Latest Cybersecurity News and Articles
02 May 2025
Hundreds of companies showcased their products and services this week at the 2025 edition of the RSA Conference in San Francisco.
The post RSA Conference 2025 Announcement Summary (Day 3) appeared first on SecurityWeek.
02 May 2025
Microsoft is prioritizing passwordless sign-in and sign-up methods, and is making new accounts passwordless by default.
The post Microsoft Accounts Go Passwordless by Default appeared first on SecurityWeek.
02 May 2025
The malware loader known as MintsLoader has been used to deliver a PowerShell-based remote access trojan called GhostWeaver.
"MintsLoader operates through a multi-stage infection chain involving obfuscated JavaScript and PowerShell scripts," Recorded Future's Insikt Group said in a report shared with The Hacker News.
"The malware employs sandbox and virtual machine evasion techniques, a domain
02 May 2025
Ukrainian national Artem Stryzhak was extradited to the US and charged with using Nefilim ransomware in attacks on large businesses.
The post Ukrainian Nefilim Ransomware Affiliate Extradited to US appeared first on SecurityWeek.
02 May 2025
A year after Microsoft announced passkeys support for consumer accounts, the tech giant has announced a big change that pushes individuals signing up for new accounts to use the phishing-resistant authentication method by default.
"Brand new Microsoft accounts will now be 'passwordless by default,'" Microsoft's Joy Chik and Vasu Jakkal said. "New users will have several passwordless options for
02 May 2025
Patrick Opet, CISO at JPMorgan Chase & Co., writes open letter to third-party suppliers.
01 May 2025
A employee at Elon Musk's artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk's companies, including SpaceX, Tesla and Twitter/X, KrebsOnSecurity has learned.
01 May 2025
The latest statement from the NCSC regarding the cyber incident impacting UK retailers
01 May 2025
520,054 records were exposed in ticket reseller breach.
01 May 2025
Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin.
The plugin, which goes by the name "WP-antymalwary-bot.php," comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code.
"Pinging functionality that can report back to a command-and-control (C&C) server
01 May 2025
The Global Risk Survey from AlixPartners found that 61% or more organizations are not sufficiently prepared to address critical risks.
01 May 2025
Nova Scotia Power and Emera are responding to a cybersecurity incident that impacted IT systems and networks.
The post Canadian Electric Utility Hit by Cyberattack appeared first on SecurityWeek.
01 May 2025
The advantages AI tools deliver in speed and efficiency are impossible for developers to resist. But the complexity and risk created by AI-generated code can’t be ignored.
The post Year of the Twin Dragons: Developers Must Slay the Complexity and Security Issues of AI Coding Tools appeared first on SecurityWeek.
01 May 2025
A recent Cymulate report found that 71% of those surveyed consider threat exposure validation to be “absolutely essential.”
01 May 2025
Commvault provides indicators of compromise and mitigation guidance after a zero-day exploit targeting its Azure environment lands in CISA’s KEV catalog.
The post Commvault Shares IoCs After Zero-Day Attack Hits Azure Environment appeared first on SecurityWeek.
01 May 2025
Security Operations Center (SOC) teams are facing a fundamentally new challenge — traditional cybersecurity tools are failing to detect advanced adversaries who have become experts at evading endpoint-based defenses and signature-based detection systems. The reality of these “invisible intruders” is driving a significant need for a multi-layered approach to detecting threats,
01 May 2025
ESET has analyzed Spellbinder, the IPv6 SLAAC spoofing tool Chinese APT TheWizards uses to deploy its WizardNet backdoor.
The post Chinese APT’s Adversary-in-the-Middle Tool Dissected appeared first on SecurityWeek.
01 May 2025
Artificial intelligence (AI) company Anthropic has revealed that unknown threat actors leveraged its Claude chatbot for an "influence-as-a-service" operation to engage with authentic accounts across Facebook and X.
The sophisticated activity, branded as financially-motivated, is said to have used its AI tool to orchestrate 100 distinct persons on the two social media platforms, creating a
01 May 2025
In a world full of noise and promises, it’s those who consistently deliver behind the scenes who build the most respected and rewarding careers.
The post Actions Over Words: Career Lessons for the Security Professional appeared first on SecurityWeek.
01 May 2025
SonicWall has updated the advisories for two vulnerabilities to warn that they are being exploited in the wild.
The post SonicWall Flags Two More Vulnerabilities as Exploited appeared first on SecurityWeek.