Latest Cybersecurity News and Articles
05 September 2025
The hackers were seen actively monitoring cyber threat intelligence to discover and rebuild exposed infrastructure.
The post North Korean Hackers Targeted Hundreds in Fake Job Interview Attacks appeared first on SecurityWeek.
05 September 2025
Statement from the NCSC regarding the cyber incident affecting Jaguar Land Rover.
05 September 2025
Proofpoint, SpyCloud, Tanium, and Tenable confirmed that hackers accessed information stored in their Salesforce instances.
The post More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach appeared first on SecurityWeek.
05 September 2025
Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn't kept pace.
Most organizations still rely on traditional reporting methods—static PDFs, emailed documents, and spreadsheet-based tracking. The problem? These outdated workflows introduce delays,
05 September 2025
A critical SAP S/4HANA code injection flaw tracked as CVE-2025-42957 and allowing full system takeover has been exploited in the wild.
The post Recent SAP S/4HANA Vulnerability Exploited in Attacks appeared first on SecurityWeek.
05 September 2025
Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing attacks impersonating the Colombian judicial system.
The SVG files, according to VirusTotal, are distributed via email and designed to execute an embedded JavaScript payload, which then decodes and injects a Base64-encoded HTML phishing page masquerading as a
04 September 2025
The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member countries.
NotDoor "is a VBA macro for Outlook designed to monitor incoming emails for a specific trigger word," S2 Grupo's LAB52 threat intelligence team said. "When such an email is
04 September 2025
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam.
The attacks, per Slovak cybersecurity company ESET, led to the deployment of a passive C++ backdoor called Rungan and a native Internet Information Services (IIS) module
04 September 2025
The Pennsylvania Office of Attorney General was the victim of a ransomware attack.
04 September 2025
Security researchers interested in participating in the 2026 Apple Security Research Device program can apply until October 31.
The post Apple Seeks Researchers for 2026 iPhone Security Program appeared first on SecurityWeek.
04 September 2025
Jaguar Land Rover experienced a cyber incident that has impacted business operations.
04 September 2025
An AI supply chain issue named Model Namespace Reuse can allow attackers to deploy malicious models and achieve code execution.
The post AI Supply Chain Attack Method Demonstrated Against Google, Microsoft Products appeared first on SecurityWeek.
04 September 2025
Marat Tyukov, Mikhail Gavrilov, and Pavel Akulov targeted US critical infrastructure and over 500 energy companies in 135 countries.
The post US Offers $10 Million for Three Russian Energy Firm Hackers appeared first on SecurityWeek.
04 September 2025
The Israeli startup’s AI-powered no-code platform helps security teams design and deploy custom apps in minutes—tackling tool sprawl without heavy engineering.
The post Sola Security Raises $35M to Bring No-Code App Building to Cybersecurity Teams appeared first on SecurityWeek.
04 September 2025
SBOM adoption will drive software supply chain security, decreasing risks and costs, and improving transparency.
The post US, Allies Push for SBOMs to Bolster Cybersecurity appeared first on SecurityWeek.
04 September 2025
Cybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass social media platform X's malvertising protections and propagate malicious links using its artificial intelligence (AI) assistant Grok.
The findings were highlighted by Nati Tal, head of Guardio Labs, in a series of posts on X. The technique has been codenamed Grokking.
The approach is designed to
04 September 2025
The French data protection authority has fined Google and Chinese e-commerce giant Shein $379 million (€325 million) and $175 million (€150 million), respectively, for violating cookie rules.
Both companies set advertising cookies on users' browsers without securing their consent, the National Commission on Informatics and Liberty (CNIL) said. Shein has since updated its systems to comply with
04 September 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, noting that there is evidence of them being exploited in the wild.
The vulnerabilities in question are listed below -
CVE-2023-50224 (CVSS score: 6.5) - An authentication bypass by spoofing vulnerability
04 September 2025
Wytec’s website was defaced twice by unknown threat actors more than a week ago and it has yet to be brought back online.
The post Wytec Expects Significant Financial Loss Following Website Hack appeared first on SecurityWeek.
04 September 2025
Google has observed ViewState deserialization attacks leveraging a sample machine key exposed in older deployment guides.
The post Hackers Exploit Sitecore Zero-Day for Malware Delivery appeared first on SecurityWeek.