Latest Cybersecurity News and Articles
18 February 2025
Cybersecurity researchers are alerting to a new campaign that leverages web injects to deliver a new Apple macOS malware known as FrigidStealer.
The activity has been attributed to a previously undocumented threat actor known as TA2727, with the information stealers for other platforms such as Windows (Lumma Stealer or DeerStealer) and Android (Marcher).
TA2727 is a "threat actor that uses fake
18 February 2025
Singulr AI announced its launch with $10 million in seed funding raised for an enterprise AI security and governance platform.
The post Singulr Launches With $10M in Funding for AI Security and Governance Platform appeared first on SecurityWeek.
18 February 2025
A recent cybersecurity report by DNSFilter found that Super Bowl Sunday saw a 57% rise in malicious gambling and betting content.
18 February 2025
A newly discovered Golang backdoor is abusing Telegram for communication with its command-and-control (C&C) server.
The post Golang Backdoor Abuses Telegram for C&C Communication appeared first on SecurityWeek.
18 February 2025
Juniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be exploited to hijack control of susceptible devices.
Tracked as CVE-2025-21589, the vulnerability carries a CVSS v3.1 score of 9.8 and a CVS v4 score of 9.3.
"An Authentication Bypass Using an Alternate Path or
18 February 2025
Microsoft has observed a new variant of the XCSSET malware being used in limited attacks against macOS users.
The post Microsoft Warns of Improved XCSSET macOS Malware appeared first on SecurityWeek.
18 February 2025
Palo Alto Networks has confirmed that a recently patched firewall vulnerability tracked as CVE-2025-0108 is being actively exploited.
The post Palo Alto Networks Confirms Exploitation of Firewall Vulnerability appeared first on SecurityWeek.
18 February 2025
Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs’ Red Report 2025 which analyzed over one million malware samples, there's been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a
18 February 2025
Israeli cybersecurity startup Dream has raised $100 million in Series B funding and is now valued at $1.1 billion.
The post Ex-NSO Group CEO’s Security Firm Dream Raises $100M at $1.1B Valuation appeared first on SecurityWeek.
18 February 2025
The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024.
The activity, detailed by Japanese cybersecurity company LAC, overlaps with a threat cluster tracked by Trend Micro as Earth Freybug, which has been assessed to be a subset within the APT41
18 February 2025
Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services.
"This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP's configuration and cause the MFP
18 February 2025
Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar.
MageCart is the name given to a malware that's capable of stealing sensitive payment information from online shopping sites. The attacks are known to
17 February 2025
Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild.
"Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies," the Microsoft Threat Intelligence team said in a post shared on X.
"These enhanced features add to
17 February 2025
A recent Torii report analyzed how businesses are managing a rise in "shadow IT" and artificial intelligence (AI) driven tools.
17 February 2025
A newly identified malware family abuses the Outlook mail service for communication, via the Microsoft Graph API.
The post New FinalDraft Malware Spotted in Espionage Campaign appeared first on SecurityWeek.
17 February 2025
Russian hackers have been targeting government, defense, telecoms, and other organizations in a device code phishing campaign.
The post Russian State Hackers Target Organizations With Device Code Phishing appeared first on SecurityWeek.
17 February 2025
After governments announced sanctions against the Zservers/XHost bulletproof hosting service, Dutch police took 127 servers offline.
The post 127 Servers of Bulletproof Hosting Service Zservers Seized by Dutch Police appeared first on SecurityWeek.
17 February 2025
South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations.
Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement. The web service remains
17 February 2025
DeepSeek has temporarily paused downloads of its chatbot apps in South Korea while it works with local authorities to address privacy concerns.
The post Downloads of DeepSeek’s AI Apps Paused in South Korea Over Privacy Concerns appeared first on SecurityWeek.
17 February 2025
Cyber threats evolve—has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity.
This concise report makes a clear business case for why CTEM’s comprehensive approach is the best overall strategy for shoring up a business’s cyber defenses in the face of evolving attacks. It also