Latest Cybersecurity News and Articles
11 August 2025
A researcher has been given the highest reward in Google’s Chrome bug bounty program for a sandbox escape with remote code execution.
The post Chrome Sandbox Escape Earns Researcher $250,000 appeared first on SecurityWeek.
11 August 2025
New physics-based research suggests large language models could predict when their own answers are about to go wrong — a potential game changer for trust, risk, and security in AI-driven systems.
The post Managing the Trust-Risk Equation in AI: Predicting Hallucinations Before They Strike appeared first on SecurityWeek.
11 August 2025
The U.K. data watchdog warns that sharing images of shoplifters online or in store windows may violate their rights under GDPR laws.
11 August 2025
Hackers targeted Connex, one of the largest credit unions in Connecticut, and likely stole files containing personal information.
The post Connex Credit Union Data Breach Impacts 172,000 People appeared first on SecurityWeek.
11 August 2025
This week, cyber attackers are moving quickly, and businesses need to stay alert. They’re finding new weaknesses in popular software and coming up with clever ways to get around security. Even one unpatched flaw could let attackers in, leading to data theft or even taking control of your systems. The clock is ticking—if defenses aren’t updated regularly, it could lead to serious damage. The
11 August 2025
A researcher has demonstrated how a platform used by over 1,000 dealerships in the US could have been used to hack cars.
The post Flaws in Major Automaker’s Dealership Systems Allowed Car Hacking, Personal Data Theft appeared first on SecurityWeek.
11 August 2025
The Evolution of Exposure Management
Most security teams have a good sense of what’s critical in their environment. What’s harder to pin down is what’s business-critical. These are the assets that support the processes the business can’t function without. They’re not always the loudest or most exposed. They’re the ones tied to revenue, operations, and delivery. If one goes down, it’s more than a
11 August 2025
WinRAR has patched CVE-2025-8088, a zero-day exploited by Russia’s RomCom in attacks on financial, defense, manufacturing and logistics companies.
The post Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada appeared first on SecurityWeek.
11 August 2025
Eclypsium researchers have demonstrated a BadCam attack against Lenovo cameras, but others may be impacted as well.
The post BadCam: New BadUSB Attack Turns Linux Webcams Into Persistent Threats appeared first on SecurityWeek.
11 August 2025
The maintainers of the WinRAR file archiving utility have released an update to address an actively exploited zero-day vulnerability.
Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been described as a case of path traversal affecting the Windows version of the tool that could be exploited to obtain arbitrary code execution by crafting malicious archive files.
"When extracting a file,
10 August 2025
A novel attack technique could be weaponized to rope thousands of public domain controllers (DCs) around the world to create a malicious botnet and use it to conduct power distributed denial-of-service (DDoS) attacks.
The approach has been codenamed Win-DDoS by SafeBreach researchers Or Yair and Shahak Morag, who presented their findings at the DEF CON 33 security conference today.
"As we
10 August 2025
Cybersecurity researchers have presented new findings related to a now-patched security issue in Microsoft's Windows Remote Procedure Call (RPC) communication protocol that could be abused by an attacker to conduct spoofing attacks and impersonate a known server.
The vulnerability, tracked as CVE-2025-49760 (CVSS score: 3.5), has been described by the tech giant as a Windows Storage spoofing bug
09 August 2025
Cybersecurity researchers have disclosed vulnerabilities in select model webcams from Lenovo that could turn them into BadUSB attack devices.
"This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system," Eclypsium researchers Paul Asadoorian, Mickey Shkatov, and Jesse Michael said in a report shared with The Hacker News.
The
09 August 2025
Cybersecurity researchers have uncovered multiple security flaws in Dell's ControlVault3 firmware and its associated Windows APIs that could have been abused by attackers to bypass Windows login, extract cryptographic keys, as well as maintain access even after a fresh operating system install by deploying undetectable malicious implants into the firmware.
The vulnerabilities have been codenamed
09 August 2025
Cybersecurity researchers have uncovered a jailbreak technique to bypass ethical guardrails erected by OpenAI in its latest large language model (LLM) GPT-5 and produce illicit instructions.
Generative artificial intelligence (AI) security platform NeuralTrust said it combined a known technique called Echo Chamber with narrative-driven steering to trick the model into producing undesirable
09 August 2025
Researchers showed how flaws in a bus’ onboard and remote systems can be exploited by hackers for tracking, control and spying.
The post Free Wi-Fi Leaves Buses Vulnerable to Remote Hacking appeared first on SecurityWeek.
09 August 2025
Cybersecurity researchers have discovered over a dozen vulnerabilities in enterprise secure vaults from CyberArk and HashiCorp that, if successfully exploited, can allow remote attackers to crack open corporate identity systems and extract enterprise secrets and tokens from them.
The 14 vulnerabilities, collectively named Vault Fault, affect CyberArk Secrets Manager, Self-Hosted, and
08 August 2025
A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly. The four-part series follows the exploits of Julius Kivimäki, a prolific Finnish hacker recently convicted of leaking tens of thousands of patient records from an online psychotherapy practice while attempting to extort the clinic and its patients.
08 August 2025
Researchers demonstrate how multi-turn “storytelling” attacks bypass prompt-level filters, exposing systemic weaknesses in GPT-5’s defenses.
The post Red Teams Jailbreak GPT-5 With Ease, Warn It’s ‘Nearly Unusable’ for Enterprise appeared first on SecurityWeek.
08 August 2025
Taking place August 12-13, CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained.
The post CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds appeared first on SecurityWeek.