Latest Cybersecurity News and Articles
31 January 2025
Cybersecurity researchers have discovered a malvertising campaign that's targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials.
"These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft's advertising platform," Jérôme Segura, senior
31 January 2025
The FBI and authorities in The Netherlands this week seized a number of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname "The Manipulaters," have been the subject of three stories published here since 2015. The FBI said the main clientele are organized crime groups that try to trick victim companies into making payments to a third party.
31 January 2025
Noteworthy stories that might have slipped under the radar: stealing browser data via Syncjacking, hackers falsely claim AWS breach, Google prevented 2 million bad apps from reaching Google Play.
The post In Other News: Browser Syncjacking, Fake AWS Hack, Google Blocked 2M Bad Apps appeared first on SecurityWeek.
31 January 2025
Italy’s data protection authority expressed dissatisfaction with DeepSeek’s response to its query about what personal data is collected, where it is stored and how users are notified.
The post Italy Blocks Access to the Chinese AI Application DeepSeek to Protect Users’ Data appeared first on SecurityWeek.
31 January 2025
US and Dutch authorities seized 39 domains to disrupt a network of hacking and fraud marketplaces operated by Saim Raza.
The post US, Dutch Authorities Disrupt Pakistani Hacking Shop Network appeared first on SecurityWeek.
31 January 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors.
The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a scale of 10.0. The flaw, alongside two other issues, was reported to CISA
31 January 2025
APIs have become a prominent attack surface over the past year.
31 January 2025
APIs have become a prominent attack surface over the past year.
31 January 2025
Two individuals have been arrested and one alleged admin has been charged in the takedown of the Nulled and Cracked cybercrime forums.
The post 2 Arrested in Takedown of Nulled, Cracked Hacking Forums appeared first on SecurityWeek.
31 January 2025
New York Blood Center Enterprises and its operating divisions have taken systems offline to contain a ransomware attack.
The post New York Blood Bank Hit by Ransomware appeared first on SecurityWeek.
31 January 2025
Subaru’s STARLINK connected vehicle service contains a vulnerability that permits access to user accounts and vehicles.
31 January 2025
CISA and FDA say Contec patient monitors used in the US contain a backdoor function that could allow remote attackers to tamper with the device.
The post CISA, FDA Warn of Dangerous Backdoor in Contec Patient Monitors appeared first on SecurityWeek.
31 January 2025
Different research teams have demonstrated jailbreaks against ChatGPT, DeepSeek, and Alibaba’s Qwen AI models.
The post ChatGPT, DeepSeek Vulnerable to AI Jailbreaks appeared first on SecurityWeek.
31 January 2025
Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. There’s no brute-force ‘spray and pray’ password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems.
31 January 2025
Italy's data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek's service within the country, citing a lack of information on its use of users' personal data.
The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking about its data handling practices and where it obtained its training data.
In particular, it wanted
31 January 2025
Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps.
The tech giant also noted it prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data during the time period by working with
31 January 2025
NorthBay Health says hackers stole the personal information of 569,000 individuals in a 2024 ransomware attack.
The post NorthBay Health Data Breach Impacts 569,000 Individuals appeared first on SecurityWeek.
31 January 2025
Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information.
The list of identified flaws, which impact versions 8.x of the software, is below -
CVE-2025-22218 (CVSS score: 8.5) - A malicious actor with View Only Admin
31 January 2025
Clutch Security has raised $20 million in a Series A funding round led by SignalFire to secure non-human identities.
The post Clutch Security Raises $20 Million for Non-Human Identity Protection Platform appeared first on SecurityWeek.
30 January 2025
What challenges will the new administration face and what might President Trump’s record on cybersecurity indicate about the likely approach in 2025 and beyond?
The post Trump Administration Faces Security Balancing Act in Borderless Cyber Landscape appeared first on SecurityWeek.