Latest Cybersecurity News and Articles
14 October 2025
Balancing innovation with ethical governance is crucial for ensuring fairness, accountability, and public trust in the age of intelligent machines.
The post Beyond the Black Box: Building Trust and Governance in the Age of AI appeared first on SecurityWeek.
14 October 2025
Every October brings a familiar rhythm - pumpkin-spice everything in stores and cafés, alongside a wave of reminders, webinars, and checklists in my inbox. Halloween may be just around the corner, yet for those of us in cybersecurity, Security Awareness Month is the true seasonal milestone.
Make no mistake, as a security professional, I love this month. Launched by CISA and the National
14 October 2025
Google has released a partial patch for the Pixnapping attack and is working on an additional fix.
The post Pixnapping Attack Steals Data From Google, Samsung Android Phones appeared first on SecurityWeek.
14 October 2025
Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing guarantees provided by Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP).
The attack, per ETH Zürich researchers Benedict Schlüter and Shweta Shinde, exploits AMD's incomplete protections that make it possible to perform a single memory
14 October 2025
Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google Maps timelines, and other sensitive data without the users' knowledge pixel-by-pixel.
The attack has been codenamed Pixnapping by a group of academics from the University of California (Berkeley), University of
14 October 2025
Before an attacker ever sends a payload, they’ve already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your GitHub repos. These are all clues that help them understand how your systems behave. AI is significantly accelerating reconnaissance and enabling attackers to map your
14 October 2025
SecurityWeek talks to Microsoft Deputy CISOs Ann Johnson and Mark Russinovich.
The post CISO Conversations: Are Microsoft’s Deputy CISOs a Signpost to the Future? appeared first on SecurityWeek.
14 October 2025
A vulnerability in RMP initialization allows the AMD processor’s x86 cores to maliciously control parts of the initial RMP state.
The post RMPocalypse: New Attack Breaks AMD Confidential Computing appeared first on SecurityWeek.
14 October 2025
Users can continue receiving important security updates for Windows 10 by enrolling in the ESU program.
The post Windows 10 Still on Over 40% of Devices as It Reaches End of Support appeared first on SecurityWeek.
14 October 2025
Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks.
Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for attackers to
14 October 2025
Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns.
The Proofpoint Threat Research Team described the threat activity cluster as sophisticated, leveraging web injections and filtering checks as part of its attack chains.
"TA585 is notable because it
13 October 2025
Latest Annual Review reveals that the cyber threats facing the UK continue to escalate.
13 October 2025
The investment plan will focus on areas including artificial intelligence, cybersecurity and quantum computing.
The post JPMorgan to Invest up to $10 Billion in US Companies with Crucial Ties to National Security appeared first on SecurityWeek.
13 October 2025
Emerging from stealth, Born Defense is betting that a new kind of investment model can reshape how the U.S. fights its endless cyber battles.
The post Fighting the Cyber Forever War: Born Defense Blends Investment Strategy with Just War Principles appeared first on SecurityWeek.
13 October 2025
The video game software development company says the incident impacted users of its SpeedTree website.
The post Malicious Code on Unity Website Skims Information From Hundreds of Customers appeared first on SecurityWeek.
13 October 2025
Every week, the cyber world reminds us that silence doesn’t mean safety. Attacks often begin quietly — one unpatched flaw, one overlooked credential, one backup left unencrypted. By the time alarms sound, the damage is done.
This week’s edition looks at how attackers are changing the game — linking different flaws, working together across borders, and even turning trusted tools into weapons.
13 October 2025
Threat actors have rapidly compromised more than 100 SonicWall SSL VPN accounts pertaining to over a dozen entities.
The post SonicWall SSL VPN Accounts in Attacker Crosshairs appeared first on SecurityWeek.
13 October 2025
SimonMed Imaging was targeted by the Medusa ransomware group, which claimed to have stolen 200 Gb of data.
The post SimonMed Imaging Data Breach Impacts 1.2 Million appeared first on SecurityWeek.
13 October 2025
Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal payment data while your WAF and intrusion detection systems see nothing. With the 2025 shopping season weeks away, visibility gaps must close now.
Get the complete Holiday Season Security Playbook here.
Bottom Line Up Front
The 2024 holiday season saw major
13 October 2025
Threat actors used automation to create over 175 malicious NPM packages targeting more than 135 organizations.
The post NPM Infrastructure Abused in Phishing Campaign Aimed at Industrial and Electronics Firms appeared first on SecurityWeek.