Latest Cybersecurity News and Articles
19 March 2025
Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS identity ecosystems. This blind spot is wreaking havoc on heavily SaaS-reliant organizations big and small
19 March 2025
Microsoft has shared details on StilachiRAT, an evasive and persistent piece of malware that facilitates sensitive data theft.
The post Microsoft Warns of New StilachiRAT Malware appeared first on SecurityWeek.
19 March 2025
Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious actors to take control of susceptible systems.
"These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially
19 March 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog.
The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote
18 March 2025
Printers can sit in the corner for ten years or more, while quantum decryption is thought by many to be less than 10 years away.
The post HP Launches Printers with Quantum Resilient Cryptography appeared first on SecurityWeek.
18 March 2025
AI and other technologies “are a catalyst for crime, and drive criminal operations’ efficiency by amplifying their speed, reach, and sophistication,” the report said.
The post AI Is Turbocharging Organized Crime, EU Police Agency Warns appeared first on SecurityWeek.
18 March 2025
A critical vulnerability affecting baseboard management controller (BMC) firmware made by AMI could expose many devices to remote attacks.
The post Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover appeared first on SecurityWeek.
18 March 2025
Google has integrated OSV-SCALIBR features into OSV-Scanner, its free vulnerability scanner for open source developers.
The post Google Releases Major Update for Open Source Vulnerability Scanner appeared first on SecurityWeek.
18 March 2025
With the rise of AI, the potential for monetary losses during March Madness is increased.
18 March 2025
Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code.
"This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent
18 March 2025
An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.
The zero-day vulnerability, tracked by Trend Micro's Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden
18 March 2025
Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion.
"This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to use multiple clouds (multicloud)," the tech giant said today.
It added the acquisition, which is
18 March 2025
ZDI has uncovered 1,000 malicious .lnk files used by state-sponsored and cybercrime threat actors to execute malicious commands.
The post 11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft appeared first on SecurityWeek.
18 March 2025
A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions.
The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity.
"A local or remote attacker can exploit the vulnerability by accessing the
18 March 2025
Google has confirmed reports that it’s buying cloud security giant Wiz and says it’s prepared to pay $32 billion in cash.
The post Google to Acquire Cloud Security Giant Wiz for $32 Billion in Cash appeared first on SecurityWeek.
18 March 2025
Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store to serve full-screen ads and conduct phishing attacks.
"The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks," Bitdefender said in a report shared with
18 March 2025
Exploit and vulnerability intelligence provider VulnCheck has raised $12 million in a Series A funding round.
The post VulnCheck Raises $12 Million for Vulnerability Intelligence Platform appeared first on SecurityWeek.
18 March 2025
Cloudflare launches Cloudforce Threat Events Feed, a service designed to provide security teams with real-time threat intelligence.
The post New Cloudflare Service Provides Real-Time Threat Intelligence appeared first on SecurityWeek.
18 March 2025
A report found that the top predicted threat for 2025 is ransomware.
18 March 2025
The personal information of 22,000 Western Alliance Bank customers was stolen in a data breach linked to Cl0p’s hacking of the Cleo file transfer tool.
The post Western Alliance Bank Discloses Data Breach Linked to Cleo Hack appeared first on SecurityWeek.