Latest Cybersecurity News and Articles
02 May 2025
Ireland's Data Protection Commission (DPC) on Tuesday fined popular video-sharing platform TikTok €530 million ($601 million) for infringing data protection regulations in the region by transferring European users' data to China.
"TikTok infringed the GDPR regarding its transfers of EEA [European Economic Area] User Data to China and its transparency requirements," the DPC said in a statement. "
02 May 2025
Noteworthy stories that might have slipped under the radar: NullPoint Stealer source code leaked, researcher earns $17,500 from Apple for vulnerability, BreachForums down after zero-day exploitation by police.
The post In Other News: NullPoint Source Code Leak, $17,500 for iPhone Flaw, BreachForums Down appeared first on SecurityWeek.
02 May 2025
An analysis of more than 19 billion passwords finds that insecure password practices persist.
02 May 2025
Major UK retailers Co-op, Harrods, and M&S are scrambling to restore services that were affected by cyberattacks.
The post UK Retailers Co-op, Harrods and M&S Struggle With Cyberattacks appeared first on SecurityWeek.
02 May 2025
Run by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform’s Community Edition.
A recent standout is a workflow that automates monitoring for security advisories from CISA and other vendors, enriches advisories with CrowdStrike
02 May 2025
Nova Scotia Power’s investigation has shown that the recent cyberattack resulted in the theft of some customer information.
The post Nova Scotia Power Says Hackers Stole Customer Information appeared first on SecurityWeek.
02 May 2025
Hundreds of companies showcased their products and services this week at the 2025 edition of the RSA Conference in San Francisco.
The post RSA Conference 2025 Announcement Summary (Day 3) appeared first on SecurityWeek.
02 May 2025
Microsoft is prioritizing passwordless sign-in and sign-up methods, and is making new accounts passwordless by default.
The post Microsoft Accounts Go Passwordless by Default appeared first on SecurityWeek.
02 May 2025
The malware loader known as MintsLoader has been used to deliver a PowerShell-based remote access trojan called GhostWeaver.
"MintsLoader operates through a multi-stage infection chain involving obfuscated JavaScript and PowerShell scripts," Recorded Future's Insikt Group said in a report shared with The Hacker News.
"The malware employs sandbox and virtual machine evasion techniques, a domain
02 May 2025
Ukrainian national Artem Stryzhak was extradited to the US and charged with using Nefilim ransomware in attacks on large businesses.
The post Ukrainian Nefilim Ransomware Affiliate Extradited to US appeared first on SecurityWeek.
02 May 2025
A year after Microsoft announced passkeys support for consumer accounts, the tech giant has announced a big change that pushes individuals signing up for new accounts to use the phishing-resistant authentication method by default.
"Brand new Microsoft accounts will now be 'passwordless by default,'" Microsoft's Joy Chik and Vasu Jakkal said. "New users will have several passwordless options for
02 May 2025
Patrick Opet, CISO at JPMorgan Chase & Co., writes open letter to third-party suppliers.
01 May 2025
A employee at Elon Musk's artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk's companies, including SpaceX, Tesla and Twitter/X, KrebsOnSecurity has learned.
01 May 2025
The latest statement from the NCSC regarding the cyber incident impacting UK retailers
01 May 2025
520,054 records were exposed in ticket reseller breach.
01 May 2025
Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin.
The plugin, which goes by the name "WP-antymalwary-bot.php," comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code.
"Pinging functionality that can report back to a command-and-control (C&C) server
01 May 2025
The Global Risk Survey from AlixPartners found that 61% or more organizations are not sufficiently prepared to address critical risks.
01 May 2025
Nova Scotia Power and Emera are responding to a cybersecurity incident that impacted IT systems and networks.
The post Canadian Electric Utility Hit by Cyberattack appeared first on SecurityWeek.
01 May 2025
The advantages AI tools deliver in speed and efficiency are impossible for developers to resist. But the complexity and risk created by AI-generated code can’t be ignored.
The post Year of the Twin Dragons: Developers Must Slay the Complexity and Security Issues of AI Coding Tools appeared first on SecurityWeek.
01 May 2025
A recent Cymulate report found that 71% of those surveyed consider threat exposure validation to be “absolutely essential.”