Latest Cybersecurity News and Articles
05 March 2025
Silk Typhoon APT caught using IT supply chain entry points to conduct reconnaissance, siphon data, and move laterally on victim networks.
The post China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain appeared first on SecurityWeek.
05 March 2025
The China-lined threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to corporate networks.
That's according to new findings from the Microsoft Threat Intelligence team, which said the Silk Typhoon (formerly Hafnium) hacking
05 March 2025
Bay Cove Human Services has provided notice of a data breach that may have affected personal and/or protected health information.
05 March 2025
USB drive attacks constitute a significant cybersecurity risk, taking advantage of the everyday use of USB devices to deliver malware and circumvent traditional network security measures. These attacks lead to data breaches, financial losses, and operational disruptions, with lasting impacts on an organization's reputation. An example is the Stuxnet worm discovered in 2010, a malware designed to
05 March 2025
An Iranian threat actor was seen targeting UAE organizations with polyglot files to deliver a new backdoor named Sosano.
The post Iranian Hackers Target UAE Firms With Polyglot Files appeared first on SecurityWeek.
05 March 2025
The threat actor known as Dark Caracal has been attributed to a campaign that deployed a remote access trojan called Poco RAT in attacks targeting Spanish-speaking targets in Latin America in 2024.
The findings come from Russian cybersecurity company Positive Technologies, which described the malware as loaded with a "full suite of espionage features."
"It could upload files, capture screenshots
05 March 2025
Google has announced the rollout of artificial intelligence (AI)-powered scam detection features to secure Android device users and their personal information.
"These features specifically target conversational scams, which can often appear initially harmless before evolving into harmful situations," Google said. "And more phone calling scammers are using spoofing techniques to hide their real
05 March 2025
North Korean fake IT workers are creating personas on GitHub to land blockchain developer jobs at US and Japanese firms.
The post North Korean Fake IT Workers Pose as Blockchain Developers on GitHub appeared first on SecurityWeek.
05 March 2025
Several Venezuelans have been arrested and charged in the US in recent months for their role in ATM jackpotting schemes.
The post Two Venezuelans Arrested in US for ATM Jackpotting appeared first on SecurityWeek.
05 March 2025
Notorious ransomware group Hunters International threatens to leak 1.4 TB of data allegedly stolen from Tata Technologies.
The post Ransomware Group Claims Attack on Tata Technologies appeared first on SecurityWeek.
05 March 2025
Chrome 134 and Firefox 136 are rolling out across desktop and mobile with patches for multiple high-severity vulnerabilities.
The post Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
05 March 2025
The threat actor known as Lotus Panda has been observed targeting government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan with updated versions of a known backdoor called Sagerunex.
"Lotus Blossom has been using the Sagerunex backdoor since at least 2016 and is increasingly employing long-term persistence command shells and developing
05 March 2025
The rapid adoption of cloud services, SaaS applications, and the shift to remote work have fundamentally reshaped how enterprises operate. These technological advances have created a world of opportunity but also brought about complexities that pose significant security threats. At the core of these vulnerabilities lies Identity—the gateway to enterprise security and the number one attack vector
05 March 2025
Knostic provides a “need-to-know” filter on the answers generated by enterprise large language models (LLM) tools.
The post Knostic Secures $11 Million to Rein in Enterprise AI Data Leakage, Oversharing appeared first on SecurityWeek.
05 March 2025
Iranian national Behrouz Parsarad sanctioned for running Nemesis, a marketplace used for narcotics trafficking and cybercrime.
The post US Sanctions Iranian Administrator of Nemesis Darknet Marketplace appeared first on SecurityWeek.
05 March 2025
The Eleven11bot botnet has been described as one of the largest known DDoS botnets observed in recent years.
The post New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices appeared first on SecurityWeek.
05 March 2025
Cybersecurity researchers are alerting of an ongoing malicious campaign targeting the Go ecosystem with typosquatted modules that are designed to deploy loader malware on Linux and Apple macOS systems.
"The threat actor has published at least seven packages impersonating widely used Go libraries, including one (github[.]com/shallowmulti/hypert) that appears to target financial-sector developers
05 March 2025
How will organizations be impacted by the order to halt cyber operations against Russia? Cybersecurity leaders share their thoughts.
05 March 2025
Cyber-physical systems security company TXOne Networks has published its 2024 Annual OT/ICS Cybersecurity Report.
The post Organizations Still Not Patching OT Due to Disruption Concerns: Survey appeared first on SecurityWeek.
04 March 2025
The SANS Institute and OPSWAT have published their 2025 ICS/OT Cybersecurity Budget Report.
The post ICS/OT Security Budgets Increasing, but Critical Areas Underfunded: Report appeared first on SecurityWeek.