Latest Cybersecurity News and Articles
14 August 2025
The new DDoS attack vector, which involves HTTP/2 implementation flaws, has been compared to Rapid Reset.
The post ‘MadeYouReset’ HTTP2 Vulnerability Enables Massive DDoS Attacks appeared first on SecurityWeek.
14 August 2025
Cybersecurity researchers have disclosed a new Android trojan called PhantomCard that abuses near-field communication (NFC) to conduct relay attacks for facilitating fraudulent transactions in attacks targeting banking customers in Brazil.
"PhantomCard relays NFC data from a victim's banking card to the fraudster's device," ThreatFabric said in a report. "PhantomCard is based on
14 August 2025
Story teaser text: Cybersecurity leaders face mounting pressure to stop attacks before they start, and the best defense may come down to the settings you choose on day one. In this piece, Yuriy Tsibere explores how default policies like deny-by-default, MFA enforcement, and application Ringfencing ™ can eliminate entire categories of risk. From disabling Office macros to blocking outbound server
14 August 2025
Researchers at enterprise browser security firm SquareX showed how an attacker can impersonate a user and bypass passkey security.
The post Passkey Login Bypassed via WebAuthn Process Manipulation appeared first on SecurityWeek.
14 August 2025
Google said it's implementing a new policy requiring developers of cryptocurrency exchanges and wallets to obtain government licenses before publishing apps in 15 jurisdictions in order to "ensure a safe and compliant ecosystem for users."
The policy applies to markets like Bahrain, Canada, Hong Kong, Indonesia, Israel, Japan, the Philippines, South Africa, South Korea, Switzerland, Thailand,
14 August 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
N-able N-central is a Remote Monitoring and Management (RMM) platform designed for Managed Service Providers (MSPs), allowing customers to efficiently manage and secure
13 August 2025
During the April incident, hackers gained access to a digital system which remotely controls one of the dam’s valves and opened it to increase the water flow.
The post Norwegian Police Say Pro-Russian Hackers Were Likely Behind Suspected Sabotage at a Dam appeared first on SecurityWeek.
13 August 2025
Cybersecurity researchers have discovered a new malvertising campaign that's designed to infect victims with a multi-stage malware framework called PS1Bot.
"PS1Bot features a modular design, with several modules delivered used to perform a variety of malicious activities on infected systems, including information theft, keylogging, reconnaissance, and the establishment of persistent system
13 August 2025
Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution.
The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025-49457 (CVSS score: 9.6), relates to a case of an untrusted search path that could pave the way for privilege escalation.
"Untrusted search path in
13 August 2025
Intel, AMD and Nvidia have published security advisories describing vulnerabilities found recently in their products.
The post Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia appeared first on SecurityWeek.
13 August 2025
Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild.
The vulnerability, tracked as CVE-2025-25256, carries a CVSS score of 9.8 out of a maximum of 10.0.
"An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to
13 August 2025
Security operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a queue of alerts, chasing down what turns out to be false positives, or switching between half a dozen tools to piece together context. The work is repetitive, time-consuming, and high-stakes, leaving SOCs under constant pressure to keep up, yet often struggling to stay ahead of emerging
13 August 2025
The RansomHub ransomware group stole sensitive information from staffing and recruiting firm Manpower in January.
The post Manpower Says Data Breach Stemming From Ransomware Attack Impacts 140,000 appeared first on SecurityWeek.
13 August 2025
The AI revolution isn’t coming. It’s already here. From copilots that write our emails to autonomous agents that can take action without us lifting a finger, AI is transforming how we work.
But here’s the uncomfortable truth: Attackers are evolving just as fast.
Every leap forward in AI gives bad actors new tools — deepfake scams so real they trick your CFO, bots that can bypass human review,
13 August 2025
Fortinet and Ivanti have published new security advisories for their August 2025 Patch Tuesday updates.
The post Fortinet, Ivanti Release August 2025 Security Patches appeared first on SecurityWeek.
13 August 2025
Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been disclosed as publicly known at the time of the release.
Of the 111 vulnerabilities, 16 are rated Critical, 92 are rated Important, two are rated Moderate, and one is rated Low in severity. Forty-four of the vulnerabilities relate to privilege
13 August 2025
August 2025 ICS Patch Tuesday advisories have been published by Siemens, Schneider, Aveva, Honeywell, ABB and Phoenix Contact.
The post ICS Patch Tuesday: Major Vendors Address Code Execution Vulnerabilities appeared first on SecurityWeek.
13 August 2025
Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East's public sector and aviation industry.
The threat actor behind the activity, according to Trend Micro, exhibited tactics mirroring those of advanced persistent threat (APT) groups, such as DLL side-loading, process injection, and the ability
13 August 2025
CISA has issued an emergency directive in response to a vulnerability affecting hybrid Microsoft Exchange users.
13 August 2025
Adobe’s security updates fix vulnerabilities in Commerce, Substance, InDesign, FrameMaker, Dimension and other products.
The post Adobe Patches Over 60 Vulnerabilities Across 13 Products appeared first on SecurityWeek.