Latest Cybersecurity News and Articles
07 May 2025
Europol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks across the world.
In connection with the operation, Polish authorities have arrested four individuals and the United States has seized nine domains that are associated with the now-defunct platforms.
"The suspects are believed to be behind six separate
07 May 2025
A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82.
"This is due to the create_wp_connection() function missing a capability check and
07 May 2025
NCSC's CTO urges organisations to recognise “decade-long, national-scale technology change” required to prepare for the post-quantum threat.
07 May 2025
The US has sanctioned Myanmar warlord Saw Chit Thu and his militia for their roles in cyber scams causing billions in losses to American victims.
The post US Sanctions Myanmar Militia Involved in Cyber Scams appeared first on SecurityWeek.
07 May 2025
The REAL ID enforcement could have impacts on biometric data security and privacy.
07 May 2025
Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges.
The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity (XXE) injections, which occur when an attacker is
07 May 2025
Meta has won its WhatsApp hacking lawsuit against Israeli spyware company NSO Group in an “important step forward for privacy and security”.
The post Spyware Maker NSO Ordered to Pay $167 Million Over WhatsApp Hack appeared first on SecurityWeek.
07 May 2025
Security Service Edge (SSE) platforms have become the go-to architecture for securing hybrid work and SaaS access. They promise centralized enforcement, simplified connectivity, and consistent policy control across users and devices.
But there's a problem: they stop short of where the most sensitive user activity actually happens—the browser.
This isn’t a small omission. It’s a structural
07 May 2025
Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States.
The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824, a privilege escalation flaw in the Common Log File System (CLFS) driver. It was patched by
07 May 2025
Application performance monitoring provider AppSignal has raised $22 million in a Series A funding round led by Elsewhere Partners.
The post AppSignal Raises $22 Million for Application Monitoring Solution appeared first on SecurityWeek.
07 May 2025
At least two ransomware groups exploited the Windows zero-day CVE-2025-29824 before it was patched by Microsoft.
The post Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day appeared first on SecurityWeek.
07 May 2025
Threat actors are targeting a critical-severity vulnerability in the OttoKit WordPress plugin to gain administrative privileges.
The post Second OttoKit Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek.
07 May 2025
The US government warns of threat actors targeting ICS/SCADA systems at oil and natural gas organizations.
The post US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations appeared first on SecurityWeek.
07 May 2025
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that masquerades as a seemingly harmless Discord-related utility but incorporates a remote access trojan.
The package in question is discordpydebug, which was uploaded to PyPI on March 21, 2022. It has been downloaded 11,574 times and continues to be available on the open-source registry.
07 May 2025
The NATO Cooperative Cyber Defence Centre of Excellence in Estonia is hosting the Locked Shields 2025 cyber defense exercise.
The post 41 Countries Taking Part in NATO’s Locked Shields 2025 Cyber Defense Exercise appeared first on SecurityWeek.
07 May 2025
A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary damages, more than four months after a federal judge ruled that the Israeli company violated U.S. laws by exploiting WhatsApp servers to deploy Pegasus spyware, targeting over 1,400 individuals globally.
WhatsApp originally filed the lawsuit against NSO Group in 2019,
07 May 2025
Hackers have claimed to steal messages from TeleMessage, an app apparently used by Trump’s former national security adviser.
06 May 2025
Two initiatives designed to raise national cyber resilience announced at the NCSC's CYBERUK 2025 conference.
06 May 2025
By taking immediate actions, organizations can ensure that shadow AI is prevented and used constructively where possible.
The post Applying the OODA Loop to Solve the Shadow AI Problem appeared first on SecurityWeek.
06 May 2025
A new report shows how employees are leveraging technology in the workplace for greater autonomy and flexibility.