Latest Cybersecurity News and Articles
16 May 2025
Healthcare sector suffers a rise in ransomware attacks.
15 May 2025
Once a key figure in the Angler exploit kit underworld, Tarasov’s life has unraveled into detention, paranoia, and an unwanted return to the Russia he publicly despised.
The post Andrei Tarasov: Inside the Journey of a Russian Hacker on the FBI’s Most Wanted List appeared first on SecurityWeek.
15 May 2025
In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick, a.k.a. "Pompompurin," is slated for resentencing next month after pleading guilty to access device fraud and possession of child sexual abuse material (CSAM).
15 May 2025
Austrian privacy non-profit noyb (none of your business) has sent Meta's Irish headquarters a cease-and-desist letter, threatening the company with a class action lawsuit if it proceeds with its plans to train users' data for training its artificial intelligence (AI) models without an explicit opt-in.
The move comes weeks after the social media behemoth announced its plans to train its AI models
15 May 2025
Is Roblox collecting and disclosing children’s data without their parents’
consent?
15 May 2025
Coinbase said a group of rogue contractors were bribed to pull customer data from internal systems, leading to a $20 million ransom demand.
The post Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data appeared first on SecurityWeek.
15 May 2025
Cryptocurrency exchange Coinbase has disclosed that unknown cyber actors broke into its systems and stole account data for a small subset of its customers.
"Criminals targeted our customer support agents overseas," the company said in a statement. "They used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1% of Coinbase monthly
15 May 2025
American steel giant Nucor on Wednesday disclosed a cybersecurity incident that bears the hallmarks of a ransomware attack.
The post Production at Steelmaker Nucor Disrupted by Cyberattack appeared first on SecurityWeek.
15 May 2025
Enterprise cybersecurity giant Proofpoint is buying Germany-based Microsoft 365 security solutions provider Hornetsecurity.
The post Proofpoint to Acquire Hornetsecurity in Reported $1 Billion Deal appeared first on SecurityWeek.
15 May 2025
430K patients’ data was exposed in a breach against Ascension, and security leaders are discussing cyber threats against the healthcare industry.
15 May 2025
Imagine this: Your organization completed its annual penetration test in January, earning high marks for security compliance. In February, your development team deployed a routine software update. By April, attackers had already exploited a vulnerability introduced in that February update, gaining access to customer data weeks before being finally detected.
This situation isn't theoretical: it
15 May 2025
The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector.
The post Chinese Hackers Hit Drone Sector in Supply Chain Attacks appeared first on SecurityWeek.
15 May 2025
Two ransomware groups and several Chinese APTs have been exploiting two recent SAP NetWeaver vulnerabilities.
The post Ransomware Groups, Chinese APTs Exploit Recent SAP NetWeaver Flaws appeared first on SecurityWeek.
15 May 2025
Ransomware has evolved into a deceptive, highly coordinated and dangerously sophisticated threat capable of crippling organizations of any size. Cybercriminals now exploit even legitimate IT tools to infiltrate networks and launch ransomware attacks. In a chilling example, Microsoft recently disclosed how threat actors misused its Quick Assist remote assistance tool to deploy the destructive
15 May 2025
A Russia-linked threat actor has been attributed to a cyber espionage operation targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities, including a then-zero-day in MDaemon, according to new findings from ESET.
The activity, which commenced in 2023, has been codenamed Operation RoundPress by the Slovak cybersecurity company. It has
15 May 2025
Cybersecurity researchers have discovered a malicious package named "os-info-checker-es6" that disguises itself as an operating system information utility to stealthily drop a next-stage payload onto compromised systems.
"This campaign employs clever Unicode-based steganography to hide its initial malicious code and utilizes a Google Calendar event short link as a dynamic dropper for its final
15 May 2025
Nova Scotia Power says a wide range of personal and financial information was stolen in the recent cyberattack.
The post Canadian Electric Utility Lists Customer Information Stolen by Hackers appeared first on SecurityWeek.
15 May 2025
The Australian Human Rights Commission says data submitted through the complaint form on its website was inadvertently exposed.
The post Australian Human Rights Commission Discloses Data Breach appeared first on SecurityWeek.
15 May 2025
Google has rolled out a Chrome 136 update that resolves a high-severity vulnerability for which a public exploit exists.
The post Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’ appeared first on SecurityWeek.
15 May 2025
Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild.
The high-severity vulnerability, tracked as CVE-2025-4664 (CVSS score: 4.3), has been characterized as a case of insufficient policy enforcement in a component called Loader.
"Insufficient policy enforcement in Loader in Google