Latest Cybersecurity News and Articles
04 September 2025
An AI supply chain issue named Model Namespace Reuse can allow attackers to deploy malicious models and achieve code execution.
The post AI Supply Chain Attack Method Demonstrated Against Google, Microsoft Products appeared first on SecurityWeek.
04 September 2025
Marat Tyukov, Mikhail Gavrilov, and Pavel Akulov targeted US critical infrastructure and over 500 energy companies in 135 countries.
The post US Offers $10 Million for Three Russian Energy Firm Hackers appeared first on SecurityWeek.
04 September 2025
The Israeli startup’s AI-powered no-code platform helps security teams design and deploy custom apps in minutes—tackling tool sprawl without heavy engineering.
The post Sola Security Raises $35M to Bring No-Code App Building to Cybersecurity Teams appeared first on SecurityWeek.
04 September 2025
SBOM adoption will drive software supply chain security, decreasing risks and costs, and improving transparency.
The post US, Allies Push for SBOMs to Bolster Cybersecurity appeared first on SecurityWeek.
04 September 2025
Cybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass social media platform X's malvertising protections and propagate malicious links using its artificial intelligence (AI) assistant Grok.
The findings were highlighted by Nati Tal, head of Guardio Labs, in a series of posts on X. The technique has been codenamed Grokking.
The approach is designed to
04 September 2025
The French data protection authority has fined Google and Chinese e-commerce giant Shein $379 million (€325 million) and $175 million (€150 million), respectively, for violating cookie rules.
Both companies set advertising cookies on users' browsers without securing their consent, the National Commission on Informatics and Liberty (CNIL) said. Shein has since updated its systems to comply with
04 September 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, noting that there is evidence of them being exploited in the wild.
The vulnerabilities in question are listed below -
CVE-2023-50224 (CVSS score: 6.5) - An authentication bypass by spoofing vulnerability
04 September 2025
Wytec’s website was defaced twice by unknown threat actors more than a week ago and it has yet to be brought back online.
The post Wytec Expects Significant Financial Loss Following Website Hack appeared first on SecurityWeek.
04 September 2025
Google has observed ViewState deserialization attacks leveraging a sample machine key exposed in older deployment guides.
The post Hackers Exploit Sitecore Zero-Day for Malware Delivery appeared first on SecurityWeek.
04 September 2025
Elevation of privilege flaws in Android Runtime (CVE-2025-48543) and Linux kernel (CVE-2025-38352) have been exploited in targeted attacks.
The post Two Exploited Vulnerabilities Patched in Android appeared first on SecurityWeek.
04 September 2025
A database, in apparent association with the Navy Federal Credit Union, exposed 378 GB of information.
03 September 2025
Co-founded by former MITRE experts, the startup will use the funding to accelerate product innovation and fuel company growth.
The post Tidal Cyber Raises $10 Million for CTI and Adversary Behavior Platform appeared first on SecurityWeek.
03 September 2025
Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, signaling the trend of threat actors constantly on the lookout for new ways to distribute malware and fly under the radar.
"The two npm packages abused smart contracts to conceal malicious
03 September 2025
Flaw allows attackers to reset and hijack TP-Link TL-WA855RE devices; CISA urges users to retire discontinued extenders.
The post US Cybersecurity Agency Flags Wi-Fi Range Extender Vulnerability Under Active Attack appeared first on SecurityWeek.
03 September 2025
Chrome's latest release addresses a high-severity use-after-free vulnerability in the V8 JavaScript engine that could be exploited for remote code execution.
The post Google Patches High-Severity Chrome Vulnerability in Latest Update appeared first on SecurityWeek.
03 September 2025
Founded in 2022 to help organizations with the secure deployment of generative-AI utilities, Aim emerged from stealth in January 2024.
The post Cato Networks Acquires AI Security Firm Aim Security appeared first on SecurityWeek.
03 September 2025
Threat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI to exploit recently disclosed security flaws.
HexStrike AI, according to its website, is pitched as an AI‑driven security platform to automate reconnaissance and vulnerability discovery with an aim to accelerate authorized red teaming operations, bug bounty hunting,
03 September 2025
Known for her seminal book, A Hacker Manifesto, Wark reframes hacking as a cultural force rooted in play, creativity, and human nature.
The post Hacker Conversations: McKenzie Wark, Author of A Hacker Manifesto appeared first on SecurityWeek.
03 September 2025
A study dives into the data collected by wearable devices to better understand how it is being used.
03 September 2025
In January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive log streams at risk.
According to the Wiz Research team, they identified a publicly accessible ClickHouse database belonging to DeepSeek. This allowed “full control over database operations, including the ability to access