Latest Cybersecurity News and Articles
16 July 2025
Google on Tuesday revealed that its large language model (LLM)-assisted vulnerability discovery framework discovered a security flaw in the SQLite open-source database engine before it could have been exploited in the wild.
The vulnerability, tracked as CVE-2025-6965 (CVSS score: 7.2), is a memory corruption flaw affecting all versions prior to 3.50.2. It was discovered by Big Sleep, an
16 July 2025
Google has released a Chrome 138 security update that patches a zero-day, the fifth resolved in the browser this year.
The post Chrome Update Patches Fifth Zero-Day of 2025 appeared first on SecurityWeek.
15 July 2025
Cloudflare on Tuesday said it mitigated 7.3 million distributed denial-of-service (DDoS) attacks in the second quarter of 2025, a significant drop from 20.5 million DDoS attacks it fended off the previous quarter.
"Overall, in Q2 2025, hyper-volumetric DDoS attacks skyrocketed," Omer Yoachimik and Jorge Pacheco said. "Cloudflare blocked over 6,500 hyper-volumetric DDoS attacks, an average of 71
15 July 2025
Cybersecurity researchers have shed light on a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP that has targeted a wide range of sectors in Australia, Brazil, Europe, and the United States since its emergence in early June 2025.
GLOBAL GROUP was "promoted on the Ramp4u forum by the threat actor known as '$$$,'" EclecticIQ researcher Arda Büyükkaya said. "The same actor controls
15 July 2025
Virtual event brings together leading experts, practitioners, and innovators for a full day of insightful discussions and tactical guidance on evolving threats and real-world defense strategies in cloud security.
The post Virtual Event Preview: Cloud & Data Security Summit – Tackling Exposed Attack Surfaces in the Cloud appeared first on SecurityWeek.
15 July 2025
KnowBe4 released its new report highlighting cybersecurity challenges facing the manufacturing industry.
15 July 2025
Obfuscated JavaScript code is embedded within SVG files for browser-native redirection to malicious pages.
The post Threat Actors Use SVG Smuggling for Browser-Native Redirection appeared first on SecurityWeek.
15 July 2025
Cloudflare has published its quarterly DDoS threat report for Q2 2025 and the company says it has blocked millions of attacks.
The post DDoS Attacks Blocked by Cloudflare in 2025 Already Surpass 2024 Total appeared first on SecurityWeek.
15 July 2025
Pennsylvania-based Century Support Services is disclosing a data breach after its systems were hacked in November 2024.
The post Data Breach at Debt Settlement Firm Impacts 160,000 People appeared first on SecurityWeek.
15 July 2025
A new report reveals new artifacts associated with ZuRu, an Apple macOS malware.
15 July 2025
Governmental organizations in Southeast Asia are the target of a new campaign that aims to collect sensitive information by means of a previously undocumented Windows backdoor dubbed HazyBeacon.
The activity is being tracked by Palo Alto Networks Unit 42 under the moniker CL-STA-1020, where "CL" stands for "cluster" and "STA" refers to "state-backed motivation."
"The threat actors behind this
15 July 2025
AI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can’t easily see. These “invisible” non-human identities (NHIs) now outnumber human accounts in most cloud environments, and they have
15 July 2025
Cybersecurity researchers have charted the evolution of a widely used remote access trojan called AsyncRAT, which was first released on GitHub in January 2019 and has since served as the foundation for several other variants.
"AsyncRAT has cemented its place as a cornerstone of modern malware and as a pervasive threat that has evolved into a sprawling network of forks and variants," ESET
15 July 2025
Zip Security’s Series A funding round led by Ballistic Ventures will help the company grow its engineering and go-to-market teams.
The post Zip Security Raises $13.5 Million in Series A Funding appeared first on SecurityWeek.
15 July 2025
DragonForce says it stole more than 150 gigabytes of data from US department store chain Belk in a May cyberattack.
The post Ransomware Group Claims Attack on Belk appeared first on SecurityWeek.
15 July 2025
The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, underscoring ongoing attempts to poison the open-source ecosystem via software supply chain attacks.
The packages, per Socket, have attracted more than 17,000 downloads, and incorporate a previously undocumented version of a malware
15 July 2025
The MITRE AADAPT framework provides documentation for identifying, investigating, and responding to weaknesses in digital asset payments.
The post MITRE Unveils AADAPT Framework to Tackle Cryptocurrency Threats appeared first on SecurityWeek.
15 July 2025
The account was compromised over the weekend and Elmo’s 650,000 followers were given antisemitic threats and a reference to the Jeffrey Epstein investigation.
The post Sesame Workshop Regains Control of Elmo’s Hacked X Account After Racist Posts appeared first on SecurityWeek.
14 July 2025
Marko Elez, a 25-year-old employee at Elon Musk's Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over the weekend inadvertently published a private key that allowed anyone to interact directly with more than four dozen large language models (LLMs) developed by Musk's artificial intelligence company xAI.
14 July 2025
While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems
Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping