Latest Cybersecurity News and Articles
04 February 2025
Nearly two dozen new macOS malware families were observed in 2024, including stealers, backdoors, downloaders and ransomware.
The post 22 New Mac Malware Families Seen in 2024 appeared first on SecurityWeek.
04 February 2025
Law enforcement agencies have dismantled 39 cybercrime domains and associated servers.
04 February 2025
A new survey reveals insights into the biggest threats on cyber experts’ radars.
04 February 2025
Ninety percent of professionals report conformance with Digital Operational Resilience Act and the Network and Information Security Directive 2.
04 February 2025
Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems.
The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module (github.com/boltdb/bolt), per Socket. The malicious version (1.3.1) was published to
04 February 2025
AMD has released patches for a microprocessor vulnerability that could allow an attacker to load malicious microcode.
The post AMD Patches CPU Vulnerability Found by Google appeared first on SecurityWeek.
04 February 2025
Food delivery firm GrubHub has disclosed a data breach impacting the personal information of drivers and customers.
The post Personal Information Compromised in GrubHub Data Breach appeared first on SecurityWeek.
04 February 2025
A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware.
The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version 24.09.
"The vulnerability was
04 February 2025
The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process.
"Targets are typically asked to communicate with an interviewer through a link that throws an error message and a request to install or update some required piece of software such as VCam or
04 February 2025
There has never been a single job description for the CISO – the role depends upon each company, its maturity, its size and resources, and the risk tolerance of boards.
The post Cyber Insights 2025: The CISO Outlook appeared first on SecurityWeek.
04 February 2025
Python developers looking to integrate DeepSeek into their projects were targeted with malicious packages delivered through PyPI.
The post Developers Targeted With Malware Disguised as DeepSeek Package appeared first on SecurityWeek.
04 February 2025
The Contec CMS8000 patient monitors do not contain a malicious backdoor but are plagued by an insecure and vulnerable design.
The post Contec Patient Monitors Not Malicious, but Still Pose Big Risk to Healthcare appeared first on SecurityWeek.
04 February 2025
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud.
But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let’s take a
04 February 2025
The February 2025 Android patches resolve 46 vulnerabilities, including a Linux kernel bug that has been exploited in the wild.
The post Vulnerability Patched in Android Possibly Exploited by Forensic Tools appeared first on SecurityWeek.
04 February 2025
New guidelines encourage device manufacturers to include and enable standard logging and forensic features that are robust and secure by default.
04 February 2025
The New York Blood Center experienced a ransomware attack.
04 February 2025
DeepSeek’s susceptibility to jailbreaks has been compared by Cisco to other popular AI models, including from Meta, OpenAI and Google.
The post DeepSeek Compared to ChatGPT, Gemini in AI Jailbreak Test appeared first on SecurityWeek.
04 February 2025
Taiwan has become the latest country to ban government agencies from using Chinese startup DeepSeek's Artificial Intelligence (AI) platform, citing security risks.
"Government agencies and critical infrastructure should not use DeepSeek, because it endangers national information security," according to a statement released by Taiwan's Ministry of Digital Affairs, per Radio Free Asia.
"DeepSeek
04 February 2025
A security vulnerability has been disclosed in AMD's Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions.
The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity.
"Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local
04 February 2025
Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions.
The flaws are listed below -
CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability
CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service