Latest Cybersecurity News and Articles
27 January 2025
The Open Web Application Security Project has recently introduced a new Top 10 project - the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists.
Non-human identity security represents an emerging
27 January 2025
A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities.
The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and PseudoGamaredon.
27 January 2025
Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC.
"MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or a JScript file,"
27 January 2025
Explore industry moves and significant changes in the industry for the week of January 27, 2025. Stay updated with the latest industry trends and shifts.
26 January 2025
A high-severity security flaw has been disclosed in Meta's Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server.
The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the other hand, has assigned it a
24 January 2025
Security magazine highlights a few upcoming cybersecurity conferences in 2025.
24 January 2025
A vulnerability in Subaru’s Starlink connected vehicle service exposed US, Canada, and Japan vehicle and customer accounts.
The post Subaru Starlink Vulnerability Exposed Cars to Remote Hacking appeared first on SecurityWeek.
24 January 2025
North Korean fake IT workers are more aggressively extorting their employers in response to law enforcement actions.
The post North Korean Fake IT Workers More Aggressively Extorting Enterprises appeared first on SecurityWeek.
24 January 2025
Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York for $2 million, trojanized RAT builder targets script kiddies.
The post In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies appeared first on SecurityWeek.
24 January 2025
A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network.
The 119 vulnerabilities, assigned 97 unique CVE identifiers, span seven LTE implementations – Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC,
24 January 2025
The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to North Korea.
The post US Charges Five People Over North Korean IT Worker Scheme appeared first on SecurityWeek.
24 January 2025
CISA has added the JQuery flaw CVE-2020-11023, previously linked to APT1, to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Warns of Old jQuery Vulnerability Linked to Chinese APT appeared first on SecurityWeek.
24 January 2025
Four decades of student and educator information was stolen from PowerSchool – tens of millions are potentially affected.
The post Millions Impacted by PowerSchool Data Breach appeared first on SecurityWeek.
24 January 2025
Business resilience must be the ultimate purpose of all the security controls and processes we employ, because we will never conclusively defeat or protect ourselves from social engineering.
The post Cyber Insights 2025: Social Engineering Gets AI Wings appeared first on SecurityWeek.
24 January 2025
Pwn2Own Automotive 2025 has come to an end and participants have earned a total of $886,000 for exploits targeting EV chargers and infotainment systems.
The post Hackers Earn $886,000 at Pwn2Own Automotive 2025 for Charger, OS, Infotainment Exploits appeared first on SecurityWeek.
24 January 2025
Eclypsium warns that Palo Alto Networks firewalls are impacted by BIOS and bootloader flaws, but the vendor says users should not be concerned.
The post Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls appeared first on SecurityWeek.
24 January 2025
The modern workplace has undergone a seismic transformation over recent years, with hybrid work becoming the norm and businesses rapidly adopting cloud-based Software-as-a-Service (SaaS) applications to facilitate it. SaaS applications like Microsoft 365 and Google Workspace have now become the backbone of business operations, enabling seamless collaboration and productivity. However, this
24 January 2025
The U.S. Department of Justice (DoJ) on Thursday indicted two North Korean nationals, a Mexican national, and two of its own citizens for their alleged involvement in the ongoing fraudulent information technology (IT) worker scheme that seeks to generate revenue for the Democratic People's Republic of Korea (DPRK) in violation of international sanctions.
The action targets Jin Sung-Il (진성일), Pak
24 January 2025
A new report discusses the relationship between cybersecurity and insurance as digital infrastructure grows increasingly intertwined into business operations.
24 January 2025
Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations.
"When you turn on Identity Check, your device will require explicit biometric authentication to access certain sensitive resources when you're outside of trusted locations," Google said in a post announcing the