Latest Cybersecurity News and Articles
10 February 2025
SolarWinds will become a privately held company following its acquisition by Turn/River Capital for $4.4 billion in cash.
The post SolarWinds Taken Private in $4.4 Billion Turn/River Capital Acquisition appeared first on SecurityWeek.
10 February 2025
Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware.
"It is likely that the campaign is financially motivated since redirecting users to illegal gambling websites shows that attackers deploy BadIIS for profit," Trend Micro researchers Ted Lee and
10 February 2025
Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions.
The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affecting
10 February 2025
DOGE has been feeding sensitive federal information into AI. Security leaders discuss.
10 February 2025
Explore industry moves and significant changes in the industry for the week of February 10, 2025. Stay updated with the latest industry trends and shifts.
10 February 2025
A bipartisan congressional bill has been proposed, which would prohibit the use of DeepSeek on government devices.
10 February 2025
Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems.
The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrime
08 February 2025
Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection.
"The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of the file," ReversingLabs researcher Karlo Zanki said in a report shared with The Hacker News. "
07 February 2025
Wired reported this week that a 19-year-old working for Elon Musk's so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today's story explores, the DOGE teen is a former denizen of 'The Com,' an archipelago of Discord and Telegram chat channels that function as a kind of distributed cybercriminal social network for facilitating instant collaboration.
07 February 2025
ThreatMate has raised $3.2 million in seed funding for its AI-powered attack surface management solution for MSPs.
The post ThreatMate Raises $3.2 Million for Attack Surface Management Platform appeared first on SecurityWeek.
07 February 2025
A review of breach histories of the top 150 insurance companies worldwide reveals 59% included third-party attack vectors.
07 February 2025
A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks.
The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and
07 February 2025
The emergence of DeepSeek has led to malicious actors attempting to exploit its prominence.
07 February 2025
Noteworthy stories that might have slipped under the radar: NanoLock Security ceases operations, NSO publishes transparency report, cybersecurity salaries data.
The post In Other News: Cybersecurity Salaries, NanoLock Collapse, NSO Transparency Report appeared first on SecurityWeek.
07 February 2025
Hospital Sisters Health System says the personal information of 883,000 individuals was compromised in a 2023 crippling cyberattack.
The post Information of 883,000 Stolen in Crippling Attack on Hospital Sisters Health System appeared first on SecurityWeek.
07 February 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution.
"This could
07 February 2025
UK engineering firm IMI says it suffered a cyberattack that resulted in unauthorized access to some of its systems.
The post UK Engineering Giant IMI Hit by Cyberattack appeared first on SecurityWeek.
07 February 2025
University Diagnostic Medical Imaging and Allegheny Health Network have disclosed data breaches impacting approximately 430,000 patients.
The post 430,000 Impacted by Data Breaches at New York, Pennsylvania Healthcare Organizations appeared first on SecurityWeek.
07 February 2025
An analysis by Chainalysis shows that ransomware payments dropped to $813 million in 2024, from $1.25 billion in 2023.
The post Ransomware Payments Dropped to $813 Million in 2024 appeared first on SecurityWeek.
07 February 2025
The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It’s the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution.
This article explores how these changes are impacting business, and how cybersecurity leaders can respond.
Impersonation attacks: