Latest Cybersecurity News and Articles
26 March 2025
A new ransomware group called Arkana claims to have compromised the US telecommunications provider WideOpenWest.
The post New Ransomware Group Claims Attack on US Telecom Firm WideOpenWest appeared first on SecurityWeek.
26 March 2025
SplxAI has raised $7 million in a seed funding round led by LAUNCHub Ventures to secure agentic AI systems.
The post SplxAI Raises $7 Million for AI Security Platform appeared first on SecurityWeek.
26 March 2025
Production line monitoring cameras made by Inaba can be hacked for surveillance and sabotage, but they remain unpatched.
The post Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras appeared first on SecurityWeek.
26 March 2025
Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring the continued evolution of software supply chain attacks targeting the open-source ecosystem.
The packages in question are ethers-provider2 and ethers-providerz, with the former downloaded 73 times to date since it was published on
26 March 2025
macOS users are targeted with multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages.
The post macOS Users Warned of New Versions of ReaderUpdate Malware appeared first on SecurityWeek.
26 March 2025
“A boxer derives the greatest advantage from his sparring partner…”
— Epictetus, 50–135 AD
Hands up. Chin tucked. Knees bent. The bell rings, and both boxers meet in the center and circle. Red throws out three jabs, feints a fourth, and—BANG—lands a right hand on Blue down the center.
This wasn’t Blue’s first day and despite his solid defense in front of the mirror, he feels the pressure.
26 March 2025
Threat actors have started probing servers impacted by a critical-severity vulnerability in the web application development framework Next.js.
The post Critical Next.js Vulnerability in Hacker Crosshairs appeared first on SecurityWeek.
26 March 2025
When people think of cybersecurity threats, they often picture external hackers breaking into networks. However, some of the most damaging breaches stem from within organizations. Whether through negligence or malicious intent, insiders can expose your organization to significant cybersecurity risks.
According to Verizon's 2024 Data Breach Investigations Report, 57% of companies experience over
26 March 2025
Despite Oracle categorically denying that its Cloud systems have been breached, sample data released by the hacker seems to prove otherwise.
The post Security Firms Say Evidence Seems to Confirm Oracle Cloud Hack appeared first on SecurityWeek.
26 March 2025
Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security.
Atlantis AIO "has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen credentials in rapid succession," the cybersecurity company said in an analysis.
Credential stuffing is a
26 March 2025
New research reveals evolutions in threat actor techniques, with emphasis on ransomware and vishing.
26 March 2025
Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia.
The vulnerability, tracked as CVE-2025-2783, has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo refers to a
26 March 2025
Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass.
Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System (CVSS).
"VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control," Broadcom said in an
25 March 2025
The vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks in Russian.
The post Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky appeared first on SecurityWeek.
25 March 2025
Research has identified a new phishing campaign targeting Mac users.
25 March 2025
DrayTek routers around the world are rebooting and the vendor’s statement suggests that it may involve the exploitation of a vulnerability.
The post Vulnerability Exploitation Possibly Behind Widespread DrayTek Router Reboots appeared first on SecurityWeek.
25 March 2025
The authentication bypass vulnerability, tagged as CVE-2025-22230, carries a CVSS severity score of 7.8/10.
The post VMware Patches Authentication Bypass Flaw in Windows Tools Suite appeared first on SecurityWeek.
25 March 2025
Microsoft has expanded the capabilities of Security Copilot with AI agents tackling data security, phishing, and identity management.
The post Microsoft Adds AI Agents to Security Copilot appeared first on SecurityWeek.
25 March 2025
A new investigation has unearthed nearly 200 unique command-and-control (C2) domains associated with a malware called Raspberry Robin.
"Raspberry Robin (also known as Roshtyak or Storm-0856) is a complex and evolving threat actor that provides initial access broker (IAB) services to numerous criminal groups, many of which have connections to Russia," Silent Push said in a report shared with The
25 March 2025
Charm Security has emerged from stealth mode with $8 million in funding for AI-powered scams and social engineering prevention.
The post Charm Security Emerges From Stealth With $8 Million in Funding appeared first on SecurityWeek.