, 2024. It lasted for a month.
Targets of the campaign include individuals and
18 February 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The flaws are listed below -
CVE-2025-0108 (CVSS score: 7.8) - An authentication bypass vulnerability in the Palo Alto Networks PAN-OS
18 February 2025
Carding -- the underground business of stealing, selling and swiping stolen payment card data -- has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores.
18 February 2025
Guardrail specialist releases new products to aid the development and use of secure gen-AI apps.
The post Pangea Launches AI Guard and Prompt Guard to Combat Gen-AI Security Risks appeared first on SecurityWeek.
18 February 2025
San Francisco startup secures $8.5 million in seed funding led by Valley Capital Partners to tackle browser-based malware attacks.
The post MirrorTab Raises $8.5M Seed Round to Take on Browser-Based Attacks appeared first on SecurityWeek.
18 February 2025
Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions.
The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below -
CVE-2025-26465 - The OpenSSH client
18 February 2025
The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems.
This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor's malicious payload into an external process, waitfor.exe,
18 February 2025
Casinos in Michigan were targeted by a ransomware attack.
18 February 2025
Financial software firm Finastra is notifying individuals whose personal information was stolen in a recent data breach.
The post Finastra Starts Notifying People Impacted by Recent Data Breach appeared first on SecurityWeek.
18 February 2025
A critical vulnerability tracked as CVE-2025-21589 has been patched in Juniper Networks’ Session Smart Router.
The post Critical Vulnerability Patched in Juniper Session Smart Router appeared first on SecurityWeek.