Latest Cybersecurity News and Articles
11 March 2025
Report from the Department for Science, Innovation & Technology (DSIT) finds weaknesses in current practices.
The post UK Government Report Calls for Stronger Open Source Supply Chain Security Practices appeared first on SecurityWeek.
11 March 2025
Cato Networks has analyzed a new IoT botnet named Ballista, which targets TP-Link Archer routers.
The post New Ballista IoT Botnet Linked to Italian Threat Actor appeared first on SecurityWeek.
11 March 2025
Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov, 46, was apprehended while vacationing on the coast of India with his family.
11 March 2025
88% of security teams are reaching or exceeding performance goals, even with limited staff and greater workloads.
11 March 2025
The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024.
"The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates," Check Point said in a new analysis.
"More than 1,600 victims were affected during one of
11 March 2025
The New York Attorney General sued National General and its parent company Allstate over two data breaches.
The post New York Sues Insurance Giant Over Data Breaches appeared first on SecurityWeek.
11 March 2025
SAP released 21 new security notes and updated three security notes on March 2025 security patch day.
The post SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver appeared first on SecurityWeek.
11 March 2025
Edimax is aware that CVE-2025-1316 has been exploited in the wild, but the impacted devices were discontinued over a decade ago.
The post Edimax Says No Patches Coming for Zero-Day Exploited by Botnets appeared first on SecurityWeek.
11 March 2025
Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team.
"The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet," security researchers Ofek Vardi and Matan Mittelman said in a technical report shared with
11 March 2025
The financing was provided by S Capital and investor Mike Moritz, S32, Glilot Capital Partners, and several angel investors.
The post Sola Security Deposits Hefty $30M Seed Funding appeared first on SecurityWeek.
11 March 2025
South American cyberespionage group Blind Eagle has infected over 1,600 organizations in Colombia in a recent campaign.
The post 1,600 Victims Hit by South American APT’s Malware appeared first on SecurityWeek.
11 March 2025
CISA has added three critical-severity flaws in Ivanti EPM to its Known Exploited Vulnerabilities catalog.
The post CISA Warns of Ivanti EPM Vulnerability Exploitation appeared first on SecurityWeek.
11 March 2025
Information is coming to light on the cyberattack that caused X outages, but it should be taken with a pinch of salt.
The post Hackers Take Credit for X Cyberattack appeared first on SecurityWeek.
11 March 2025
In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security, believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn’t equal being secure. As Sun Tzu warned, “Strategy without tactics is
11 March 2025
Governance, risk and compliance (GRC) leaders shared top priorities in a recent MetricStream report.
11 March 2025
Inside the most innocent-looking image, a breathtaking landscape, or a funny meme, something dangerous could be hiding, waiting for its moment to strike.
No strange file names. No antivirus warnings. Just a harmless picture, secretly concealing a payload that can steal data, execute malware, and take over your system without a trace.
This is steganography, a cybercriminal’s secret weapon for
11 March 2025
Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder.
The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear energy
11 March 2025
Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees.
The vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0.
"Multiple Moxa PT switches are vulnerable to an authentication bypass because of flaws in their
11 March 2025
Cybersecurity leaders discuss the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025.
10 March 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild.
The list of vulnerabilities is as follows -
CVE-2024-57968 - An unrestricted file upload vulnerability in Advantive VeraCore