Latest Cybersecurity News and Articles
05 February 2025
Chrome 133 and Firefox 135 were released with patches for multiple high-severity memory safety vulnerabilities.
The post Chrome 133, Firefox 135 Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
05 February 2025
As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers (MSPs) and IT teams. Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify and address potential security flaws.
Staying informed on these trends can help MSPs and IT teams
05 February 2025
CISA has added CVE-2024-29059, a flaw affecting Microsoft .NET, to its Known Exploited Vulnerabilities catalog.
The post CISA Issues Exploitation Warning for .NET Vulnerability appeared first on SecurityWeek.
05 February 2025
Multiple Zyxel legacy DSL CPE products are affected by exploited zero-day vulnerabilities that will not be patched.
The post Zyxel Issues ‘No Patch’ Warning for Exploited Zero-Days appeared first on SecurityWeek.
05 February 2025
A malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels.
"AsyncRAT is a remote access trojan (RAT) that exploits the async/await pattern for efficient, asynchronous communication," Forcepoint X-Labs researcher Jyotika Singh said in an analysis.
"It allows attackers to control infected systems
05 February 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The list of vulnerabilities is as follows -
CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized
04 February 2025
Sophos has completed its $859 million all-cash acquisition of SecureWorks.
The post Sophos Completes Acquisition of Secureworks appeared first on SecurityWeek.
04 February 2025
The number of vulnerabilities first reported as exploited surged last year amid a decrease in zero-day reports.
The post Exploitation of Over 700 Vulnerabilities Came to Light in 2024 appeared first on SecurityWeek.
04 February 2025
Join this panel of CISOs and threat-intel professionals for a deep-dive on aligning incident response and threat intelligence with broader business objectives.
The post CISO Forum Webinar: Defenders on the Frontline – Incident Response and Threat Intel Under the Microscope appeared first on SecurityWeek.
04 February 2025
The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled, English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent co-founders quite openly operate an Internet service provider and a pair of e-commerce platforms catering to buyers and sellers on both forums.
04 February 2025
Nearly two dozen new macOS malware families were observed in 2024, including stealers, backdoors, downloaders and ransomware.
The post 22 New Mac Malware Families Seen in 2024 appeared first on SecurityWeek.
04 February 2025
Law enforcement agencies have dismantled 39 cybercrime domains and associated servers.
04 February 2025
A new survey reveals insights into the biggest threats on cyber experts’ radars.
04 February 2025
Ninety percent of professionals report conformance with Digital Operational Resilience Act and the Network and Information Security Directive 2.
04 February 2025
Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems.
The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module (github.com/boltdb/bolt), per Socket. The malicious version (1.3.1) was published to
04 February 2025
AMD has released patches for a microprocessor vulnerability that could allow an attacker to load malicious microcode.
The post AMD Patches CPU Vulnerability Found by Google appeared first on SecurityWeek.
04 February 2025
Food delivery firm GrubHub has disclosed a data breach impacting the personal information of drivers and customers.
The post Personal Information Compromised in GrubHub Data Breach appeared first on SecurityWeek.
04 February 2025
A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware.
The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version 24.09.
"The vulnerability was
04 February 2025
The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process.
"Targets are typically asked to communicate with an interviewer through a link that throws an error message and a request to install or update some required piece of software such as VCam or
04 February 2025
There has never been a single job description for the CISO – the role depends upon each company, its maturity, its size and resources, and the risk tolerance of boards.
The post Cyber Insights 2025: The CISO Outlook appeared first on SecurityWeek.