Latest Cybersecurity News and Articles
17 July 2025
Cisco has disclosed a new maximum-severity security vulnerability impacting Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) that could permit an attacker to execute arbitrary code on the underlying operating system with elevated privileges.
Tracked as CVE-2025-20337, the shortcoming carries a CVSS score of 10.0 and is similar to CVE-2025-20281, which was patched
16 July 2025
More than 1,000 suspects were arrested in raids in at least five provinces between Monday and Wednesday, according to Information Minister Neth Pheaktra and police.
The post Cambodia Makes 1,000 Arrests in Latest Crackdown on Cybercrime appeared first on SecurityWeek.
16 July 2025
Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and evade detection.
Matanbuchus is the name given to a malware-as-a-service (MaaS) offering that can act as a conduit for next-stage payloads, including Cobalt Strike beacons and ransomware.
First advertised in February 2021 on
16 July 2025
Codenamed Eastwood, the operation targeted the so-called NoName057(16) group, which was identified as being behind a series of DDoS attacks on municipalities and organizations linked to a NATO summit.
The post Europol-Coordinated Global Operation Takes Down Pro-Russian Cybercrime Network appeared first on SecurityWeek.
16 July 2025
75% of organizations have building management systems with known exploited vulnerabilities.
16 July 2025
Cyberattack disrupted UNFI’s operations in June; company estimates $50–$60 million net income hit but anticipates insurance will cover most losses.
The post United Natural Foods Projects Up to $400M Sales Hit from June Cyberattack appeared first on SecurityWeek.
16 July 2025
A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP.
The malicious activity, dating back to at least October 2024, has been attributed by the Google Threat Intelligence Group (GTIG) to a group it tracks as UNC6148.
The tech giant assessed with
16 July 2025
A threat actor that may be financially motivated is targeting SonicWall devices with a backdoor and user-mode rootkit.
The post SonicWall SMA Appliances Targeted With New ‘Overstep’ Malware appeared first on SecurityWeek.
16 July 2025
Compumedics has been targeted by the VanHelsing ransomware group, which stole files from the company’s systems.
The post Compumedics Ransomware Attack Led to Data Breach Impacting 318,000 appeared first on SecurityWeek.
16 July 2025
iCOUNTER, which helps organizations defend against targeted attacks, has launched under the helm of former Mandiant president and COO John Watters.
The post Cyber Intelligence Firm iCOUNTER Emerges From Stealth With $30 Million in Funding appeared first on SecurityWeek.
16 July 2025
A majority of large organizations are not prepared to protect against the increasing AI threat.
16 July 2025
Cybersecurity researchers have disclosed what they say is a "critical design flaw" in delegated Managed Service Accounts (dMSAs) introduced in Windows Server 2025.
"The flaw can result in high-impact attacks, enabling cross-domain lateral movement and persistent access to all managed service accounts and their resources across Active Directory indefinitely," Semperis said in a report shared with
16 July 2025
Google refused to share any details on how its Big Sleep AI foiled efforts to exploit a SQLite vulnerability in the wild.
The post Google Says AI Agent Thwarted Exploitation of Critical Vulnerability appeared first on SecurityWeek.
16 July 2025
The AI gold rush is on. But without identity-first security, every deployment becomes an open door. Most organizations secure native AI like a web app, but it behaves more like a junior employee with root access and no manager.
From Hype to High Stakes
Generative AI has moved beyond the hype cycle. Enterprises are:
Deploying LLM copilots to accelerate software development
Automating customer
16 July 2025
Chinese hacking group Salt Typhoon targeted a National Guard unit’s network and tapped into communications with other units.
The post China’s Salt Typhoon Hacked US National Guard appeared first on SecurityWeek.
16 July 2025
Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to as Konfety that leverages the evil twin technique to enable ad fraud.
The sneaky approach essentially involves a scenario wherein two variants of an application share the same package name: A benign "decoy" app that's hosted on the Google Play Store and its evil twin, which is
16 July 2025
Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild.
The high-severity vulnerability in question is CVE-2025-6558 (CVSS score: 8.8), which has been described as an incorrect validation of untrusted input in the browser's ANGLE and GPU components.
"Insufficient validation of untrusted input in ANGLE and
16 July 2025
Social engineering attacks have entered a new era—and they’re coming fast, smart, and deeply personalized.
It’s no longer just suspicious emails in your spam folder. Today’s attackers use generative AI, stolen branding assets, and deepfake tools to mimic your executives, hijack your social channels, and create convincing fakes of your website, emails, and even voice. They don’t just spoof—they
16 July 2025
Cameron John Wagenius pleaded guilty to charges related to hacking into US telecommunications companies.
The post Former US Soldier Who Hacked AT&T and Verizon Pleads Guilty appeared first on SecurityWeek.
16 July 2025
Italian company Exein has raised €70 million (~$81 million) in a Series C funding round led by Balderton.
The post IoT Security Firm Exein Raises $81 Million appeared first on SecurityWeek.