Latest Cybersecurity News and Articles

---

Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products

Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023.  Of the 75 zero-days, 44% of them targeted enterprise products. As many as 20 flaws were identified in security software and appliances. "Zero-day exploitation of browsers and mobile devices fell drastically, decreasing by about a third for browsers and by about half for

---

CISA Warns of Exploited Broadcom, Commvault Vulnerabilities

CISA urges immediate patching for recently disclosed Broadcom, Commvault, and Qualitia vulnerabilities exploited in the wild. The post CISA Warns of Exploited Broadcom, Commvault Vulnerabilities appeared first on SecurityWeek.

---

Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool

In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that's capable of conducting surveillance. The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support the use of the Uyghur

---

‘Source of data’: are electric cars vulnerable to cyber spies and hackers?

British defence firms have reportedly warned staff not to connect their phones to Chinese-made EVsMobile phones and desktop computers are longstanding targets for cyber spies – but how vulnerable are electric cars?On Monday the i newspaper claimed that British defence firms working for the UK government have warned staff against connecting or pairing their phones with Chinese-made electric cars, due to fears that Beijing could extract sensitive data from the devices. Continue reading...

---

CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-1976 (CVSS score: 8.6) - A code injection flaw

---

IBM’s $150 Billion US Investment to Boost Quantum Innovation and National Security

IBM will invest more than $30 billion in research and development to advance and continue its American manufacturing of mainframe and quantum computers. The post IBM’s $150 Billion US Investment to Boost Quantum Innovation and National Security appeared first on SecurityWeek.

---

Palo Alto Networks to Acquire AI Security Firm Protect AI

Palo Alto Networks is acquiring AI security company Protect AI in a deal previously estimated at $650-700 million. The post Palo Alto Networks to Acquire AI Security Firm Protect AI appeared first on SecurityWeek.

---

NetFoundry Raises $12 Million for Network Security Solutions

Zero-trust network security solutions provider NetFoundry has raised $12 million in funding from SYN Ventures. The post NetFoundry Raises $12 Million for Network Security Solutions appeared first on SecurityWeek.

---

JPMorgan Chase CISO Fires Warning Shot Ahead of RSA Conference

This tension between hard-edged risk realism and breathless AI evangelism sets an unmistakable tone for a bellwether conference where 40,000-plus gather to do business.  The post JPMorgan Chase CISO Fires Warning Shot Ahead of RSA Conference appeared first on SecurityWeek.

---

Nearly 50% of mobile devices run outdated operating systems

Outdated operating systems are run on approximately 50% of mobile devices. 

---

Veza Banks $108 Million Series D at $808 Million Valuation

San Francisco identity security play Veza closes a Series D fund round led by New Enterprise Associates (NEA). The post Veza Banks $108 Million Series D at $808 Million Valuation appeared first on SecurityWeek.

---

Craft CMS Zero-Day Exploited to Compromise Hundreds of Websites

Threat actors have exploited a zero-day vulnerability in Craft CMS to execute PHP code on hundreds of websites. The post Craft CMS Zero-Day Exploited to Compromise Hundreds of Websites appeared first on SecurityWeek.

---

4 Million Affected by VeriSource Data Breach

VeriSource Services says the personal information of 4 million people was compromised in a February 2024 cyberattack. The post 4 Million Affected by VeriSource Data Breach appeared first on SecurityWeek.

---

⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More

What happens when cybercriminals no longer need deep skills to breach your defenses? Today’s attackers are armed with powerful tools that do the heavy lifting — from AI-powered phishing kits to large botnets ready to strike. And they’re not just after big corporations. Anyone can be a target when fake identities, hijacked infrastructure, and insider tricks are used to slip past security

---

5 ICS advisories released by CISA, security leaders discuss

CISA warns of flaws in Siemens, Schneider Electric, and ABB hardware.

---

Critical Vulnerabilities Found in Planet Technology Industrial Networking Products

Planet Technology industrial switches and network management products are affected by several critical vulnerabilities.  The post Critical Vulnerabilities Found in Planet Technology Industrial Networking Products appeared first on SecurityWeek.

---

How Breaches Start: Breaking Down 5 Real Vulns

Not every security vulnerability is high risk on its own - but in the hands of an advanced attacker, even small weaknesses can escalate into major breaches. These five real vulnerabilities, uncovered by Intruder’s bug-hunting team, reveal how attackers turn overlooked flaws into serious security incidents. 1. Stealing AWS Credentials with a Redirect Server-Side Request Forgery (SSRF) is a

---

RSA Conference 2025 – Pre-Event Announcements Summary (Part 3) 

Hundreds of companies are showcasing their products and services this week at the 2025 edition of the RSA Conference in San Francisco. The post RSA Conference 2025 – Pre-Event Announcements Summary (Part 3)  appeared first on SecurityWeek.

---

African Telecom Giant MTN Group Discloses Data Breach

MTN Group says the personal information of certain customers was compromised in a cybersecurity incident. The post African Telecom Giant MTN Group Discloses Data Breach appeared first on SecurityWeek.

---

Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools

Government and telecommunications sectors in Southeast Asia have become the target of a "sophisticated" campaign undertaken by a new advanced persistent threat (APT) group called Earth Kurma since June 2024. The attacks, per Trend Micro, have leveraged custom malware, rootkits, and cloud storage services for data exfiltration. The Philippines, Vietnam, Thailand, and Malaysia are among the