Latest Cybersecurity News and Articles
20 June 2025
Personal data of former and current council workers, including election staff, may have been accessed by hackers.
The post Hackers Access Legacy Systems in Oxford City Council Cyberattack appeared first on SecurityWeek.
19 June 2025
Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique campaigns.
"Operated by the financially motivated threat actor LARVA-398, AntiDot is actively sold as a Malware-as-a-Service (MaaS) on underground forums and has been linked to a wide range of mobile campaigns," PRODAFT said in a report
19 June 2025
Israel-linked Predatory Sparrow hackers torched more than $90 million at Iran’s largest cryptobank as Israel-Iran cyberwar escalates.
The post Predatory Sparrow Burns $90 Million on Iranian Crypto Exchange in Cyber Shadow War appeared first on SecurityWeek.
19 June 2025
Scania, a transport solution organization, has confirmed it faced a cybersecurity incident.
19 June 2025
Scattered Spider, who is believed to be responsible for several cyberattacks against the retail sector in recent months, has apparently shifted targets to the insurance sector.
19 June 2025
Trend Micro and ReversingLabs uncovered over 100 GitHub accounts distributing malware embedded in open source hacking tools.
The post New Campaigns Distribute Malware via Open Source Hacking Tools appeared first on SecurityWeek.
19 June 2025
The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices.
Huntress, which revealed details of the cyber intrusion, said the attack targeted an unnamed cryptocurrency foundation employee, who received a
19 June 2025
DALL-E for coders? That’s the promise behind vibe coding, a term describing the use of natural language to create software. While this ushers in a new era of AI-generated code, it introduces "silent killer" vulnerabilities: exploitable flaws that evade traditional security tools despite perfect test performance.
A detailed analysis of secure vibe coding practices is available here.
TL;DR: Secure
19 June 2025
A ransomware group has claimed the theft of millions of files from procurement service provider Chain IQ and 19 other companies.
The post Chain IQ, UBS Data Stolen in Ransomware Attack appeared first on SecurityWeek.
19 June 2025
After decades of failed attempts to access encrypted communications, governments are shifting from persuasion to coercion—security experts say the risks are too high.
The post Encryption Backdoors: The Security Practitioners’ View appeared first on SecurityWeek.
19 June 2025
Krispy Kreme is sending notifications to thousands of people impacted by the data breach that came to light at the end of 2024.
The post Krispy Kreme Confirms Data Breach After Ransomware Attack appeared first on SecurityWeek.
19 June 2025
Most cyberattacks today don’t start with loud alarms or broken firewalls. They start quietly—inside tools and websites your business already trusts.
It’s called “Living Off Trusted Sites” (LOTS)—and it’s the new favorite strategy of modern attackers. Instead of breaking in, they blend in.
Hackers are using well-known platforms like Google, Microsoft, Dropbox, and Slack as launchpads. They hide
19 June 2025
In a rapidly changing AI environment, CISOs are worried about investing in the wrong solution or simply not investing because they can’t decide what the best option is.
The post Choosing a Clear Direction in the Face of Growing Cybersecurity Demands appeared first on SecurityWeek.
19 June 2025
Cisco has resolved a high-severity vulnerability in Meraki MX and Meraki Z devices. Atlassian pushed patches for multiple third-party dependencies.
The post High-Severity Vulnerabilities Patched by Cisco, Atlassian appeared first on SecurityWeek.
19 June 2025
Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords (or app passwords) as part of a novel social engineering tactic designed to gain access to victims' emails.
Details of the highly targeted campaign were disclosed by Google Threat Intelligence Group (GTIG) and the Citizen Lab, stating the activity
19 June 2025
A hacker is selling allegedly valuable data stolen from Scania, but the truck maker believes impact is very limited.
The post Swedish Truck Giant Scania Investigating Hack appeared first on SecurityWeek.
19 June 2025
Meta Platforms on Wednesday announced that it's adding support for passkeys, the next-generation password standard, on Facebook.
"Passkeys are a new way to verify your identity and login to your account that's easier and more secure than traditional passwords," the tech giant said in a post.
Support for passkeys is expected to be available "soon" on Android and iOS mobile devices. The feature is
18 June 2025
Cybersecurity researchers have uncovered two local privilege escalation (LPE) flaws that could be exploited to gain root privileges on machines running major Linux distributions.
The vulnerabilities, discovered by Qualys, are listed below -
CVE-2025-6018 - LPE from unprivileged to allow_active in SUSE 15's Pluggable Authentication Modules (PAM)
CVE-2025-6019 - LPE from allow_active to root in
18 June 2025
Russian hackers posed as US State Department staff and convinced targets to generate and give up Google app-specific passwords.
The post Russian Hackers Bypass Gmail MFA with App Specific Password Ruse appeared first on SecurityWeek.
18 June 2025
Misconfigured permissions in Google’s Gerrit code collaboration platform could have led to the compromise of ChromiumOS and other Google projects.
The post Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection appeared first on SecurityWeek.