Latest Cybersecurity News and Articles
28 May 2025
An Iranian national has pleaded guilty in the U.S. over his involvement in an international ransomware and extortion scheme involving the Robbinhood ransomware.
Sina Gholinejad (aka Sina Ghaaf), 37, and his co-conspirators are said to have breached the computer networks of various organizations in the United States and encrypted files with Robbinhood ransomware to demand Bitcoin ransom payments.
28 May 2025
Data broker giant LexisNexis Risk Solutions says personal information was stolen from 364,000 people in a December 2024 data breach.
The post 364,000 Impacted by Data Breach at LexisNexis Risk Solutions appeared first on SecurityWeek.
28 May 2025
The Czech Republic on Wednesday formally accused a threat actor associated with the People's Republic of China (PRC) of targeting its Ministry of Foreign Affairs.
In a public statement, the government said it identified China as the culprit behind a malicious campaign targeting one of the unclassified networks of the Czech Ministry of Foreign Affairs. The extent of the breach is presently not
28 May 2025
More than 40% of breaches in fintech organizations can be linked to third-party vendors.
28 May 2025
The Czech government issues a blunt warning to China after APT31 hackers linked to intrusion at critical infrastructure network.
The post Czech Government Condemns Chinese Hack on Critical Infrastructure appeared first on SecurityWeek.
28 May 2025
Cybersecurity researchers have discovered a security flaw in Microsoft's OneDrive File Picker that, if successfully exploited, could allow websites to access a user's entire cloud storage content, as opposed to just the files selected for upload via the tool.
"This stems from overly broad OAuth scopes and misleading consent screens that fail to clearly explain the extent of access being granted,
28 May 2025
Identity security automation platform Cerby has raised $40 million in Series B funding to scale operations.
The post Cerby Raises $40 Million for Identity Automation Platform appeared first on SecurityWeek.
28 May 2025
Mandiant warns that a Vietnamese hacking group tracked as UNC6032 is distributing malware via fake AI video generator websites.
The post Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites appeared first on SecurityWeek.
28 May 2025
Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot.
Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts.
"Rather than scanning the internet, the malware retrieves a list of targets from a command-and-control (C2) server
28 May 2025
Security researchers warn that OneDrive’s file sharing tool may grant third-party web apps access to all your files—not just the one you choose to upload.
The post OneDrive Gives Web Apps Full Read Access to All Files appeared first on SecurityWeek.
28 May 2025
Google and Mozilla released patches for Chrome and FireFox to address a total of 21 vulnerabilities between the two browsers, including three rated high severity.
The post Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
28 May 2025
Stealer malware no longer just steals passwords. In 2025, it steals live sessions—and attackers are moving faster and more efficiently than ever.
While many associate account takeovers with personal services, the real threat is unfolding in the enterprise. Flare’s latest research, The Account and Session Takeover Economy, analyzed over 20 million stealer logs and tracked attacker activity across
28 May 2025
A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System (CMS) to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware.
The vulnerability in question is CVE-2025-32432, a maximum severity flaw in Craft CMS that was patched in
28 May 2025
New report says organizations should always consider environmental context when assessing the impact of vulnerabilities in CISA KEV catalog.
The post Vulnerabilities in CISA KEV Are Not Equally Critical: Report appeared first on SecurityWeek.
28 May 2025
Physicist Neil Johnson explores how fundamental laws of nature could explain why AI sometimes fails—and what to do about it.
The post The Root of AI Hallucinations: Physics Theory Digs Into the ‘Attention’ Flaw appeared first on SecurityWeek.
28 May 2025
Would you expect an end user to log on to a cybercriminal’s computer, open their browser, and type in their usernames and passwords? Hopefully not! But that’s essentially what happens if they fall victim to a Browser-in-the-Middle (BitM) attack.
Like Man-in-the-Middle (MitM) attacks, BiTM sees criminals look to control the data flow between the victim’s computer and the target service, as
28 May 2025
Hackers exploited a vulnerability in Cetus Protocol, a liquidity provider on the SUI blockchain.
The post $223 Million Stolen in Cetus Protocol Hack appeared first on SecurityWeek.
28 May 2025
Cybersecurity researchers have disclosed details of a coordinated cloud-based scanning activity that targeted 75 distinct "exposure points" earlier this month.
The activity, observed by GreyNoise on May 8, 2025, involved as many as 251 malicious IP addresses that are all geolocated to Japan and hosted by Amazon.
"These IPs triggered 75 distinct behaviors, including CVE exploits,
28 May 2025
Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more than $2 billion in 2024 alone.
The company said the App Store is confronted by a wide range of threats that seek to defraud users in various ways, ranging from "deceptive apps designed to steal personal information to fraudulent payment schemes that attempt to exploit
27 May 2025
Zscaler signals a big push into the security-operations market with the announcement of plans to buy Denver-based Red Canary.
The post Zscaler to Acquire MDR Specialist Red Canary appeared first on SecurityWeek.