Latest Cybersecurity News and Articles
05 May 2025
A 25-year-old has admitted hacking Disney systems and leaking data under the guise of a hacktivist collective named NullBulge.
The post Man Admits Hacking Disney and Leaking Data Disguised as Hacktivist appeared first on SecurityWeek.
05 May 2025
What if attackers aren't breaking in—they're already inside, watching, and adapting?
This week showed a sharp rise in stealth tactics built for long-term access and silent control. AI is being used to shape opinions. Malware is hiding inside software we trust. And old threats are returning under new names. The real danger isn’t just the breach—it’s not knowing who’s still lurking in your
05 May 2025
The DragonForce ransomware group has claimed responsibility for the recent cyberattacks on UK retailers Co-op, Harrods, and M&S.
The post Ransomware Group Claims Attacks on UK Retailers appeared first on SecurityWeek.
05 May 2025
Let’s be honest: if you're one of the first (or the first) security hires at a small or midsize business, chances are you're also the unofficial CISO, SOC, IT Help Desk, and whatever additional roles need filling. You’re not running a security department. You are THE security department. You're getting pinged about RFPs in one area, and reviewing phishing alerts in another, all while sifting
05 May 2025
PoC code targeting two exploited SonicWall flaws was published just CISA added them to the KEV catalog.
The post PoC Published for Exploited SonicWall Vulnerabilities appeared first on SecurityWeek.
05 May 2025
Thirty-one cybersecurity merger and acquisition (M&A) deals were announced in April 2025.
The post Cybersecurity M&A Roundup: 31 Deals Announced in April 2025 appeared first on SecurityWeek.
05 May 2025
EU privacy watchdog fined TikTok $600 million after a four-year investigation found that data transfers to China put users at risk of spying, in breach of strict EU data privacy rules.
The post TikTok Fined $600 Million for China Data Transfers That Broke EU Privacy Rules appeared first on SecurityWeek.
05 May 2025
The threat actors known as Golden Chickens have been attributed to two new malware families dubbed TerraStealerV2 and TerraLogger, suggesting continued development efforts to fine-tune and diversify their arsenal.
"TerraStealerV2 is designed to collect browser credentials, cryptocurrency wallet data, and browser extension information," Recorded Future Insikt Group said. "TerraLogger, by contrast
05 May 2025
APTs focusing on the United States increased by 136%.
03 May 2025
Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system's primary disk and render it unbootable.
The names of the packages are listed below -
github[.]com/truthfulpharm/prototransform
github[.]com/blankloggia/go-mcp
github[.]com/steelpoor/tlsproxy
"Despite appearing legitimate,
03 May 2025
An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years.
The activity, which lasted from at least May 2023 to February 2025, entailed "extensive espionage operations and suspected network prepositioning – a tactic often used to maintain persistent access for future
03 May 2025
The U.S. Department of Justice (DoJ) on Thursday announced charges against a 36-year-old Yemeni national for allegedly deploying the Black Kingdom ransomware against global targets, including businesses, schools, and hospitals in the United States.
Rami Khaled Ahmed of Sana'a, Yemen, has been charged with one count of conspiracy, one count of intentional damage to a protected computer, and one
02 May 2025
Apple has issued threat notifications to select individuals who it believes may have been targeted by mercenary spyware attacks.
02 May 2025
The US government says defense contractor Raytheon and Nightwing agreed to pay $8.4 million to settle False Claims Act allegations.
The post Raytheon, Nightwing to Pay $8.4 Million in Settlement Over Cybersecurity Failures appeared first on SecurityWeek.
02 May 2025
Ireland's Data Protection Commission (DPC) on Tuesday fined popular video-sharing platform TikTok €530 million ($601 million) for infringing data protection regulations in the region by transferring European users' data to China.
"TikTok infringed the GDPR regarding its transfers of EEA [European Economic Area] User Data to China and its transparency requirements," the DPC said in a statement. "
02 May 2025
Noteworthy stories that might have slipped under the radar: NullPoint Stealer source code leaked, researcher earns $17,500 from Apple for vulnerability, BreachForums down after zero-day exploitation by police.
The post In Other News: NullPoint Source Code Leak, $17,500 for iPhone Flaw, BreachForums Down appeared first on SecurityWeek.
02 May 2025
An analysis of more than 19 billion passwords finds that insecure password practices persist.
02 May 2025
Major UK retailers Co-op, Harrods, and M&S are scrambling to restore services that were affected by cyberattacks.
The post UK Retailers Co-op, Harrods and M&S Struggle With Cyberattacks appeared first on SecurityWeek.
02 May 2025
Run by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform’s Community Edition.
A recent standout is a workflow that automates monitoring for security advisories from CISA and other vendors, enriches advisories with CrowdStrike
02 May 2025
Nova Scotia Power’s investigation has shown that the recent cyberattack resulted in the theft of some customer information.
The post Nova Scotia Power Says Hackers Stole Customer Information appeared first on SecurityWeek.