Latest Cybersecurity News and Articles

---

AppSignal Raises $22 Million for Application Monitoring Solution

Application performance monitoring provider AppSignal has raised $22 million in a Series A funding round led by Elsewhere Partners. The post AppSignal Raises $22 Million for Application Monitoring Solution appeared first on SecurityWeek.

---

Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day

At least two ransomware groups exploited the Windows zero-day CVE-2025-29824 before it was patched by Microsoft. The post Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day appeared first on SecurityWeek.

---

Second OttoKit Vulnerability Exploited to Hack WordPress Sites

Threat actors are targeting a critical-severity vulnerability in the OttoKit WordPress plugin to gain administrative privileges. The post Second OttoKit Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek.

---

US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations

The US government warns of threat actors targeting ICS/SCADA systems at oil and natural gas organizations. The post US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations appeared first on SecurityWeek.

---

Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that masquerades as a seemingly harmless Discord-related utility but incorporates a remote access trojan. The package in question is discordpydebug, which was uploaded to PyPI on March 21, 2022. It has been downloaded 11,574 times and continues to be available on the open-source registry.

---

41 Countries Taking Part in NATO’s Locked Shields 2025 Cyber Defense Exercise

The NATO Cooperative Cyber Defence Centre of Excellence in Estonia is hosting the Locked Shields 2025 cyber defense exercise. The post 41 Countries Taking Part in NATO’s Locked Shields 2025 Cyber Defense Exercise appeared first on SecurityWeek.

---

NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware

A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary damages, more than four months after a federal judge ruled that the Israeli company violated U.S. laws by exploiting WhatsApp servers to deploy Pegasus spyware, targeting over 1,400 individuals globally. WhatsApp originally filed the lawsuit against NSO Group in 2019,

---

Hackers Claim To Steal Files From App Used by Trump Adviser

Hackers have claimed to steal messages from TeleMessage, an app apparently used by Trump’s former national security adviser. 

---

New assurance initiatives to help boost confidence in cyber resilience

Two initiatives designed to raise national cyber resilience announced at the NCSC's CYBERUK 2025 conference.

---

Applying the OODA Loop to Solve the Shadow AI Problem

By taking immediate actions, organizations can ensure that shadow AI is prevented and used constructively where possible. The post Applying the OODA Loop to Solve the Shadow AI Problem appeared first on SecurityWeek.

---

32% of Employees Using AI Hide It From Their Employer

A new report shows how employees are leveraging technology in the workplace for greater autonomy and flexibility. 

---

Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet

Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) devices to corral them into a Mirai botnet for conducting distributed denial-of-service (DDoS) attacks. The activity, first observed by the Akamai Security Intelligence and Response Team (SIRT) in early April 2025, involves the exploitation of two operating system command

---

Ransomware Attacks Declined in April — Why?

Research found less ransomware attacks in April compared to to previous months in 2025. 

---

UK pioneering global move away from passwords

Government to roll out passkey technology across digital services as an alternative to SMS-based verification.

---

FTC Findings Show That Consumers Lost 470 Million to Text Scams

Recent data from the Federal Trade Commission (FTC) found that consumers lost $470 million to text message-based scams. This amount is five times higher than what was reported in 2020.

---

New Investment Scams Use Facebook Ads, RDGA Domains, and IP Checks to Filter Victims

Cybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal their activity through traffic distribution systems (TDSes). The activity clusters have been codenamed Reckless Rabbit and Ruthless Rabbit by DNS threat intelligence firm Infoblox. The attacks have been observed to lure victims with bogus

---

Hacker Conversations: John Kindervag, a Making not Breaking Hacker

John Kindervag is best known for developing the Zero Trust Model. He is a hacker, but not within our common definition of a hacker today. The post Hacker Conversations: John Kindervag, a Making not Breaking Hacker appeared first on SecurityWeek.

---

Second Wave of Attacks Hitting SAP NetWeaver After Zero-Day Compromise

Threat actors are revisiting SAP NetWeaver instances to leverage webshells deployed via a recent zero-day vulnerability. The post Second Wave of Attacks Hitting SAP NetWeaver After Zero-Day Compromise appeared first on SecurityWeek.

---

US Charges Yemeni Man for Black Kingdom Ransomware Attacks

Rami Khaled Ahmed, a 36-year-old from Yemen, has been charged for launching ransomware attacks between 2021 and 2023. The post US Charges Yemeni Man for Black Kingdom Ransomware Attacks appeared first on SecurityWeek.

---

Samsung MagicINFO Vulnerability Exploited Days After PoC Publication

Threat actors started exploiting a vulnerability in Samsung MagicINFO only days after a PoC exploit was published. The post Samsung MagicINFO Vulnerability Exploited Days After PoC Publication appeared first on SecurityWeek.