Latest Cybersecurity News and Articles
09 September 2025
Attaullah Baig has filed a lawsuit against Meta and its executives, accusing them of retaliation over critical cybersecurity failures.
The post Ex-WhatsApp Security Chief Sues Meta Over Vulnerabilities, Retaliation appeared first on SecurityWeek.
09 September 2025
In May 2024, hackers stole names, Social Security numbers, financial information, and protected health information from the hospital’s systems.
The post 160,000 Impacted by Wayne Memorial Hospital Data Breach appeared first on SecurityWeek.
09 September 2025
A new Android malware called RatOn evolved from a basic tool capable of conducting Near Field Communication (NFC) attacks to a sophisticated remote access trojan with Automated Transfer System (ATS) capabilities to conduct device fraud.
"RatOn merges traditional overlay attacks with automatic money transfers and NFC relay functionality – making it a uniquely powerful threat," the Dutch mobile
09 September 2025
The attacker deployed multiple malware families, including two backdoors and a proxy tunneller, and various reconnaissance tools.
The post Threat Actor Connected to Play, RansomHub and DragonForce Ransomware Operations appeared first on SecurityWeek.
09 September 2025
Cybersecurity researchers have disclosed details of a phishing campaign that delivers a stealthy banking malware-turned-remote access trojan called MostereRAT.
The phishing attack incorporates a number of advanced evasion techniques to gain complete control over compromised systems, siphon sensitive data, and extend its functionality by serving secondary plugins, Fortinet FortiGuard Labs said.
"
09 September 2025
The industrial cybersecurity firm will become a wholly owned subsidiary of Mitsubishi Electric.
The post Mitsubishi Electric to Acquire Nozomi Networks for Nearly $1 Billion appeared first on SecurityWeek.
09 September 2025
Cybersecurity researchers have discovered a variant of a recently disclosed campaign that abuses the TOR network for cryptojacking attacks targeting exposed Docker APIs.
Akamai, which discovered the latest activity last month, said it's designed to block other actors from accessing the Docker API from the internet.
The findings build on a prior report from Trend Micro in late June 2025, which
09 September 2025
⚠️ One click is all it takes.
An engineer spins up an “experimental” AI Agent to test a workflow. A business unit connects to automate reporting. A cloud platform quietly enables a new agent behind the scenes.
Individually, they look harmless. But together, they form an invisible swarm of Shadow AI Agents—operating outside security’s line of sight, tied to identities you don’t even know exist.
09 September 2025
Hackers accessed emails, usernames, password hashes, and authentication data stored in a Plex database.
The post Plex Urges Password Resets Following Data Breach appeared first on SecurityWeek.
09 September 2025
It’s budget season. Once again, security is being questioned, scrutinized, or deprioritized.
If you're a CISO or security leader, you've likely found yourself explaining why your program matters, why a given tool or headcount is essential, and how the next breach is one blind spot away. But these arguments often fall short unless they're framed in a way the board can understand and appreciate.
09 September 2025
SentinelOne is buying Observo AI for a combination of cash and stock to boost its SIEM and data offerings.
The post SentinelOne to Acquire Observo AI in $225 Million Deal appeared first on SecurityWeek.
09 September 2025
Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer's account was compromised in a phishing attack.
The attack targeted Josh Junon (aka Qix), who received an email message that mimicked npm ("support@npmjs[.]help"), urging them to update their update their two-factor authentication (2FA) credentials before September 10, 2025, by clicking on
09 September 2025
Generative AI creates increasingly complicated threats for organizations.
09 September 2025
Q1 2025 saw nearly a 200% increase in malware detections.
08 September 2025
Threat hunters have discovered a set of previously unreported domains, some going back to May 2020, that are associated with China-linked threat actors Salt Typhoon and UNC4841.
"The domains date back several years, with the oldest registration activity occurring in May 2020, further confirming that the 2024 Salt Typhoon attacks were not the first activity carried out by this group," Silent Push
08 September 2025
At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a similar attack with a slightly more nefarious payload could quickly lead to a disruptive malware outbreak that is far more difficult to detect and restrain.
08 September 2025
Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account.
Google-owned Mandiant, which began an investigation into the incident, said the threat actor, tracked as UNC6395, accessed the Salesloft GitHub account from March through June 2025. So far, 22 companies have confirmed they were impacted by a supply chain breach.
"With
08 September 2025
China’s APT41 sent out malicious emails on behalf of Rep. John Moolenaar to collect information ahead of US-China trade talks.
The post Chinese Spies Impersonated US Lawmaker to Deliver Malware to Trade Groups: Report appeared first on SecurityWeek.
08 September 2025
Cybersecurity researchers have detailed a new sophisticated malware campaign that leverages paid ads on search engines like Google to deliver malware to unsuspecting users looking for popular tools like GitHub Desktop.
While malvertising campaigns have become commonplace in recent years, the latest activity gives it a little twist of its own: Embedding a GitHub commit into a page URL containing
08 September 2025
PromptLock is only a prototype of LLM-orchestrated ransomware, but hackers already use AI in file encryption and extortion attacks.
The post PromptLock Only PoC, but AI-Powered Ransomware Is Real appeared first on SecurityWeek.