Latest Cybersecurity News and Articles
11 September 2025
The Akira ransomware group is likely exploiting a combination of three attack vectors to gain unauthorized access to vulnerable appliances.
The post Akira Ransomware Attacks Fuel Uptick in Exploitation of SonicWall Flaw appeared first on SecurityWeek.
11 September 2025
Researchers exploited K2 Think’s built-in explainability to dismantle its safety guardrails, raising new questions about whether transparency and security in AI can truly coexist.
The post UAE’s K2 Think AI Jailbroken Through Its Own Transparency Features appeared first on SecurityWeek.
11 September 2025
The tools manufacturer was targeted in a ransomware attack claimed by the Cactus group.
The post 100,000 Impacted by Cornwell Quality Tools Data Breach appeared first on SecurityWeek.
11 September 2025
Senator Ron Wyden’s complaints focus on Windows security and the Kerberoasting attack technique.
The post Senator Urges FTC Probe of Microsoft Over Security Failures appeared first on SecurityWeek.
11 September 2025
With security teams drowning in alerts, many suppress detection rules and accept hidden risks. AI promises relief through automation and triage—but without human oversight, it risks becoming part of the problem.
The post AI Emerges as the Hope—and Risk—for Overloaded SOCs appeared first on SecurityWeek.
11 September 2025
AegisAI uses autonomous AI agents to prevent phishing, malware, and BEC attacks from reaching inboxes.
The post Email Security Startup AegisAI Launches With $13 Million in Funding appeared first on SecurityWeek.
11 September 2025
Threat actors affiliated with the Akira ransomware group have continued to target SonicWall devices for initial access.
Cybersecurity firm Rapid7 said it observed a spike in intrusions involving SonicWall appliances over the past month, particularly following reports about renewed Akira ransomware activity since late July 2025.
SonicWall subsequently revealed the SSL VPN activity aimed at its
11 September 2025
Oligo Security has shared details on an Apple CarPlay attack that hackers may be able to launch without any interaction.
The post Remote CarPlay Hack Puts Drivers at Risk of Distraction and Surveillance appeared first on SecurityWeek.
11 September 2025
Cybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake websites to steal sensitive data.
The malvertising campaign, per Bitdefender, is designed to push fake "Meta Verified" browser extensions named SocialMetrics Pro that claim to unlock the blue check badge for Facebook and Instagram profiles. At least 37 malicious ads
11 September 2025
CISOs know their field. They understand the threat landscape. They understand how to build a strong and cost-effective security stack. They understand how to staff out their organization. They understand the intricacies of compliance. They understand what it takes to reduce risk. Yet one question comes up again and again in our conversations with these security leaders: how do I make the impact
11 September 2025
Cyber experts share 3 major threats to school cybersecurity and provide advice for managing these risks.
11 September 2025
Cybersecurity researchers have disclosed details of a new campaign that leverages ConnectWise ScreenConnect, a legitimate Remote Monitoring and Management (RMM) software, to deliver a fleshless loader that drops a remote access trojan (RAT) called AsyncRAT to steal sensitive data from compromised hosts.
"The attacker used ScreenConnect to gain remote access, then executed a layered VBScript and
10 September 2025
18 popular packages with a total of 2 billion weekly downloads were targeted in an attack.
10 September 2025
An advanced persistent threat (APT) group from China has been attributed to the compromise of a Philippines-based military company using a previously undocumented fileless malware framework called EggStreme.
"This multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute payloads," Bitdefender
10 September 2025
After announcing that the cyberattack-caused disruption to factories would continue, Jaguar Land Rover is now confirming a data breach.
The post Jaguar Land Rover Admits Data Breach Caused by Recent Cyberattack appeared first on SecurityWeek.
10 September 2025
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.
According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures.
CHILLYHELL is the name assigned to a malware
10 September 2025
Geordie has developed a platform that gives enterprises deep visibility into AI agents and what they are doing.
The post Geordie Emerges From Stealth With $6.5M for AI Agent Security Platform appeared first on SecurityWeek.
10 September 2025
The investment will accelerate product innovation and will fuel the security company’s expansion in the US.
The post Red Access Raises $17 Million for Agentless Security Platform appeared first on SecurityWeek.
10 September 2025
Apple’s new Memory Integrity Enforcement (MIE) brings always-on memory-safety protection covering key attack surfaces — including the kernel and over 70 userland processes.
The post Apple Unveils iPhone Memory Protections to Combat Sophisticated Attacks appeared first on SecurityWeek.
10 September 2025
Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release.
Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortcomings has been exploited in the wild as a zero-day. Like last month, 38 of the disclosed flaws are related to