Latest Cybersecurity News and Articles
19 February 2025
Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions.
The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0
It has been described as a case of improper privilege management that could
19 February 2025
Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild.
The vulnerabilities are listed below -
CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability
CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability
"
19 February 2025
Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts.
"The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app's legitimate 'linked devices' feature that enables Signal to be used on multiple
19 February 2025
The NCSC is responding to further ransomware attacks on the education sector by cyber criminals.
19 February 2025
Phishing is the preferred technique among threat actors, according to a new report.
19 February 2025
The Sandworm actor has replaced the exposed VPNFilter malware with a new more advanced framework.
19 February 2025
GCHQ and the NCSC reflect on the passing of HRH The Duke of Edinburgh
19 February 2025
Organizations adopting the transformative nature of agentic AI are urged to take heed of prompt engineering tactics being practiced by threat actors.
The post How Hackers Manipulate Agentic AI with Prompt Engineering appeared first on SecurityWeek.
19 February 2025
SecurityWeek speaks with Kevin Winter, Global CISO at Deloitte, and Richard Marcus, CISO at AuditBoard.
The post CISO Conversations: Kevin Winter at Deloitte and Richard Marcus at AuditBoard appeared first on SecurityWeek.
19 February 2025
Blockaid raises $50 million in Series B funding to scale operations to meet demand for its blockchain application security platform.
The post Blockaid Raises $50 Million to Secure Blockchain Applications appeared first on SecurityWeek.
19 February 2025
The latest OpenSSH update patches two vulnerabilities, including one that enabled MitM attacks with no user interaction.
The post OpenSSH Patches Vulnerabilities Allowing MitM, DoS Attacks appeared first on SecurityWeek.
19 February 2025
Venture capital firm Insight Partners has been targeted in a cyberattack that involved unauthorized access to its information systems.
The post VC Company Insight Partners Hacked appeared first on SecurityWeek.
19 February 2025
A CDG report found that 92% of IT professionals stated they had some degree of confidence in their ability to meet compliance requirements.
19 February 2025
Active infostealer infections have been found within U.S. agencies and defense contractors.
19 February 2025
Google and Mozilla resolve high-severity memory safety vulnerabilities with the latest Chrome and Firefox security updates.
The post Chrome 133, Firefox 135 Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
19 February 2025
A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain.
Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of the year.
"Typically delivered through phishing emails containing malicious attachments or links,
19 February 2025
A recently identified macOS infostealer named FrigidStealer has been distributed through a compromised website, as a fake browser update.
The post New FrigidStealer macOS Malware Distributed as Fake Browser Update appeared first on SecurityWeek.
19 February 2025
Admeritia has launched Cyber Decision Diagrams, a free tool designed to help organizations manage complex decisions related to ICS/OT cybersecurity.
The post Free Diagram Tool Aids Management of Complex ICS/OT Cybersecurity Decisions appeared first on SecurityWeek.
19 February 2025
Lee Enterprises has shared more details on the recent cyberattack, saying the attackers encrypted and stole files.
The post Lee Enterprises Newspaper Disruptions Caused by Ransomware appeared first on SecurityWeek.
19 February 2025
The growing demand for cybersecurity and compliance services presents a great opportunity for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) to offer virtual Chief Information Security Officer (vCISO) services—delivering high-level cybersecurity leadership without the cost of a full-time hire.
However, transitioning to vCISO services is not without its challenges