Latest Cybersecurity News and Articles
07 February 2025
Wired reported this week that a 19-year-old working for Elon Musk's so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today's story explores, the DOGE teen is a former denizen of 'The Com,' an archipelago of Discord and Telegram chat channels that function as a kind of distributed cybercriminal social network for facilitating instant collaboration.
07 February 2025
ThreatMate has raised $3.2 million in seed funding for its AI-powered attack surface management solution for MSPs.
The post ThreatMate Raises $3.2 Million for Attack Surface Management Platform appeared first on SecurityWeek.
07 February 2025
A review of breach histories of the top 150 insurance companies worldwide reveals 59% included third-party attack vectors.
07 February 2025
A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks.
The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and
07 February 2025
The emergence of DeepSeek has led to malicious actors attempting to exploit its prominence.
07 February 2025
Noteworthy stories that might have slipped under the radar: NanoLock Security ceases operations, NSO publishes transparency report, cybersecurity salaries data.
The post In Other News: Cybersecurity Salaries, NanoLock Collapse, NSO Transparency Report appeared first on SecurityWeek.
07 February 2025
Hospital Sisters Health System says the personal information of 883,000 individuals was compromised in a 2023 crippling cyberattack.
The post Information of 883,000 Stolen in Crippling Attack on Hospital Sisters Health System appeared first on SecurityWeek.
07 February 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution.
"This could
07 February 2025
UK engineering firm IMI says it suffered a cyberattack that resulted in unauthorized access to some of its systems.
The post UK Engineering Giant IMI Hit by Cyberattack appeared first on SecurityWeek.
07 February 2025
University Diagnostic Medical Imaging and Allegheny Health Network have disclosed data breaches impacting approximately 430,000 patients.
The post 430,000 Impacted by Data Breaches at New York, Pennsylvania Healthcare Organizations appeared first on SecurityWeek.
07 February 2025
An analysis by Chainalysis shows that ransomware payments dropped to $813 million in 2024, from $1.25 billion in 2023.
The post Ransomware Payments Dropped to $813 Million in 2024 appeared first on SecurityWeek.
07 February 2025
The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It’s the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution.
This article explores how these changes are impacting business, and how cybersecurity leaders can respond.
Impersonation attacks:
07 February 2025
Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers' pathway.
The tech giant's threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET
07 February 2025
India's central bank, the Reserve Bank of India (RBI), said it's introducing an exclusive "bank.in" internet domain for banks in the country to combat digital financial fraud.
"This initiative aims to reduce cyber security threats and malicious activities like phishing; and, streamline secure financial services, thereby enhancing trust in digital banking and payment services," the RBI said in a
07 February 2025
Trimble Cityworks is affected by a zero-day vulnerability that has been exploited in attacks involving the delivery of malware.
The post Trimble Cityworks Customers Warned of Zero-Day Exploitation appeared first on SecurityWeek.
07 February 2025
Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp's Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack.
The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a
06 February 2025
New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three "free" downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek's design choices -- such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies -- introduce a number of glaring security and privacy risks.
06 February 2025
A bipartisan duo in the the U.S. House is proposing legislation to ban the Chinese artificial intelligence app DeepSeek from federal devices.
The post House Lawmakers Push to Ban AI App DeepSeek From US Government Devices appeared first on SecurityWeek.
06 February 2025
Zimperium warns that threat actors have stolen the information of tens of thousands of Android users in India using over 1,000 malicious applications.
The post 1,000 Apps Used in Malicious Campaign Targeting Android Users in India appeared first on SecurityWeek.
06 February 2025
Video-based abuse is being leveraged in a new Bitcoin scam.