Latest Cybersecurity News and Articles
25 June 2025
Rapid7 has found several serious vulnerabilities affecting over 700 printer models from Brother and other vendors.
The post New Vulnerabilities Expose Millions of Brother Printers to Hacking appeared first on SecurityWeek.
25 June 2025
Strong security doesn’t just rely on tools—it starts with trust, clarity, and sincerity from the top down.
The post Why Sincerity Is a Strategic Asset in Cybersecurity appeared first on SecurityWeek.
25 June 2025
Thousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a pro-Iranian hacktivist group called Cyber Fattah.
Cybersecurity company Resecurity said the breach was announced on Telegram on June 22, 2025, in the form of SQL database dumps, characterizing it as an information operation "carried out by Iran and its proxies."
"The actors
25 June 2025
A high-severity vulnerability in GitHub Enterprise Server could have allowed remote attackers to execute arbitrary code.
The post Code Execution Vulnerability Patched in GitHub Enterprise Server appeared first on SecurityWeek.
25 June 2025
If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.
A gap in access control in Microsoft Entra’s subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.
All the guest user needs are the permissions to create subscriptions in
25 June 2025
Chrome 138 and Firefox 140 are rolling out with fixes for two dozen vulnerabilities, including high-severity memory safety issues.
The post Chrome 138, Firefox 140 Patch Multiple Vulnerabilities appeared first on SecurityWeek.
25 June 2025
Mainline Health and Select Medical Holdings have suffered data breaches that affect more than 100,000 individuals.
The post Mainline Health, Select Medical Each Disclose Data Breaches Impacting 100,000 People appeared first on SecurityWeek.
25 June 2025
Unknown threat actors have been distributing a trojanized version of SonicWall's SSL VPN NetExtender application to steal credentials from unsuspecting users who may have installed it.
"NetExtender enables remote users to securely connect and run applications on the company network," SonicWall researcher Sravan Ganachari said. "Users can upload and download files, access network drives, and use
25 June 2025
Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea.
According to Socket, the ongoing supply chain attack involves 35 malicious packages that were uploaded from 24 npm accounts. These packages have been collectively downloaded over 4,000 times. The complete list of the JavaScript
25 June 2025
Russia-linked APT28 deployed new malware against Ukrainian government targets through malicious documents sent via Signal chats.
The post Russian APT Hits Ukrainian Government With New Malware via Signal appeared first on SecurityWeek.
25 June 2025
Microsoft on Tuesday announced that it's extending Windows 10 Extended Security Updates (ESU) for an extra year by letting users either pay a small fee of $30 or by sync their PC settings to the cloud.
The development comes ahead of the tech giant's upcoming October 14, 2025, deadline, when it plans to officially end support and stop providing security updates for devices running Windows 10. The
24 June 2025
The United States Embassy in India has announced that applicants for F, M, and J nonimmigrant visas should make their social media accounts public.
The new guideline seeks to help officials verify the identity and eligibility of applicants under U.S. law. The U.S. Embassy said every visa application review is a "national security decision."
"Effective immediately, all individuals applying for an
24 June 2025
Cybersecurity researchers have detailed two novel methods that can be used to disrupt cryptocurrency mining botnets.
The methods take advantage of the design of various common mining topologies in order to shut down the mining process, Akamai said in a new report published today.
"We developed two techniques by leveraging the mining topologies and pool policies that enable us to reduce a
24 June 2025
Siemens is working with Microsoft to address a Defender Antivirus problem that can lead to no malware alerts or plant disruptions.
The post Siemens Notifies Customers of Microsoft Defender Antivirus Issue appeared first on SecurityWeek.
24 June 2025
Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials.
Positive Technologies, in a new analysis published last week, said it identified two different kinds of keylogger code written in JavaScript on the Outlook login page -
Those that save collected data to a local file
24 June 2025
Aflac discovered suspicious activity on its United States network.
24 June 2025
I had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn’t have asked for a better kickoff panel: three cybersecurity leaders who don’t just talk security, they live it.
Let me introduce them.
Alex Delay, CISO at IDB Bank, knows what it means to defend a highly regulated environment. Ben Mead, Director of Cybersecurity at Avidity
24 June 2025
The future of secure digital engagement depends on continuous identity verification and proofing that can scale with risk.
The post Identity Is the New Perimeter: Why Proofing and Verification Are Business Imperatives appeared first on SecurityWeek.
24 June 2025
Palo Alto Networks has observed a spike in Prometei activity since March 2025, pointing to a resurgence of the botnet.
The post Prometei Botnet Activity Spikes appeared first on SecurityWeek.
24 June 2025
Misconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments.
"Attackers are exploiting misconfigured Docker APIs to gain access to containerized environments, then using Tor to mask their activities while deploying crypto miners," Trend Micro researchers Sunil Bharti and Shubham Singh said in an