Latest Cybersecurity News and Articles
29 July 2025
Threat actors are exploiting a two-year-old vulnerability in PaperCut that allows them to execute arbitrary code remotely.
The post Organizations Warned of Exploited PaperCut Flaw appeared first on SecurityWeek.
29 July 2025
Fable Security has emerged from stealth mode with a solution designed to detect risky behaviors and educate employees.
The post Fable Security Raises $31 Million for Human Risk Management Platform appeared first on SecurityWeek.
29 July 2025
Aanchal Gupta has been named CSO at Adobe after holding cybersecurity leadership roles at Microsoft for more than five years.
The post Aanchal Gupta Joins Adobe as Chief Security Officer appeared first on SecurityWeek.
29 July 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security vulnerability impacting PaperCutNG/MF print management software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerability, tracked as CVE-2023-2533 (CVSS score: 8.4), is a cross-site request forgery (CSRF) bug that could
28 July 2025
Creating realistic deepfakes is easier than ever, causing security problems for governments, businesses and individuals and making trust the most valuable currency of the digital age.
The post Creating Realistic Deepfakes Is Getting Easier Than Ever. Fighting Back May Take Even More AI appeared first on SecurityWeek.
28 July 2025
Ukrainian and Belarusian hacker groups, which oppose the rule of Belarusian President Alexander Lukashenko, claimed responsibility for the cyberattack.
The post Cyberattack On Russian Airline Aeroflot Causes the Cancellation of More Than 100 Flights appeared first on SecurityWeek.
28 July 2025
In what's the latest instance of a software supply chain attack, unknown threat actors managed to compromise Toptal's GitHub organization account and leveraged that access to publish 10 malicious packages to the npm registry.
The packages contained code to exfiltrate GitHub authentication tokens and destroy victim systems, Socket said in a report published last week. In addition, 73 repositories
28 July 2025
NASCAR says names, Social Security numbers, and other personal information was stolen in an April 2025 ransomware attack.
The post NASCAR Confirms Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.
28 July 2025
Root Evidence is developing fully integrated vulnerability scanning and attack surface management technology.
The post Root Evidence Launches With $12.5 Million in Seed Funding appeared first on SecurityWeek.
28 July 2025
The financially motivated group is pivoting from Active Directory to VMware vSphere environments, deploying ransomware from the hypervisor.
The post Scattered Spider Targeting VMware vSphere Environments appeared first on SecurityWeek.
28 July 2025
Some risks don’t breach the perimeter—they arrive through signed software, clean resumes, or sanctioned vendors still hiding in plain sight.
This week, the clearest threats weren’t the loudest—they were the most legitimate-looking. In an environment where identity, trust, and tooling are all interlinked, the strongest attack path is often the one that looks like it belongs. Security teams are
28 July 2025
Allianz subsidiary said the information of customers, financial professionals and employees was compromised as a result of a hack.
The post Allianz Life Data Breach Impacts Most of 1.4 Million US Customers appeared first on SecurityWeek.
28 July 2025
Picture this: you’ve hardened every laptop in your fleet with real‑time telemetry, rapid isolation, and automated rollback. But the corporate mailbox—the front door for most attackers—is still guarded by what is effectively a 1990s-era filter.
This isn't a balanced approach. Email remains a primary vector for breaches, yet we often treat it as a static stream of messages instead of a dynamic,
28 July 2025
The emerging Chaos ransomware appears to be a rebranding of BlackSuit, which had its leak site seized by law enforcement.
The post BlackSuit Ransomware Group Transitioning to ‘Chaos’ Amid Leak Site Seizure appeared first on SecurityWeek.
28 July 2025
The Post SMTP email delivery WordPress plugin is affected by a critical vulnerability and half of websites using it remain unpatched.
The post Flaw Allowing Website Takeover Found in WordPress Plugin With 400k Installations appeared first on SecurityWeek.
28 July 2025
The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America.
"The group's core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven playbook centered on phone calls to an IT help desk," Google's Mandiant team said in an extensive
28 July 2025
Cybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridium's Niagara Framework that could allow an attacker on the same network to compromise the system under certain circumstances.
"These vulnerabilities are fully exploitable if a Niagara system is misconfigured, thereby disabling encryption on a specific network device," Nozomi Networks Labs said in a
25 July 2025
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned a North Korean front company and three associated individuals for their involvement in the fraudulent remote information technology (IT) worker scheme designed to generate illicit revenues for Pyongyang.
The sanctions target Korea Sobaeksu Trading Company (aka Sobaeksu United Corporation), and Kim Se Un, Jo
25 July 2025
The threat actor known as Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence.
"The campaign employs a five-stage execution chain delivered via malicious LNK files disguised as conference invitations sent to targets interested in learning more about unmanned vehicle systems," Arctic Wolf Labs said
25 July 2025
Noteworthy stories that might have slipped under the radar: Google Cloud Build vulnerability earns researcher big bounty, more countries hit by Louis Vuitton data breach, organizations’ attack surface is increasing.
The post In Other News: $30k Google Cloud Build Flaw, Louis Vuitton Breach Update, Attack Surface Growth appeared first on SecurityWeek.