Latest Cybersecurity News and Articles
31 July 2025
Threat actors are actively exploiting a critical security flaw in "Alone – Charity Multipurpose Non-profit WordPress Theme" to take over susceptible sites.
The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug.
According to Wordfence, the shortcoming relates to an arbitrary file upload
30 July 2025
Committee Members voted to recommend Sean Plankey for director of the Cybersecurity and Infrastructure Security Agency.
The post Senate Committee Advances Trump Nominee to Lead CISA appeared first on SecurityWeek.
30 July 2025
Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here's a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites.
30 July 2025
Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called JSCEAL that can capture data from credentials and wallets.
The activity leverages thousands of malicious advertisements posted on Facebook in an attempt to redirect unsuspecting victims to counterfeit sites that instruct
30 July 2025
Cybersecurity experts have released a decryptor for a ransomware strain called FunkSec, allowing victims to recover access to their files for free.
"Because the ransomware is now considered dead, we released the decryptor for public download," Gen Digital researcher Ladislav Zezula said.
FunkSec, which emerged towards the end of 2024, has claimed 172 victims, according to data from
30 July 2025
BlinkOps has announced a Series B funding round that brings the total raised by the company for its micro-agents builder to $90 million.
The post BlinkOps Raises $50 Million for Agentic Security Automation Platform appeared first on SecurityWeek.
30 July 2025
Legion has raised $38 million in seed and Series A funding for its browser-native AI Security Operations Center (SOC) platform.
The post Legion Emerges From Stealth With $38 Million in Funding appeared first on SecurityWeek.
30 July 2025
Multiple financially motivated threat actors are targeting backup systems and employing Scattered Spider’s social engineering techniques.
The post Scattered Spider Activity Drops Following Arrests, but Others Adopting Group’s Tactics appeared first on SecurityWeek.
30 July 2025
Strategic acquisitions marks Palo Alto Networks' formal entry into the identity security space and accelerates its platform strategy.
The post Palo Alto Networks to Acquire CyberArk for $25 Billion appeared first on SecurityWeek.
30 July 2025
Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if left unaddressed, could allow attackers to hijack control of susceptible devices.
"The flaws, affecting the device's ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device,"
30 July 2025
Orange was targeted by hackers in an attack that resulted in the disruption of services offered to corporate and individual customers.
The post Telecom Giant Orange Hit by Cyberattack appeared first on SecurityWeek.
30 July 2025
The Israeli startup helps organizations identify, monitor, and control AI agents across their environments.
The post Cyata Emerges From Stealth With $8.5 Million in Funding appeared first on SecurityWeek.
30 July 2025
Allianz Life Insurance Company of North America experienced a data breach.
30 July 2025
Chinese companies linked to the state-sponsored hacking group known as Silk Typhoon (aka Hafnium) have been identified as behind over a dozen technology patents, shedding light on the shadowy cyber contracting ecosystem and its offensive capabilities.
The patents cover forensics and intrusion tools that enable encrypted endpoint data collection, Apple device forensics, and remote access to
30 July 2025
The global average cost of a breach fell to $4.44 million (the first decline in five years), but the average US cost rose to a record $10.22 million.
The post Cost of Data Breach in US Rises to $10.22 Million, Says Latest IBM Report appeared first on SecurityWeek.
30 July 2025
Base44 owner Wix quickly patched a critical authentication bypass vulnerability discovered by researchers at Wiz.
The post Flaw in Vibe Coding Platform Base44 Exposed Private Enterprise Applications appeared first on SecurityWeek.
30 July 2025
Minnesota Governor Tim Walz called in the National Guard to assist the City of Saint Paul in responding to a cyberattack.
The post Minnesota Activates National Guard in Response to Cyberattack appeared first on SecurityWeek.
30 July 2025
In this article, we will provide a brief overview of Pillar Security's platform to better understand how they are tackling AI security challenges.
Pillar Security is building a platform to cover the entire software development and deployment lifecycle with the goal of providing trust in AI systems. Using its holistic approach, the platform introduces new ways of detecting AI threats, beginning
30 July 2025
Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month.
The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser's ANGLE and GPU components that could result in a sandbox escape via
30 July 2025
Google has announced that it's making a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks.
DBSC, first introduced as a prototype in April 2024, is designed to bind authentication sessions to a device so as to prevent threat actors from using stolen cookies to sign-in to victims' accounts and gain