Latest Cybersecurity News and Articles
22 October 2025
Cybersecurity researchers have uncovered a new supply chain attack targeting the NuGet package manager with malicious typosquats of Nethereum, a popular Ethereum .NET integration platform, to steal victims' cryptocurrency wallet keys.
The package, Netherеum.All, has been found to harbor functionality to decode a command-and-control (C2) endpoint and exfiltrate mnemonic phrases, private keys, and
22 October 2025
If you are recruiting for a Field CISO, Field CTO, etc., or are looking to leverage a resource at your company in one of these roles, what are some things you should be aware of?
The post What Makes a Great Field CXO: Lessons from the Front Lines appeared first on SecurityWeek.
22 October 2025
Jewett-Cameron Company says hackers stole sensitive information and are threatening to release it unless a ransom is paid.
The post Fencing and Pet Company Jewett-Cameron Hit by Ransomware appeared first on SecurityWeek.
22 October 2025
The Critical Patch Update contains 374 new security patches that resolve many vulnerabilities.
The post Oracle Releases October 2025 Patches appeared first on SecurityWeek.
22 October 2025
The advice didn't change for decades: use complex passwords with uppercase, lowercase, numbers, and symbols. The idea is to make passwords harder for hackers to crack via brute force methods. But more recent guidance shows our focus should be on password length, rather than complexity. Length is the more important security factor, and passphrases are the simplest way to get your users to create
22 October 2025
Government, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky.
The cyber espionage activity was first flagged by the Russian cybersecurity vendor in November 2024, when it disclosed a set of attacks aimed at government entities in Latin America and East Asia in June, using
22 October 2025
Participants exploited 34 previously unknown vulnerabilities to hack printers, NAS devices, and smart home products.
The post Hackers Earn Over $520,000 on First Day of Pwn2Own Ireland 2025 appeared first on SecurityWeek.
22 October 2025
Cybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote code execution under certain conditions.
The vulnerability, tracked as CVE-2025-62518 (CVSS score: 8.1), has been codenamed TARmageddon by Edera, which discovered the issue in late August 2025. It impacts several
22 October 2025
Envoy Air, subsidiary of American Airlines, experienced a cyberattack.
22 October 2025
TP-Link has released security updates to address four security flaws impacting Omada gateway devices, including two critical bugs that could result in arbitrary code execution.
The vulnerabilities in question are listed below -
CVE-2025-6541 (CVSS score: 8.6) - An operating system command injection vulnerability that could be exploited by an attacker who can log in to the web management
21 October 2025
The Series A round was led by Two Bear Capital and included participation from Gula Tech Adventures, Next Frontier Capital, and others.
The post Gravwell Closes $15.4M Funding Round to Expand Data Analytics and Security Platform appeared first on SecurityWeek.
21 October 2025
NetRise appointed the former CISA Senior Advisor and Strategist as a Strategic Advisor.
The post SBOM Pioneer Allan Friedman Joins NetRise to Advance Supply Chain Visibility appeared first on SecurityWeek.
21 October 2025
Meta on Tuesday said it's launching new tools to protect Messenger and WhatsApp users from potential scams.
To that end, the company said it's introducing new warnings on WhatsApp when users attempt to share their screen with an unknown contact during a video call so as to prevent them from giving away sensitive information like bank details or verification codes.
On Messenger, users can opt to
21 October 2025
Defakto’s Series B funding, which brings the total raised to $50 million, was led by XYZ Venture Capital.
The post Defakto Raises $30 Million for Non-Human IAM Platform appeared first on SecurityWeek.
21 October 2025
A threat actor has been infecting servers of high-profile entities with backdoors to exfiltrate information and deploy additional payloads.
The post Government, Industrial Servers Targeted in China-Linked ‘PassiveNeuron’ Campaign appeared first on SecurityWeek.
21 October 2025
Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge.
PolarEdge was first documented by Sekoia in February 2025, attributing it to a campaign targeting routers from Cisco, ASUS, QNAP, and Synology with the goal of corralling them into a network for an as-yet-undetermined purpose.
The TLS-based ELF implant, at its core, is designed to monitor
21 October 2025
The acquisition will unify data resilience with DSPM, privacy, governance, and AI trust across production and secondary data.
The post Veeam to Acquire Data Security Firm Securiti AI for $1.7 Billion appeared first on SecurityWeek.
21 October 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 21, 2025 – Read the full story from Cloud Security Alliance Cybercrime is projected to cost the global economy $10.5 trillion in 2025, according to Cybersecurity Ventures, making it the third-largest
The post The Future of SOCs in Enterprise Cybersecurity appeared first on Cybercrime Magazine.
21 October 2025
Leading to code execution, authentication bypass, and privilege escalation, the flaws were added to CISA’s KEV list.
The post CISA Warns of Exploited Apple, Kentico, Microsoft Vulnerabilities appeared first on SecurityWeek.
21 October 2025
The goal is to combine Dataminr’s data signals platform with ThreatConnect’s deep internal data capabilities.
The post Dataminr to Acquire ThreatConnect for $290 Million appeared first on SecurityWeek.