Latest Cybersecurity News and Articles
27 February 2025
XSS vulnerability allowed a threat actor to redirect users to arbitrary domains.
The post Sites of Major Orgs Abused in Spam Campaign Exploiting Virtual Tour Software Flaw appeared first on SecurityWeek.
27 February 2025
Organizations are either already adopting GenAI solutions, evaluating strategies for integrating these tools into their business plans, or both. To drive informed decision-making and effective planning, the availability of hard data is essential—yet such data remains surprisingly scarce.
The “Enterprise GenAI Data Security Report 2025” by LayerX delivers unprecedented insights
27 February 2025
Cybersecurity researchers have discovered an updated version of an Android malware called TgToxic (aka ToxicPanda), indicating that the threat actors behind it are continuously making changes in response to public reporting.
"The modifications seen in the TgToxic payloads reflect the actors' ongoing surveillance of open source intelligence and demonstrate their commitment to enhancing the
27 February 2025
A recent Dragos cybersecurity report analyzed two new OT cyber threat groups and ransomware activity.
27 February 2025
Cisco has patched command injection and DoS vulnerabilities affecting some of its Nexus switches, including a high-severity flaw.
The post Cisco Patches Vulnerabilities in Nexus Switches appeared first on SecurityWeek.
27 February 2025
Let’s examine, through the lens of some historic breaches, the five most common mistakes that still serve as a catalyst to compromise.
The post Failure, Rinse, Repeat: Why do Both History and Security Seem Doomed to Repeat Themselves? appeared first on SecurityWeek.
27 February 2025
The FBI has attributed the Bybit hack to a North Korean group named TraderTraitor as more technical details of the attack have come to light.
The post FBI Says North Korea Hacked Bybit as Details of $1.5B Heist Emerge appeared first on SecurityWeek.
27 February 2025
Security leaders discuss the coordinated botnet campaign against Microsoft 365 accounts.
27 February 2025
A new malware campaign has been observed targeting edge devices from Cisco, ASUS, QNAP, and Synology to rope them into a botnet named PolarEdge since at least the end of 2023.
French cybersecurity company Sekoia said it observed the unknown threat actors leveraging CVE-2023-20118 (CVSS score: 6.5), a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and
27 February 2025
The U.S. Federal Bureau of Investigation (FBI) formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company's CEO Ben Zhou declared a "war against Lazarus."
The agency said the Democratic People's Republic of Korea (North Korea) was responsible for the theft of the virtual assets from the cryptocurrency exchange, attributing it to a specific cluster
26 February 2025
A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S. government officials searched online for non-extradition countries and for an answer to the question "can hacking be treason?" prosecutors in the case said Wednesday. The government disclosed the details in a court motion to keep the defendant in custody until he is discharged from the military.
26 February 2025
A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale.
Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign – dubbed 360XSS – affected over 350 websites,
26 February 2025
Threat Intelligence firm Kela warns of a new ransomware group called Anubis operating as a RaaS service with an extensive array of options for affiliates.
The post New Anubis Ransomware Could Pose Major Threat to Organizations appeared first on SecurityWeek.
26 February 2025
API security challenges are ongoing, with 99% reporting API security issues in the past 12 months.
26 February 2025
More than a year's worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented visibility into their tactics and internal conflicts among its members.
The Russian-language chats on the Matrix messaging platform between September 18, 2023, and September 28, 2024, were initially leaked on February 11, 2025, by an
26 February 2025
Richard Bird has been appointed CSO at Singulr AI. Bird will play a critical role in helping develop practices that keep pace with emerging threats.
26 February 2025
New Linux malware named Auto-Color, which allows full remote access to compromised devices, targets North America and Asia.
The post New ‘Auto-Color’ Linux Malware Targets North America, Asia appeared first on SecurityWeek.
26 February 2025
SecurityWeek's 2025 Ransomware Resilience & Recovery Summit takes place today, February 26th, as a fully immersive virtual event.
The post Virtual Event Today: Ransomware Resilience & Recovery Summit appeared first on SecurityWeek.
26 February 2025
The Open Source Security Foundation (OpenSSF) has created a structured set of security requirements for open source projects.
The post OpenSSF Releases Security Baseline for Open Source Projects appeared first on SecurityWeek.
26 February 2025
Organizations today face relentless cyber attacks, with high-profile breaches hitting the headlines almost daily. Reflecting on a long journey in the security field, it’s clear this isn’t just a human problem—it’s a math problem. There are simply too many threats and security tasks for any SOC to manually handle in a reasonable timeframe. Yet, there is a solution. Many refer to it as SOC 3.0—an