Latest Cybersecurity News and Articles
06 February 2025
Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT.
The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China.
"This actor has increasingly targeted key roles
06 February 2025
Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023.
The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by about 3.94%.
"The number of ransomware events increased into H2, but on-chain payments declined,
06 February 2025
A new report reveals an increase in credential-stealing malware.
06 February 2025
Astra Security and Invary have received new funding to fuel development of their vulnerability scanning and runtime security solutions.
The post Astra, Invary Raise Millions for AI-Powered Pentesting, Runtime Security appeared first on SecurityWeek.
06 February 2025
Spanish authorities have arrested an individual who allegedly hacked several high-profile organizations, including NATO and the US army.
The post Hacker Who Targeted NATO, US Army Arrested in Spain appeared first on SecurityWeek.
06 February 2025
Five Eyes cybersecurity agencies have released guidance on securing edge devices against increasing threats.
The post Five Eyes Agencies Release Guidance on Securing Edge Devices appeared first on SecurityWeek.
06 February 2025
The blame of security incidents may be shared—but the burden of response always falls on the security team. Here’s how to prepare for the inevitable.
The post Security Teams Pay the Price: The Unfair Reality of Cyber Incidents appeared first on SecurityWeek.
06 February 2025
A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets.
The attacks leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to a command-and-control (C2) server,
06 February 2025
Critical vulnerabilities in Cisco Identity Services Engine could lead to elevation of privileges and system configuration modifications.
The post Cisco Patches Critical Vulnerabilities in Enterprise Management Product appeared first on SecurityWeek.
06 February 2025
Privileged Access Management (PAM) has emerged as a cornerstone of modern cybersecurity strategies, shifting from a technical necessity to a critical pillar in leadership agendas. With the PAM market projected to reach $42.96 billion by 2037 (according to Research Nester), organizations invest heavily in PAM solutions.
Why is PAM climbing the ranks of leadership priorities? While Gartner
06 February 2025
The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC).
The attacks commence with phishing emails containing a Windows shortcut (LNK) file that's disguised as a Microsoft Office or PDF document.
06 February 2025
Researchers see dozens of fake DeepSeek websites used for credential phishing, cryptocurrency theft, and scams.
The post Fake DeepSeek Sites Used for Credential Phishing, Crypto Theft, Scams appeared first on SecurityWeek.
06 February 2025
You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: "Pay $2 million in Bitcoin within 48 hours or lose everything."
And the worst part is that even after paying, there’s no guarantee you’ll get your data back. Many victims hand over the money, only to receive nothing in return, or worse, get
06 February 2025
7AI has launched an agentic security platform, which uses AI agents to handle repetitive tasks, and raised $36 million in seed funding.
The post 7AI Raises $36 Million in Seed Funding for Agentic Security Platform appeared first on SecurityWeek.
06 February 2025
Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices.
The vulnerabilities are listed below -
CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote
05 February 2025
San Francisco application security startup raises $100 million in a Series D funding round led by Menlo Ventures.
The post Semgrep Raises $100M for AI-Powered Code Security Platform appeared first on SecurityWeek.
05 February 2025
DeepSeek has computer code that could send some user login information to China Mobile.
The post Researchers Link DeepSeek’s Blockbuster Chatbot to Chinese Telecom Banned From Doing Business in US appeared first on SecurityWeek.
05 February 2025
With each passing year, social engineering attacks are becoming bigger and bolder thanks to rapid advancements in artificial intelligence.
The post How Agentic AI will be Weaponized for Social Engineering Attacks appeared first on SecurityWeek.
05 February 2025
David Kennedy is a hacker. There is no doubt about that. He has qualities common among hackers, but also many differences.
The post Hacker Conversations: David Kennedy – an Atypical Typical Hacker appeared first on SecurityWeek.
05 February 2025
The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems.
According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of