Latest Cybersecurity News and Articles
28 January 2025
Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar.
"ESXi appliances, which are unmonitored, are increasingly exploited as a persistence mechanism and gateway to access corporate networks widely," Sygnia
28 January 2025
Apple has released fixes for dozens of vulnerabilities in its mobile and desktop products, including an iOS zero-day exploited in attacks.
The post Apple Patches First Exploited iOS Zero-Day of 2025 appeared first on SecurityWeek.
28 January 2025
While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity. Hashing, however, remains a non-negotiable. Even long secure passphrases should be hashed to prevent them
28 January 2025
The Council of the European Union has sanctioned three individuals for allegedly carrying out "malicious cyber activities" against Estonia.
The three Russian nationals – Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov – are officers of the General Staff of the Armed Forces of the Russian Federation (GRU) Unit 29155, it said.
Per the council decision, all the
28 January 2025
DeepSeek, the Chinese AI startup that has captured much of the artificial intelligence (AI) buzz in recent days, said it's restricting registrations on the service, citing malicious attacks.
"Due to large-scale malicious attacks on DeepSeek's services, we are temporarily limiting registrations to ensure continued service," the company said in an incident report page. "Existing users can log in
28 January 2025
This Data Privacy Day, cybersecurity experts share insights on data protection best practices.
27 January 2025
Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild.
The vulnerability, tracked as CVE-2025-24085, has been described as a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges.
"Apple is
27 January 2025
President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation's cybersecurity posture. The president fired all advisors from the Department of Homeland Security's Cyber Safety Review Board, called for the creation of a strategic cryptocurrency reserve, and voided a Biden administration action that sought to reduce the risks that artificial intelligence poses to consumers, workers and national security.
27 January 2025
UK telecoms firm TalkTalk has confirmed falling victim to a data breach after a threat actor boasted about hacking it.
The post TalkTalk Confirms Data Breach, Downplays Impact appeared first on SecurityWeek.
27 January 2025
Vulnerabilities in LTE/5G core infrastructure, some remotely exploitable, could lead to persistent denial-of-service to entire cities.
The post LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity appeared first on SecurityWeek.
27 January 2025
Security leaders discuss a new mobile phishing campaign that impersonates the USPS.
27 January 2025
Cybersecurity regulations are facing a tipping point. There are too many and they are too complex to manage – and it’s getting worse.
The post Cyber Insights 2025: Cybersecurity Regulatory Mayhem appeared first on SecurityWeek.
27 January 2025
Opengrep is a new consortium-backed fork of Semgrep, intended to be and remain a true genuine OSS SAST tool.
The post Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST appeared first on SecurityWeek.
27 January 2025
Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user's Git credentials.
"Git implements a protocol called Git Credential Protocol to retrieve credentials from the credential helper," GMO Flatt Security researcher Ry0taK, who discovered the flaws
27 January 2025
Industrial automation protocols continue to be the most targeted in OT attacks, but building automation systems have been increasingly targeted.
The post Building Automation Protocols Increasingly Targeted in OT Attacks: Report appeared first on SecurityWeek.
27 January 2025
The Department of Homeland Security has dismissed its advisory committees, including the Cyber Safety Review Board (CSRB).
27 January 2025
According to a recent report, between 2023 and 2024, the median monthly rate of advanced email attacks in the APAC region surged by 26.9%.
27 January 2025
Vulnerabilities in Git’s credential retrieval protocol could have allowed attackers to compromise user credentials.
The post Git Vulnerabilities Led to Credentials Exposure appeared first on SecurityWeek.
27 January 2025
Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, we’re breaking down the sophisticated world of AI-driven threats, key updates in regulations, and some urgent vulnerabilities in healthcare tech that need our attention.
As we unpack these complex topics, we'll equip you with sharp insights to
27 January 2025
The impact of the Change Healthcare ransomware-caused data breach has increased from 100 million to 190 million individuals.
The post Change Healthcare Data Breach Impact Grows to 190 Million Individuals appeared first on SecurityWeek.