Latest Cybersecurity News and Articles
04 September 2025
Elevation of privilege flaws in Android Runtime (CVE-2025-48543) and Linux kernel (CVE-2025-38352) have been exploited in targeted attacks.
The post Two Exploited Vulnerabilities Patched in Android appeared first on SecurityWeek.
04 September 2025
A database, in apparent association with the Navy Federal Credit Union, exposed 378 GB of information.
03 September 2025
Co-founded by former MITRE experts, the startup will use the funding to accelerate product innovation and fuel company growth.
The post Tidal Cyber Raises $10 Million for CTI and Adversary Behavior Platform appeared first on SecurityWeek.
03 September 2025
Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, signaling the trend of threat actors constantly on the lookout for new ways to distribute malware and fly under the radar.
"The two npm packages abused smart contracts to conceal malicious
03 September 2025
Flaw allows attackers to reset and hijack TP-Link TL-WA855RE devices; CISA urges users to retire discontinued extenders.
The post US Cybersecurity Agency Flags Wi-Fi Range Extender Vulnerability Under Active Attack appeared first on SecurityWeek.
03 September 2025
Chrome's latest release addresses a high-severity use-after-free vulnerability in the V8 JavaScript engine that could be exploited for remote code execution.
The post Google Patches High-Severity Chrome Vulnerability in Latest Update appeared first on SecurityWeek.
03 September 2025
Founded in 2022 to help organizations with the secure deployment of generative-AI utilities, Aim emerged from stealth in January 2024.
The post Cato Networks Acquires AI Security Firm Aim Security appeared first on SecurityWeek.
03 September 2025
Threat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI to exploit recently disclosed security flaws.
HexStrike AI, according to its website, is pitched as an AI‑driven security platform to automate reconnaissance and vulnerability discovery with an aim to accelerate authorized red teaming operations, bug bounty hunting,
03 September 2025
Known for her seminal book, A Hacker Manifesto, Wark reframes hacking as a cultural force rooted in play, creativity, and human nature.
The post Hacker Conversations: McKenzie Wark, Author of A Hacker Manifesto appeared first on SecurityWeek.
03 September 2025
A study dives into the data collected by wearable devices to better understand how it is being used.
03 September 2025
In January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive log streams at risk.
According to the Wiz Research team, they identified a publicly accessible ClickHouse database belonging to DeepSeek. This allowed “full control over database operations, including the ability to access
03 September 2025
Attack disrupted email, phones, and websites for weeks, but officials say no ransom was paid.
The post Pennsylvania Attorney General Confirms Ransomware Behind Weeks-Long Outage appeared first on SecurityWeek.
03 September 2025
Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two issues that it said have been exploited in targeted attacks.
The vulnerabilities are listed below -
CVE-2025-38352 (CVSS score: 7.4) - A privilege escalation flaw in the Linux Kernel component
CVE-2025-48543 (CVSS score: N/A) - A
03 September 2025
An Iran-nexus group has been linked to a "coordinated" and "multi-wave" spear-phishing campaign targeting the embassies and consulates in Europe and other regions across the world.
The activity has been attributed by Israeli cybersecurity company Dream to Iranian-aligned operators connected to broader offensive cyber activity undertaken by a group known as Homeland Justice.
"Emails were sent to
03 September 2025
The automotive company said it disconnected its systems, which severely impacted both retail and manufacturing operations.
The post Jaguar Land Rover Operations ‘Severely Disrupted’ by Cyberattack appeared first on SecurityWeek.
03 September 2025
Hackers accessed customer contact information and case data from Salesforce instances at Cloudflare, Palo Alto Networks, and Zscaler.
The post Security Firms Hit by Salesforce–Salesloft Drift Breach appeared first on SecurityWeek.
03 September 2025
Cloudflare on Tuesday said it automatically mitigated a record-setting volumetric distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps).
"Over the past few weeks, we've autonomously blocked hundreds of hyper-volumetric DDoS attacks, with the largest reaching peaks of 5.1 Bpps and 11.5 Tbps," the web infrastructure and security company said in a post on X. "
03 September 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, CVE-2020-24363 (CVSS score: 8.8), concerns a case of missing authentication that could be abused to obtain
02 September 2025
Salesloft on Tuesday announced that it's taking Drift temporarily offline "in the very near future," as multiple companies have been ensnared in a far-reaching supply chain attack spree targeting the marketing software-as-a-service product, resulting in the mass theft of authentication tokens.
"This will provide the fastest path forward to comprehensively review the application and build
02 September 2025
Tracked as CVE-2025-57819 (CVSS score of 10/10), the bug is described as an insufficient sanitization of user-supplied data.
The post Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers appeared first on SecurityWeek.