Latest Cybersecurity News and Articles
24 June 2025
A Chinese APT has been infecting SOHO routers with the ShortLeash backdoor to build stealthy espionage infrastructure.
The post Chinese APT Hacking Routers to Build Espionage Infrastructure appeared first on SecurityWeek.
24 June 2025
Newly discovered spyware has sneaked into Apple’s App Store and Google Play to steal images from users’ mobile devices.
The post Photo-Stealing Spyware Sneaks Into Apple App Store, Google Play appeared first on SecurityWeek.
24 June 2025
The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns.
The development was first reported by Axios.
The decision, according to the House Chief Administrative Officer (CAO), was motivated by worries about the app's security.
"The Office of Cybersecurity has deemed WhatsApp a high-risk to users
24 June 2025
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat actors using Signal chat messages to deliver two new malware families dubbed BEARDSHELL and COVENANT.
BEARDSHELL, per CERT-UA, is written in C++ and offers the ability to download and execute PowerShell scripts, as well as upload the results of the
24 June 2025
Tech support scammers are using sponsored ads and search parameter injection to trick users into calling them.
The post Apple, Netflix, Microsoft Sites ‘Hacked’ for Tech Support Scams appeared first on SecurityWeek.
23 June 2025
The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber espionage campaign.
The attackers exploited a critical Cisco IOS XE software (CVE-2023-20198, CVSS score: 10.0) to access configuration
23 June 2025
North Korean hackers employ social engineering to trick Zoom Meeting participants into executing system-takeover commands.
The post North Korean Hackers Take Over Victims’ Systems Using Zoom Meeting appeared first on SecurityWeek.
23 June 2025
A record-breaking data breach occurred, involving the exposure of 16 billion login credentials.
23 June 2025
Cybersecurity researchers are calling attention to a new jailbreaking method called Echo Chamber that could be leveraged to trick popular large language models (LLMs) into generating undesirable responses, irrespective of the safeguards put in place.
"Unlike traditional jailbreaks that rely on adversarial phrasing or character obfuscation, Echo Chamber weaponizes indirect references, semantic
23 June 2025
The United States government has warned of cyber attacks mounted by pro-Iranian groups after it launched airstrikes on Iranian nuclear sites as part of the Iran–Israel war that commenced on June 13, 2025.
Stating that the ongoing conflict has created a "heightened threat environment" in the country, the Department of Homeland Security (DHS) said in a bulletin that cyber actors are likely to
23 June 2025
Canada’s Centre for Cyber Security and the FBI warn of Chinese hackers targeting telecommunications and other companies in Canada.
The post China’s Salt Typhoon Hackers Target Canadian Telecom Firms appeared first on SecurityWeek.
23 June 2025
New "Echo Chamber" attack bypasses advanced LLM safeguards by subtly manipulating conversational context, proving highly effective across leading AI models.
The post New AI Jailbreak Bypasses Guardrails With Ease appeared first on SecurityWeek.
23 June 2025
Cybersecurity researchers have uncovered a Go-based malware called XDigo that has been used in attacks targeting Eastern European governmental entities in March 2025.
The attack chains are said to have leveraged a collection of Windows shortcut (LNK) files as part of a multi-stage procedure to deploy the malware, French cybersecurity company HarfangLab said.
XDSpy is the name assigned to a cyber
23 June 2025
The time frame between the breach and the notice of affected individuals has some cyber experts concerned.
23 June 2025
Radware's recent ecommerce report found that automated bots accounted for 57% of e-commerce website traffic during the 2024 holiday season.
23 June 2025
A critical-severity vulnerability in Teleport could allow remote attackers to bypass SSH authentication and access managed systems.
The post Critical Authentication Bypass Flaw Patched in Teleport appeared first on SecurityWeek.
23 June 2025
The personal information of 743,000 individuals was compromised in a 2024 ransomware attack on McLaren Health Care.
The post 743,000 Impacted by McLaren Health Care Data Breach appeared first on SecurityWeek.
23 June 2025
It sure is a hard time to be a SOC analyst.
Every day, they are expected to solve high-consequence problems with half the data and twice the pressure. Analysts are overwhelmed—not just by threats, but by the systems and processes in place that are meant to help them respond. Tooling is fragmented. Workflows are heavy. Context lives in five places, and alerts never slow down. What started as a
23 June 2025
Google has revealed the various safety measures that are being incorporated into its generative artificial intelligence (AI) systems to mitigate emerging attack vectors like indirect prompt injections and improve the overall security posture for agentic AI systems.
"Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt, indirect prompt injections
23 June 2025
Iranian hackers are expected to intensify cyberattacks against the US after the recent air strikes on Iran’s nuclear sites.
The post US Braces for Cyberattacks After Joining Israel-Iran War appeared first on SecurityWeek.