Latest Cybersecurity News and Articles
09 June 2025
President Trump says his new cybersecurity executive order amends problematic elements of Biden- and Obama-era executive orders.
The post Trump Cybersecurity Executive Order Targets Digital Identity, Sanctions Policies appeared first on SecurityWeek.
09 June 2025
OpenAI has revealed that it banned a set of ChatGPT accounts that were likely operated by Russian-speaking threat actors and two Chinese nation-state hacking groups to assist with malware development, social media automation, and research about U.S. satellite communications technologies, among other things.
"The [Russian-speaking] actor used our models to assist with developing and refining
08 June 2025
Cybersecurity researchers have flagged a supply chain attack targeting over a dozen packages associated with GlueStack to deliver malware.
The malware, introduced via a change to "lib/commonjs/index.js," allows an attacker to run shell commands, take screenshots, and upload files to infected machines, Aikido Security told The Hacker News, stating these packages collectively account for nearly 1
08 June 2025
Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data.
"Some of the phishing emails were sent from the servers of compromised companies, increasing the chances of a successful attack," Positive Technologies security researcher
06 June 2025
Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer (AMOS) on Apple macOS systems.
The campaign, according to CloudSEK, has been found to leverage typosquat domains mimicking U.S.-based telecom provider Spectrum.
"macOS users are served a
06 June 2025
An observed voice phishing campaign is impersonating IT support workers.
06 June 2025
Noteworthy stories that might have slipped under the radar: FBI issues an alert on BadBox 2 botnet, NSO disputing the $168 million WhatsApp fine, 1,000 people left CISA since Trump took office.
The post In Other News: FBI Warns of BadBox 2, NSO Disputes WhatsApp Fine, 1,000 Leave CISA appeared first on SecurityWeek.
06 June 2025
When generative AI tools became widely available in late 2022, it wasn’t just technologists who paid attention. Employees across all industries immediately recognized the potential of generative AI to boost productivity, streamline communication and accelerate work. Like so many waves of consumer-first IT innovation before it—file sharing, cloud storage and collaboration platforms—AI landed in
06 June 2025
India's Central Bureau of Investigation (CBI) has revealed that it has arrested four individuals and dismantled two illegal call centers that were found to be engaging in a sophisticated transnational tech support scam targeting Japanese citizens.
The law enforcement agency said it conducted coordinated searches at 19 locations across Delhi, Haryana, and Uttar Pradesh on May 28, 2025, as part of
06 June 2025
The number of cybersecurity-related merger and acquisition (M&A) announcements surged in May 2025.
The post Cybersecurity M&A Roundup: 42 Deals Announced in May 2025 appeared first on SecurityWeek.
06 June 2025
Data security firm MIND has raised $30 million in Series A funding to expand its R&D and go-to-market teams.
The post MIND Raises $30 Million for Data Loss Prevention appeared first on SecurityWeek.
06 June 2025
Cybersecurity involves both playing the good guy and the bad guy. Diving deep into advanced technologies and yet also going rogue in the Dark Web. Defining technical policies and also profiling attacker behavior. Security teams cannot be focused on just ticking boxes, they need to inhabit the attacker’s mindset.
This is where AEV comes in.
AEV (Adversarial Exposure Validation) is an advanced
06 June 2025
A Russia-linked threat actor has used the destructive malware dubbed PathWiper against a critical infrastructure organization in Ukraine.
The post Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure appeared first on SecurityWeek.
06 June 2025
Cisco has released patches for a critical vulnerability impacting cloud deployments of Identity Services Engine (ISE).
The post Cisco Patches Critical ISE Vulnerability With Public PoC appeared first on SecurityWeek.
06 June 2025
An HPE StoreOnce vulnerability allows attackers to bypass authentication, potentially leading to remote code execution.
The post HPE Patches Critical Vulnerability in StoreOnce appeared first on SecurityWeek.
06 June 2025
A reward is being offered for Maxim Alexandrovich Rudometov, who is accused of developing and managing the RedLine malware.
The post US Offering $10 Million Reward for RedLine Malware Developer appeared first on SecurityWeek.
06 June 2025
A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos.
"The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the administrative console, that was then used to issue malicious commands and deploy PathWiper across
06 June 2025
As cloud infrastructure increases in complexity, security teams are having difficulty keeping pace.
05 June 2025
Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of proxy and anonymity services nested at some of America's largest Internet service providers (ISPs).
05 June 2025
Censys researchers follow some clues and find hundreds of control-room dashboards for US water utilities on the public internet.
The post Misconfigured HMIs Expose US Water Systems to Anyone with a Browser appeared first on SecurityWeek.