Latest Cybersecurity News and Articles
13 February 2025
Threat actors are increasingly exploiting two old vulnerabilities in ThinkPHP and OwnCloud in their attacks.
The post Exploitation of Old ThinkPHP, OwnCloud Vulnerabilities Surges appeared first on SecurityWeek.
13 February 2025
AI is everywhere now, transforming how businesses operate and how users engage with apps, devices, and services. A lot of applications now have some Artificial Intelligence inside, whether supporting a chat interface, intelligently analyzing data or matching user preferences. No question AI benefits users, but it also brings new security challenges, especially Identity-related security
13 February 2025
Google has released a Chrome 133 update to address four high-severity vulnerabilities reported by external researchers.
The post Google Pays Out $55,000 Bug Bounty for Chrome Vulnerability appeared first on SecurityWeek.
13 February 2025
DDoS attacks have increased in volume and magnitude from Q3-Q4 2023 to Q3-Q4 2024.
13 February 2025
Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass.
The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box.
"An authentication bypass in the Palo Alto Networks PAN-OS software enables an
13 February 2025
Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts.
The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707. Some of the other targets include a telecommunications entity and a university,
12 February 2025
The Italian government denied it hacked seven cellphones with military-grade surveillance technology from Paragon Solutions.
The post Italian Government Denies It spied on Journalists and Migrant Activists Using Paragon Spyware appeared first on SecurityWeek.
12 February 2025
QuSecure is pitching a software-based security architecture that overlays onto current networks to help businesses with PQC migration.
The post QuSecure Banks $28M Series A for Post-Quantum Cryptography Tech appeared first on SecurityWeek.
12 February 2025
A subgroup within the infamous Russian state-sponsored hacking group known as Sandworm has been attributed to a multi-year initial access operation dubbed BadPilot that stretched across the globe.
"This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations," the
12 February 2025
A subgroup of the Russia-linked Seashell Blizzard is tasked with broad initial access operations to sustain long-term persistence.
The post Russian Seashell Blizzard Hackers Gain, Maintain Access to High-Value Targets: Microsoft appeared first on SecurityWeek.
12 February 2025
Thirty-three percent of law enforcement agencies indicate that analyzing the data is the most challenging part of the intelligence and insight process.
12 February 2025
Cybersecurity researchers have discovered a bypass for a now-patched security vulnerability in the NVIDIA Container Toolkit that could be exploited to break out of a container's isolation protections and gain complete access to the underlying host.
The new vulnerability is being tracked as CVE-2025-23359 (CVSS score: 8.3). It affects the following versions -
NVIDIA Container Toolkit (All
12 February 2025
Security and compliance automation firm Drata has acquired trust center platform SafeBase in a quarter billion dollar deal.
The post Drata to Acquire SafeBase in $250 Million Deal appeared first on SecurityWeek.
12 February 2025
Ivanti and Fortinet on Tuesday released patches for multiple critical- and high-severity vulnerabilities in their products.
The post Ivanti, Fortinet Patch Remote Code Execution Vulnerabilities appeared first on SecurityWeek.
12 February 2025
A new GAO report assesses that the Coast Guard needs to improve Maritime Transportation System (MTS) cybersecurity.
The post GAO Tells Coast Guard to Improve Cybersecurity of Maritime Transportation System appeared first on SecurityWeek.
12 February 2025
Chipmakers Intel, AMD and Nvidia on Tuesday published new security advisories to inform customers about vulnerabilities found in their products.
The post Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities appeared first on SecurityWeek.
12 February 2025
A fresh post on the Kraken ransomware group’s leak website refers to data stolen in a 2022 cyberattack, Cisco says.
The post Cisco Says Ransomware Group’s Leak Related to Old Hack appeared first on SecurityWeek.
12 February 2025
CISOs are finding themselves more involved in AI teams, often leading the cross-functional effort and AI strategy. But there aren’t many resources to guide them on what their role should look like or what they should bring to these meetings.
We’ve pulled together a framework for security leaders to help push AI teams and committees further in their AI adoption—providing them with the
12 February 2025
The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them.
"To execute this tactic, the threat actor masquerades as a South Korean government official and over time builds rapport with a target before sending a
12 February 2025
Industrial giants Schneider Electric and Siemens have released February 2025 Patch Tuesday ICS security advisories.
The post ICS Patch Tuesday: Vulnerabilities Addressed by Schneider Electric, Siemens appeared first on SecurityWeek.