Latest Cybersecurity News and Articles
03 February 2025
Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild.
The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver.
Successful exploitation of the flaw could lead
03 February 2025
Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks.
This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf
03 February 2025
Vietnamese cybercrime gang shifts from credit card-skimming to exploiting at least two zero-day vulnerabilities enterprise software product.
The post XE Group Cybercrime Gang Moves from Credit Card Skimming to Zero-Day Exploits appeared first on SecurityWeek.
03 February 2025
2025 is an important year – it is probably our last chance to start our migration to post quantum cryptography before we are all undone by cryptographically relevant quantum computers.
The post Cyber Insights 2025: Quantum and the Threat to Encryption appeared first on SecurityWeek.
03 February 2025
According to a recent Sentry report, a majority (67%) of security leaders admit they're feeling more stressed compared to last year.
03 February 2025
As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year.
Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before
03 February 2025
Hundreds of thousands have been impacted by data breaches at Asheville Eye Associates and Delta County Memorial Hospital District.
The post Hundreds of Thousands Hit by Data Breaches at Healthcare Firms in Colorado, North Carolina appeared first on SecurityWeek.
03 February 2025
The maintainers of the Python Package Index (PyPI) registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security.
"Maintainers can now archive a project to let users know that the project is not expected to receive any more updates," Facundo Tuesca, senior engineer at Trail of Bits, said.
In doing so, the idea is to
03 February 2025
A threat actor has infected Casio UK’s website with a web skimmer on all pages, except the typical checkout page.
The post Casio Website Infected With Skimmer appeared first on SecurityWeek.
03 February 2025
Researchers found a jailbreak method that exposed DeepSeek’s system prompt, while others have analyzed the DDoS attacks aimed at the new gen-AI.
The post DeepSeek Security: System Prompt Jailbreak, Details Emerge on Cyberattacks appeared first on SecurityWeek.
03 February 2025
This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices to stopping sneaky tricks online, simple steps are making a big difference.
Let’s take a
03 February 2025
Brazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote.
"Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials," Fortinet FortiGuard Labs researcher Cara Lin said in an analysis published last week.
The
03 February 2025
Insurance firm Globe Life says a threat actor may have compromised the personal information of roughly 850,000 individuals.
The post Insurance Company Globe Life Notifying 850,000 People of Data Breach appeared first on SecurityWeek.
03 February 2025
Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to know what’s exposed and where attackers are most likely to strike.
With cloud adoption dramatically increasing the ease of exposing new systems and services to the internet, prioritizing threats and managing your attack surface from an attacker’s perspective has never been more important.
In this
03 February 2025
Researchers have observed an increase in malicious domains and campaigns impersonating tax agencies and financial institutions.
03 February 2025
Community Health Center, Inc. says hackers stole the personal and health information of over one million individuals.
The post 1 Million Impacted by Data Breach at Connecticut Healthcare Provider appeared first on SecurityWeek.
03 February 2025
A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC, Atomic macOS Stealer (aka AMOS), and Angel Drainer.
"Specializing in identity fraud, cryptocurrency theft, and information-stealing malware, Crazy Evil employs a
03 February 2025
The Chief Secure Networking Officer (CSNO) is a transformative role designed to ensure seamless performance and security for next-generation technologies.
02 February 2025
Explore industry moves and significant changes in the industry for the week of February 3, 2025. Stay updated with the latest industry trends and shifts.
01 February 2025
“Texas will not allow the Chinese Communist Party to infiltrate our state’s critical infrastructure through data-harvesting AI and social media apps,” Abbott said.
The post Texas Governor Orders Ban on DeepSeek, RedNote for Government Devices appeared first on SecurityWeek.