Latest Cybersecurity News and Articles
31 October 2025
The Windows shortcut vulnerability has been seen in attacks conducted by Mustang Panda to drop the PlugX malware.
The post Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks appeared first on SecurityWeek.
31 October 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation.
"By restricting administrative access, implementing multi-factor authentication, enforcing strict transport security
31 October 2025
Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS Code) extensions published in the marketplace.
The action comes following a report from cloud security company Wiz earlier this month, which found several extensions from both Microsoft's VS Code Marketplace and Open VSX
31 October 2025
The 130-page document covers several important aspects and it’s available in both Japanese and English.
The post Japan Issues OT Security Guidance for Semiconductor Factories appeared first on SecurityWeek.
31 October 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Broadcom VMware Tools and VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.
The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to attain
31 October 2025
Halloween tricks aren't reserved for trick-or-treaters — cybercriminals are preying on the Halloween spirit to enact malicious spam.
30 October 2025
A design firm is editing a new campaign video on a MacBook Pro. The creative director opens a collaboration app that quietly requests microphone and camera permissions. MacOS is supposed to flag that, but in this case, the checks are loose. The app gets access anyway.
On another Mac in the same office, file sharing is enabled through an old protocol called SMB version one. It’s fast and
30 October 2025
Why SIEM + NDR + Any EDR Is the Strongest Path to a Human-Augmented Autonomous SOC – Aimei Wei, Chief Technical Officer and Founder San Jose, Calif. – Oct. 30, 2025 Every security leader faces the same question: what should be at the core of
The post Building The Right Foundation For The Future SOC appeared first on Cybercrime Magazine.
30 October 2025
Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every month.
The tech giant also said it has blocked over 100 million suspicious numbers from using Rich Communication Services (RCS), an evolution of the SMS protocol, thereby preventing scams before they could even be sent.
In
30 October 2025
The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs.
AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration testing. While the server component is written in Golang, the GUI Client is written in C++ QT for
30 October 2025
Spektrum Labs has raised $10 million in seed funding for its cyber resilience platform.
The post Spektrum Labs Emerges From Stealth to Help Companies Prove Resilience appeared first on SecurityWeek.
30 October 2025
A severe vulnerability disclosed in Chromium's Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds.
Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash.
"It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations are managed," Pino said in a
30 October 2025
The company will expand its product offering, establish global headquarters in Boston, and fuel growth and go-to-market efforts.
The post Reflectiz Raises $22 Million for Website Security Solution appeared first on SecurityWeek.
30 October 2025
The hackers stole names, addresses, dates of birth, Social Security numbers, and health and insurance information.
The post Millions Impacted by Conduent Data Breach appeared first on SecurityWeek.
30 October 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 30, 2025 – Read the full story in Forbes Cybersecurity Ventures predicts that the world will store 200 zettabytes of data in 2025. Half of enterprise data will be produced and processed at
The post The Edge Is A Hacker’s Delight, A Dream Come True For Cybercriminals appeared first on Cybercrime Magazine.
30 October 2025
Ribbon Communications provides technology for communications networks and its customers include the US government and major telecom firms.
The post Major US Telecom Backbone Firm Hacked by Nation-State Actors appeared first on SecurityWeek.
30 October 2025
Security doesn’t fail at the point of breach. It fails at the point of impact.
That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It's about proof.
When a new exploit drops, scanners scour the internet in minutes. Once attackers gain a foothold,
30 October 2025
The Canadian Centre for Cyber Security has warned CISOs that hacktivists are increasingly targeting internet-exposed ICS.
The post Canada Says Hackers Tampered With ICS at Water Facility, Oil and Gas Firm appeared first on SecurityWeek.
30 October 2025
The packages deployed malicious code harvesting system information, credentials, tokens, API keys, and other sensitive information.
The post 136 NPM Packages Delivering Infostealers Downloaded 100,000 Times appeared first on SecurityWeek.
30 October 2025
The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering.
This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s