Latest Cybersecurity News and Articles
Recent Langflow Vulnerability Exploited by Flodrix Botnet
17 June 2025
A critical Langflow vulnerability tracked as CVE-2025-3248 has been exploited to ensnare devices in the Flodrix botnet.
The post Recent Langflow Vulnerability Exploited by Flodrix Botnet appeared first on SecurityWeek.
TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert
17 June 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability in question is CVE-2023-33538 (CVSS score: 8.8), a command injection bug that could result in the execution of arbitrary system commands when
Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement
17 June 2025
Meta Platforms on Monday announced that it's bringing advertising to WhatsApp, but emphasized that the ads are "built with privacy in mind."
The ads are expected to be displayed on the Updates tab through its Stories-like Status feature, which allows ephemeral sharing of photos, videos, voice notes, and text for 24 hours. These efforts are "rolling out gradually," per the company.
The media
U.S. Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network
16 June 2025
The U.S. Department of Justice (DoJ) said it has filed a civil forfeiture complaint in federal court that targets over $7.74 million in cryptocurrency, non-fungible tokens (NFTs), and other digital assets allegedly linked to a global IT worker scheme orchestrated by North Korea.
"For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems to evade U.S.
Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report
16 June 2025
According to reports, the US Department of Justice will assess whether the deal would harm competition in the cybersecurity market.
The post Google’s $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report appeared first on SecurityWeek.
Anubis Ransomware Encrypts and Wipes Files, Making Recovery Impossible Even After Payment
16 June 2025
An emerging ransomware strain has been discovered incorporating capabilities to encrypt files as well as permanently erase them, a development that has been described as a "rare dual-threat."
"The ransomware features a 'wipe mode,' which permanently erases files, rendering recovery impossible even if the ransom is paid," Trend Micro researchers Maristel Policarpio, Sarah Pearl Camiling, and
Archetyp Dark Web Market Shut Down by Law Enforcement
16 June 2025
The Archetyp Market drug marketplace has been targeted by law enforcement in an operation involving takedowns and arrests.
The post Archetyp Dark Web Market Shut Down by Law Enforcement appeared first on SecurityWeek.
Asheville Eye Associates Says 147,000 Impacted by Data Breach
16 June 2025
Asheville Eye Associates says the personal information of 147,000 individuals was stolen in a November 2024 data breach.
The post Asheville Eye Associates Says 147,000 Impacted by Data Breach appeared first on SecurityWeek.
Zoomcar Says Hackers Accessed Data of 8.4 Million Users
16 June 2025
The Indian car sharing marketplace Zoomcar learned that its systems were hacked after a threat actor contacted employees.
The post Zoomcar Says Hackers Accessed Data of 8.4 Million Users appeared first on SecurityWeek.
⚡ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak Hack, AI Data Leaks and More
16 June 2025
Some of the biggest security problems start quietly. No alerts. No warnings. Just small actions that seem normal but aren't. Attackers now know how to stay hidden by blending in, and that makes it hard to tell when something’s wrong.
This week’s stories aren’t just about what was attacked—but how easily it happened. If we’re only looking for the obvious signs, what are we missing right in front
Playbook: Transforming Your Cybersecurity Practice Into An MRR Machine
16 June 2025
Introduction
The cybersecurity landscape is evolving rapidly, and so are the cyber needs of organizations worldwide. While businesses face mounting pressure from regulators, insurers, and rising threats, many still treat cybersecurity as an afterthought. As a result, providers may struggle to move beyond tactical services like one-off assessments or compliance checklists, and demonstrate
240,000 Impacted by Data Breach at Eyecare Tech Firm Ocuco
16 June 2025
The KillSec ransomware group has stolen hundreds of gigabytes of data from Ireland-based eyecare technology company Ocuco.
The post 240,000 Impacted by Data Breach at Eyecare Tech Firm Ocuco appeared first on SecurityWeek.
Anubis Ransomware Packs a Wiper to Permanently Delete Files
16 June 2025
The emerging Anubis ransomware becomes a major threat, permanently deleting user files and making recovery impossible.
The post Anubis Ransomware Packs a Wiper to Permanently Delete Files appeared first on SecurityWeek.
Red Teaming AI: The Build Vs Buy Debate
16 June 2025
A strong AI deployment starts with asking the right questions, mapping your risks, and thinking like an adversary — before it’s too late.
The post Red Teaming AI: The Build Vs Buy Debate appeared first on SecurityWeek.
Fog Ransomware Group Uses Unconventional Toolset, New Research Finds
16 June 2025
The Fog ransomware group utilizes an uncommon toolset, including open-source pentesting utilities and an employee monitoring software.
High-Severity Vulnerabilities Patched in Tenable Nessus Agent
16 June 2025
Three high-severity Tenable Agent vulnerabilities could allow users to overwrite and delete files, or execute arbitrary code, with System privileges.
The post High-Severity Vulnerabilities Patched in Tenable Nessus Agent appeared first on SecurityWeek.
Canadian Airline WestJet Hit by Cyberattack
16 June 2025
A cybersecurity incident at WestJet resulted in users experiencing interruptions when accessing the company’s application and website.
The post Canadian Airline WestJet Hit by Cyberattack appeared first on SecurityWeek.
Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data
16 June 2025
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others.
The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox,
UK ‘woefully’ ill-protected against Chinese and Russian undersea cable sabotage
15 June 2025
Report finds China and Russia may be coordinating ‘grey zone’ tactics against vulnerable western infrastructureChina and Russia are stepping up sabotage operations targeting undersea cables and the UK is unprepared to meet the mounting threat, according to new analysis.A report by the China Strategic Risks Institute (CSRI) analysed 12 incidents where national authorities had investigated alleged undersea cable sabotage between January 2021 and April 2025. Of the 10 cases in which a suspect vessel was identified, eight were directly linked to China or Russia through flag-state registration or company ownership. Continue reading...
Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets
13 June 2025
A new malware campaign is exploiting a weakness in Discord's invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan.
"Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers," Check Point said in a technical report. "The attackers combined the ClickFix