Latest Cybersecurity News and Articles
09 May 2025
An executive agency of the UK’s Ministry of Justice experienced a cyberattack.
09 May 2025
Noteworthy stories that might have slipped under the radar: surge in cyberattacks between India and Pakistan, Radware cloud WAF vulnerabilities, xAI key leak.
The post In Other News: India-Pakistan Cyberattacks, Radware Vulnerabilities, xAI Leak appeared first on SecurityWeek.
09 May 2025
Supply chain attack compromises the popular rand-user-agent NPM package to deploy and activate a backdoor.
The post Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack appeared first on SecurityWeek.
09 May 2025
VMS firm Valsoft Corporation says the personal information of over 160,000 people was compromised in a February 2025 data breach.
The post 160,000 Impacted by Valsoft Data Breach appeared first on SecurityWeek.
09 May 2025
Three NPM packages posing as developer tools for Cursor AI code editor’s macOS version contain a backdoor.
The post Malicious NPM Packages Target Cursor AI’s macOS Users appeared first on SecurityWeek.
09 May 2025
Sightline Security’s founder explains why nonprofits need cybersecurity solutions tailored to their unique missions — and why vendors need to listen.
The post Rising Tides: Kelley Misata on Bringing Cybersecurity to Nonprofits appeared first on SecurityWeek.
09 May 2025
Cybersecurity researchers are warning of a new campaign that's targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management (RMM) software since January 2025.
"The spam message uses the Brazilian electronic invoice system, NF-e, as a lure to entice users into clicking hyperlinks and accessing malicious content hosted in Dropbox," Cisco Talos
09 May 2025
AI agents are changing the way businesses work. They can answer questions, automate tasks, and create better user experiences. But with this power comes new risks — like data leaks, identity theft, and malicious misuse.
If your company is exploring or already using AI agents, you need to ask: Are they secure?
AI agents work with sensitive data and make real-time decisions. If they’re not
09 May 2025
Cybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial intelligence (AI)-powered source code editor.
"Disguised as developer tools offering 'the cheapest Cursor API,' these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor's
09 May 2025
Hundreds of SAP NetWeaver instances hacked via a zero-day that allows remote code execution, not only arbitrary file uploads, as initially believed.
The post SAP Zero-Day Targeted Since January, Many Sectors Impacted appeared first on SecurityWeek.
09 May 2025
VC firm Insight Partners is informing partners and employees that their information was exposed in the January 2025 cyberattack.
The post Company and Personal Data Compromised in Recent Insight Partners Hack appeared first on SecurityWeek.
09 May 2025
The Vulnerability Treadmill
The reactive nature of vulnerability management, combined with delays from policy and process, strains security teams. Capacity is limited and patching everything immediately is a struggle. Our Vulnerability Operation Center (VOC) dataset analysis identified 1,337,797 unique findings (security issues) across 68,500 unique customer assets. 32,585 of them were distinct
09 May 2025
Private messages, Bitcoin addresses, victim data, and attacker information were leaked after someone hacked a LockBit admin panel.
The post Valuable Information Leaked in LockBit Ransomware Hack appeared first on SecurityWeek.
09 May 2025
Google on Thursday announced it's rolling out new artificial intelligence (AI)-powered countermeasures to combat scams across Chrome, Search, and Android.
The tech giant said it will begin using Gemini Nano, its on-device large language model (LLM), to improve Safe Browsing in Chrome 137 on desktops.
"The on-device approach provides instant insight on risky websites and allows us to offer
09 May 2025
How are small and medium-sized businesses (SMBs) operating in today’s shifting threat landscape?
09 May 2025
A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver.
Forescout Vedere Labs, in a report published today, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025.
CVE-2025-31324 refers to a critical SAP NetWeaver flaw
08 May 2025
More information on the cyberattacks against Marks & Spencer (M&S) and Co-op has emerged, revealing that hackers deceived IT workers into resetting passwords.
08 May 2025
Cybersecurity researchers have exposed what they say is an "industrial-scale, global cryptocurrency phishing operation" engineered to steal digital assets from cryptocurrency wallets for several years.
The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin.
"FreeDrain uses SEO manipulation, free-tier web services (like gitbook.io, webflow.io, and github.io
08 May 2025
British startup exits stealth with $20 million in seed-stage financing led by US investors Scout Ventures and Artis Ventures.
The post Valarian Bags $20M Seed Capital for ‘Isolation-First’ Infrastructure Tech appeared first on SecurityWeek.
08 May 2025
SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code execution.
The vulnerabilities are listed below -
CVE-2025-32819 (CVSS score: 8.8) - A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user privileges to bypass the path traversal checks and delete an