Latest Cybersecurity News and Articles
04 February 2025
Python developers looking to integrate DeepSeek into their projects were targeted with malicious packages delivered through PyPI.
The post Developers Targeted With Malware Disguised as DeepSeek Package appeared first on SecurityWeek.
04 February 2025
The Contec CMS8000 patient monitors do not contain a malicious backdoor but are plagued by an insecure and vulnerable design.
The post Contec Patient Monitors Not Malicious, but Still Pose Big Risk to Healthcare appeared first on SecurityWeek.
04 February 2025
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud.
But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let’s take a
04 February 2025
The February 2025 Android patches resolve 46 vulnerabilities, including a Linux kernel bug that has been exploited in the wild.
The post Vulnerability Patched in Android Possibly Exploited by Forensic Tools appeared first on SecurityWeek.
04 February 2025
New guidelines encourage device manufacturers to include and enable standard logging and forensic features that are robust and secure by default.
04 February 2025
The New York Blood Center experienced a ransomware attack.
04 February 2025
DeepSeek’s susceptibility to jailbreaks has been compared by Cisco to other popular AI models, including from Meta, OpenAI and Google.
The post DeepSeek Compared to ChatGPT, Gemini in AI Jailbreak Test appeared first on SecurityWeek.
04 February 2025
Taiwan has become the latest country to ban government agencies from using Chinese startup DeepSeek's Artificial Intelligence (AI) platform, citing security risks.
"Government agencies and critical infrastructure should not use DeepSeek, because it endangers national information security," according to a statement released by Taiwan's Ministry of Digital Affairs, per Radio Free Asia.
"DeepSeek
04 February 2025
A security vulnerability has been disclosed in AMD's Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions.
The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity.
"Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local
04 February 2025
Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions.
The flaws are listed below -
CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability
CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service
03 February 2025
Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild.
The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver.
Successful exploitation of the flaw could lead
03 February 2025
Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks.
This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf
03 February 2025
Vietnamese cybercrime gang shifts from credit card-skimming to exploiting at least two zero-day vulnerabilities enterprise software product.
The post XE Group Cybercrime Gang Moves from Credit Card Skimming to Zero-Day Exploits appeared first on SecurityWeek.
03 February 2025
2025 is an important year – it is probably our last chance to start our migration to post quantum cryptography before we are all undone by cryptographically relevant quantum computers.
The post Cyber Insights 2025: Quantum and the Threat to Encryption appeared first on SecurityWeek.
03 February 2025
According to a recent Sentry report, a majority (67%) of security leaders admit they're feeling more stressed compared to last year.
03 February 2025
As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year.
Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before
03 February 2025
Hundreds of thousands have been impacted by data breaches at Asheville Eye Associates and Delta County Memorial Hospital District.
The post Hundreds of Thousands Hit by Data Breaches at Healthcare Firms in Colorado, North Carolina appeared first on SecurityWeek.
03 February 2025
The maintainers of the Python Package Index (PyPI) registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security.
"Maintainers can now archive a project to let users know that the project is not expected to receive any more updates," Facundo Tuesca, senior engineer at Trail of Bits, said.
In doing so, the idea is to
03 February 2025
A threat actor has infected Casio UK’s website with a web skimmer on all pages, except the typical checkout page.
The post Casio Website Infected With Skimmer appeared first on SecurityWeek.
03 February 2025
Researchers found a jailbreak method that exposed DeepSeek’s system prompt, while others have analyzed the DDoS attacks aimed at the new gen-AI.
The post DeepSeek Security: System Prompt Jailbreak, Details Emerge on Cyberattacks appeared first on SecurityWeek.