Latest Cybersecurity News and Articles
01 October 2025
NIST Special Publication 1334 focuses on reducing cybersecurity risks associated with the use of removable media devices in OT environments.
The post NIST Publishes Guide for Protecting ICS Against USB-Borne Threats appeared first on SecurityWeek.
01 October 2025
Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February 2022.
French cybersecurity company SEKOIA said the attackers are exploiting the cellular router's API to send malicious SMS messages containing phishing URLs, with the campaigns primarily targeting Sweden, Italy,
01 October 2025
Bitdefender’s 2025 Cybersecurity Assessment Report paints a sobering picture of today’s cyber defense landscape: mounting pressure to remain silent after breaches, a gap between leadership and frontline teams, and a growing urgency to shrink the enterprise attack surface.
The annual research combines insights from over 1,200 IT and security professionals across six countries, along with an
01 October 2025
The identity and access management provider will invest in agentic identity R&D, expand to new regions, and hire new talent.
The post Descope Raises $35 Million in Seed Round Extension appeared first on SecurityWeek.
01 October 2025
This year’s theme focuses on government entities and small and medium-sized businesses that are vital to protecting the systems and services that keep our communities running.
The post Cybersecurity Awareness Month 2025: Prioritizing Identity to Safeguard Critical Infrastructure appeared first on SecurityWeek.
01 October 2025
Impacting VMware Aria Operations and VMware Tools, the flaw can be exploited to elevate privileges on the VM.
The post Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability appeared first on SecurityWeek.
01 October 2025
A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy.
Italian fraud prevention firm Cleafy, which discovered the sophisticated malware and remote access trojan (RAT) in late August 2025, said it leverages Hidden Virtual Network Computing (VNC) for remote control of infected devices and
01 October 2025
While improving cybersecurity is a year-round initiative, this month serves as an excellent opportunity for organizations to reorient their security priorities.
01 October 2025
Intel and AMD say the research is not in scope of their threat model because the attack requires physical access to a device.
The post Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device appeared first on SecurityWeek.
01 October 2025
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new targeted cyber attacks in the country using a backdoor called CABINETRAT.
The activity, observed in September 2025, has been attributed to a threat cluster it tracks as UAC-0245. The agency said it spotted the attack following the discovery of software tools taking the form of XLL files, which refer to Microsoft Excel
30 September 2025
A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors.
"We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during startup and passing all trust checks," researchers Jesse De Meulemeester, David Oswald, Ingrid
30 September 2025
Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously undocumented China-aligned nation-state actor dubbed Phantom Taurus over the past two-and-a-half years.
"Phantom Taurus' main focus areas include ministries of foreign affairs, embassies, geopolitical events, and military operations," Palo Alto Networks Unit 42
30 September 2025
This online event is expected to attract more than 2,500 attendee registrations from around the world.
The post Call for Presentations Open for 2025 CISO Forum Virtual Summit appeared first on SecurityWeek.
30 September 2025
Researchers found more methods for tricking an AI assistant into aiding sensitive data theft.
The post Google Patches Gemini AI Hacks Involving Poisoned Logs, Search Results appeared first on SecurityWeek.
30 September 2025
Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft.
"They made Gemini vulnerable to search-injection attacks on its Search Personalization Model; log-to-prompt injection attacks against Gemini Cloud
30 September 2025
Microsoft on Tuesday unveiled the expansion of its Sentinel Security Incidents and Event Management solution (SIEM) as a unified agentic platform with the general availability of the Sentinel data lake.
In addition, the tech giant said it's also releasing a public preview of Sentinel Graph and Sentinel Model Context Protocol (MCP) server.
"With graph-based context, semantic access, and agentic
30 September 2025
Mondoo has raised more than $32 million in total, with the latest funding round led by HV Capital.
The post Mondoo Raises $17.5 Million for Vulnerability Management Platform appeared first on SecurityWeek.
30 September 2025
Flynn has been DeepMind’s VP of security since May 2024. Before then he had been a CISO with Amazon, CISO at Uber, and director of information security at Facebook.
The post CISO Conversations: John ‘Four’ Flynn, VP of Security at Google DeepMind appeared first on SecurityWeek.
30 September 2025
Agencies in several countries have created guidance titled ‘Creating and Maintaining a Definitive View of Your OT Architecture’.
The post New Guidance Calls on OT Operators to Create Continually Updated System Inventory appeared first on SecurityWeek.
30 September 2025
The Transparency in Frontier Artificial Intelligence Act (TFAIA) requires AI companies to implement and disclose publicly safety protocols to prevent their most advanced models from being used to cause major harm.
The post California Gov. Gavin Newsom Signs Bill Creating AI Safety Measures appeared first on SecurityWeek.