Latest Cybersecurity News and Articles
18 February 2025
The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024.
The activity, detailed by Japanese cybersecurity company LAC, overlaps with a threat cluster tracked by Trend Micro as Earth Freybug, which has been assessed to be a subset within the APT41
18 February 2025
Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services.
"This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP's configuration and cause the MFP
18 February 2025
Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar.
MageCart is the name given to a malware that's capable of stealing sensitive payment information from online shopping sites. The attacks are known to
17 February 2025
Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild.
"Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies," the Microsoft Threat Intelligence team said in a post shared on X.
"These enhanced features add to
17 February 2025
A recent Torii report analyzed how businesses are managing a rise in "shadow IT" and artificial intelligence (AI) driven tools.
17 February 2025
A newly identified malware family abuses the Outlook mail service for communication, via the Microsoft Graph API.
The post New FinalDraft Malware Spotted in Espionage Campaign appeared first on SecurityWeek.
17 February 2025
Russian hackers have been targeting government, defense, telecoms, and other organizations in a device code phishing campaign.
The post Russian State Hackers Target Organizations With Device Code Phishing appeared first on SecurityWeek.
17 February 2025
After governments announced sanctions against the Zservers/XHost bulletproof hosting service, Dutch police took 127 servers offline.
The post 127 Servers of Bulletproof Hosting Service Zservers Seized by Dutch Police appeared first on SecurityWeek.
17 February 2025
South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations.
Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement. The web service remains
17 February 2025
DeepSeek has temporarily paused downloads of its chatbot apps in South Korea while it works with local authorities to address privacy concerns.
The post Downloads of DeepSeek’s AI Apps Paused in South Korea Over Privacy Concerns appeared first on SecurityWeek.
17 February 2025
Cyber threats evolve—has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity.
This concise report makes a clear business case for why CTEM’s comprehensive approach is the best overall strategy for shoring up a business’s cyber defenses in the face of evolving attacks. It also
17 February 2025
Xerox released security updates to resolve pass-back attack vulnerabilities in Versalink multifunction printers.
The post Xerox Versalink Printer Vulnerabilities Enable Lateral Movement appeared first on SecurityWeek.
17 February 2025
Welcome to this week’s Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights.
⚡ Threat of the Week
Russian Threat Actors Leverage Device Code Phishing to Hack
17 February 2025
Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications.
Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin.
"The malware is compiled in Golang and once executed it acts like a backdoor," security researcher Leandro Fróes said in an analysis
17 February 2025
Explore industry moves and significant changes in the industry for the week of February 17, 2025. Stay updated with the latest industry trends and shifts.
15 February 2025
Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress.
Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. The development was first reported by Android Authority.
Users who attempt
14 February 2025
In a signal move for the cybersecurity sector, identity and access management (IAM) vendor SailPoint has made its return to public markets.
The post SailPoint IPO Signals Bright Spot for Cybersecurity appeared first on SecurityWeek.
14 February 2025
Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code execution within the Amazon Web Services (AWS) account.
"If executed at scale, this attack could be used to gain access to thousands of accounts," Datadog Security Labs researcher Seth Art said in a report
14 February 2025
The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers.
The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that's associated with a profile named "
14 February 2025
The chief deputy attorney general of the agency sent an email on Wednesday that said nearly all of is computer systems were offline.
The post Virginia Attorney General’s Office Struck by Cyberattack Targeting Attorneys’ Computer Systems appeared first on SecurityWeek.