Latest Cybersecurity News and Articles
25 March 2025
Critical remote code execution vulnerabilities found by Wiz researchers in Ingress NGINX Controller for Kubernetes.
The post IngressNightmare Flaws Expose Many Kubernetes Clusters to Remote Hacking appeared first on SecurityWeek.
25 March 2025
Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft's .NET Multi-platform App UI (.NET MAUI) framework to create bogus banking and social media apps targeting Indian and Chinese-speaking users.
"These threats disguise themselves as legitimate apps, targeting users to steal sensitive information," McAfee Labs researcher Dexter Shin said.
.NET
25 March 2025
Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation codenamed Red Card that took place between November 2024 and February 2025.
The coordinated effort "aims to disrupt and dismantle cross-border criminal networks which cause significant harm to individuals and businesses," INTERPOL said, adding it
25 March 2025
Although there has been a reduction in rooted and jailbroken devices, these devices are still a security concern for users and enterprises.
24 March 2025
A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet.
The vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974 ), assigned a CVSS score of
24 March 2025
Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser.
The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence (GenAI) apps like OpenAI ChatGPT, Google Gemini, and DeepSeek. The list will be expanded over time to
24 March 2025
The effects of the backlog is already being felt in vulnerability management circles where NVD data promises an enriched source of truth.
The post NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD appeared first on SecurityWeek.
24 March 2025
Oracle has denied that Cloud systems have been breached after a hacker claimed to have stolen millions of records.
The post Oracle Denies Cloud Breach After Hacker Offers to Sell Data appeared first on SecurityWeek.
24 March 2025
A Russian exploit acquisition firm is offering up to $4 million for a full-chain exploit targeting messaging service Telegram.
The post Russian Firm Offers $4 Million for Telegram Exploits appeared first on SecurityWeek.
24 March 2025
A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025.
"The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit. Affiliates keep 80% of the ransom payments, while the core operators earn 20%," Check Point said in a report published over the weekend
24 March 2025
Understand whether BAS, Automated Penetration Testing, or the combined approach of Adversarial Exposure Validation (AEV) aligns best with your organization’s unique security needs.
The post Webinar Tomorrow: Which Security Testing Approach is Right for You? appeared first on SecurityWeek.
24 March 2025
The Pennsylvania State Education Association announced a data breach impacting the private personal information of 501,183 education professionals.
24 March 2025
The US Department of the Treasury has removed sanctions against the fully decentralized cryptocurrency mixer service Tornado Cash.
The post US Lifts Sanctions Against Crypto Mixer Tornado Cash appeared first on SecurityWeek.
24 March 2025
The FCC is investigating whether Chinese firms such as Huawei, ZTE and China Telecom are still operating in the US.
The post FCC Probes Whether Banned Chinese Telecom Providers Still Operating in US appeared first on SecurityWeek.
24 March 2025
A report found that there has been a 57.9% increase in attacks being sent from compromised accounts getting through traditional detection.
24 March 2025
A report by Seemplicity found that 86% of security teams are using AI in their security stacks and 56% say AI is now crucial to their daily operations.
24 March 2025
The Medusa ransomware relies on a malicious Windows driver to disable the security tools running on the infected systems.
The post Medusa Ransomware Uses Malicious Driver to Disable Security Tools appeared first on SecurityWeek.
24 March 2025
A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects.
That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad
24 March 2025
Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that's under development to its users.
The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace maintainers.
Both the extensions, per ReversingLabs, incorporate code that's designed to invoke a
24 March 2025
If given the choice, most users are likely to favor a seamless experience over complex security measures, as they don’t prioritize strong password security. However, balancing security and usability doesn’t have to be a zero-sum game. By implementing the right best practices and tools, you can strike a balance between robust password security and a frictionless user experience (UX).
This article