Latest Cybersecurity News and Articles
01 February 2025
U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers as part of efforts to disrupt a network of online marketplaces originating from Pakistan.
The action, which took place on January 29, 2025, has been codenamed Operation Heart Blocker.
The vast array of sites in question peddled phishing toolkits and fraud-enabling tools and
01 February 2025
BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company's Remote Support SaaS instances by making use of a compromised API key.
The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged
01 February 2025
Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members.
The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutralized in December 2024.
In a statement to The Guardian, the encrypted messaging app said it has reached
31 January 2025
Cybersecurity researchers have discovered a malvertising campaign that's targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials.
"These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft's advertising platform," Jérôme Segura, senior
31 January 2025
The FBI and authorities in The Netherlands this week seized a number of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname "The Manipulaters," have been the subject of three stories published here since 2015. The FBI said the main clientele are organized crime groups that try to trick victim companies into making payments to a third party.
31 January 2025
Noteworthy stories that might have slipped under the radar: stealing browser data via Syncjacking, hackers falsely claim AWS breach, Google prevented 2 million bad apps from reaching Google Play.
The post In Other News: Browser Syncjacking, Fake AWS Hack, Google Blocked 2M Bad Apps appeared first on SecurityWeek.
31 January 2025
Italy’s data protection authority expressed dissatisfaction with DeepSeek’s response to its query about what personal data is collected, where it is stored and how users are notified.
The post Italy Blocks Access to the Chinese AI Application DeepSeek to Protect Users’ Data appeared first on SecurityWeek.
31 January 2025
US and Dutch authorities seized 39 domains to disrupt a network of hacking and fraud marketplaces operated by Saim Raza.
The post US, Dutch Authorities Disrupt Pakistani Hacking Shop Network appeared first on SecurityWeek.
31 January 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors.
The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a scale of 10.0. The flaw, alongside two other issues, was reported to CISA
31 January 2025
APIs have become a prominent attack surface over the past year.
31 January 2025
APIs have become a prominent attack surface over the past year.
31 January 2025
Two individuals have been arrested and one alleged admin has been charged in the takedown of the Nulled and Cracked cybercrime forums.
The post 2 Arrested in Takedown of Nulled, Cracked Hacking Forums appeared first on SecurityWeek.
31 January 2025
New York Blood Center Enterprises and its operating divisions have taken systems offline to contain a ransomware attack.
The post New York Blood Bank Hit by Ransomware appeared first on SecurityWeek.
31 January 2025
Subaru’s STARLINK connected vehicle service contains a vulnerability that permits access to user accounts and vehicles.
31 January 2025
CISA and FDA say Contec patient monitors used in the US contain a backdoor function that could allow remote attackers to tamper with the device.
The post CISA, FDA Warn of Dangerous Backdoor in Contec Patient Monitors appeared first on SecurityWeek.
31 January 2025
Different research teams have demonstrated jailbreaks against ChatGPT, DeepSeek, and Alibaba’s Qwen AI models.
The post ChatGPT, DeepSeek Vulnerable to AI Jailbreaks appeared first on SecurityWeek.
31 January 2025
Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. There’s no brute-force ‘spray and pray’ password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems.
31 January 2025
Italy's data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek's service within the country, citing a lack of information on its use of users' personal data.
The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking about its data handling practices and where it obtained its training data.
In particular, it wanted
31 January 2025
Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps.
The tech giant also noted it prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data during the time period by working with
31 January 2025
NorthBay Health says hackers stole the personal information of 569,000 individuals in a 2024 ransomware attack.
The post NorthBay Health Data Breach Impacts 569,000 Individuals appeared first on SecurityWeek.