Latest Cybersecurity News and Articles
10 February 2025
Threat actors have been observed leveraging Google Tag Manager (GTM) to deliver credit card skimmer malware targeting Magento-based e-commerce websites.
Website security company Sucuri said the code, while appearing to be a typical GTM and Google Analytics script used for website analytics and advertising purposes, contains an obfuscated backdoor capable of providing attackers with persistent
10 February 2025
According to a Nuspire report, ransomware extortion publications rose by 46% compared to Q3, with Clop ransomware emerging as the most active group.
10 February 2025
French organizers said “the summit aims at promoting an ambitious French and European AI strategy” as advances in the sector have been led by the U.S. and China.
The post Trump’s AI Ambition and China’s DeepSeek Overshadow an AI Summit in Paris appeared first on SecurityWeek.
10 February 2025
A recent cybersecurity report by Clever found that 5% of U.S. school systems have implemented multi-factor authentication (MFA) for students.
10 February 2025
A critical vulnerability found in Orthanc servers can pose a serious risk to medical data and healthcare operations.
The post Orthanc Server Vulnerability Poses Risk to Medical Data, Healthcare Operations appeared first on SecurityWeek.
10 February 2025
Microsoft has added more Copilot consumer products to its bug bounty program and is offering higher rewards for medium-severity vulnerabilities.
The post Microsoft Expands Copilot Bug Bounty Program, Increases Payouts appeared first on SecurityWeek.
10 February 2025
In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket—each one seems minor until it becomes the entry point for an attack.
This week, we’ve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system is too small to be targeted. The question
10 February 2025
HPE is notifying an unknown number of individuals that Russian hackers accessed their personal information in a December 2023 attack.
The post HPE Says Personal Information Stolen in 2023 Russian Hack appeared first on SecurityWeek.
10 February 2025
Evan Light was sentenced to 20 years in federal prison for hacking an investment holdings company and stealing $37 million in cryptocurrency.
The post Indiana Man Sentenced to 20 Years in Prison for Hacking, $37 Million Crypto Theft appeared first on SecurityWeek.
10 February 2025
Memorial Hospital and Manor says 120,000 people had their personal information stolen in a November 2024 ransomware attack.
The post Information of 120,000 Stolen in Ransomware Attack on Georgia Hospital appeared first on SecurityWeek.
10 February 2025
Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture.
With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for
10 February 2025
News analysis: The big AI platforms are emerging as frontline early warning systems, detecting nation-state hackers at the outset of their campaigns. Can this help save the threat intel industry?
The post Can AI Early Warning Systems Reboot the Threat Intel Industry? appeared first on SecurityWeek.
10 February 2025
SolarWinds will become a privately held company following its acquisition by Turn/River Capital for $4.4 billion in cash.
The post SolarWinds Taken Private in $4.4 Billion Turn/River Capital Acquisition appeared first on SecurityWeek.
10 February 2025
Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware.
"It is likely that the campaign is financially motivated since redirecting users to illegal gambling websites shows that attackers deploy BadIIS for profit," Trend Micro researchers Ted Lee and
10 February 2025
Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions.
The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affecting
10 February 2025
DOGE has been feeding sensitive federal information into AI. Security leaders discuss.
10 February 2025
Explore industry moves and significant changes in the industry for the week of February 10, 2025. Stay updated with the latest industry trends and shifts.
10 February 2025
A bipartisan congressional bill has been proposed, which would prohibit the use of DeepSeek on government devices.
10 February 2025
Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems.
The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrime
08 February 2025
Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection.
"The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of the file," ReversingLabs researcher Karlo Zanki said in a report shared with The Hacker News. "