Latest Cybersecurity News and Articles
28 April 2025
Not every security vulnerability is high risk on its own - but in the hands of an advanced attacker, even small weaknesses can escalate into major breaches. These five real vulnerabilities, uncovered by Intruder’s bug-hunting team, reveal how attackers turn overlooked flaws into serious security incidents.
1. Stealing AWS Credentials with a Redirect
Server-Side Request Forgery (SSRF) is a
28 April 2025
Hundreds of companies are showcasing their products and services this week at the 2025 edition of the RSA Conference in San Francisco.
The post RSA Conference 2025 – Pre-Event Announcements Summary (Part 3) appeared first on SecurityWeek.
28 April 2025
MTN Group says the personal information of certain customers was compromised in a cybersecurity incident.
The post African Telecom Giant MTN Group Discloses Data Breach appeared first on SecurityWeek.
28 April 2025
Government and telecommunications sectors in Southeast Asia have become the target of a "sophisticated" campaign undertaken by a new advanced persistent threat (APT) group called Earth Kurma since June 2024.
The attacks, per Trend Micro, have leveraged custom malware, rootkits, and cloud storage services for data exfiltration. The Philippines, Vietnam, Thailand, and Malaysia are among the
28 April 2025
Oregon’s environmental agency won’t say if a group of hackers stole data in a cyberattack that was first announced earlier this month.
The post Oregon Agency Won’t Say If Hackers Stole Data in Cyberattack appeared first on SecurityWeek.
28 April 2025
Cybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor instead.
WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to breach sites running
28 April 2025
Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access.
The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities -
CVE-2024-58136 (CVSS score: 9.0) - An improper protection of alternate path flaw in the Yii PHP
28 April 2025
Explore industry moves and significant changes in the industry for the week of April 28, 2025. Stay updated with the latest industry trends and shifts.
28 April 2025
Internet crime losses exceeded $16 billion in 2024.
27 April 2025
Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year.
"The attack involves the use of AzureChecker.exe, a Command Line Interface (CLI) tool that is being used by a wide range of threat actors," the Microsoft Threat Intelligence team said in an analysis.
The tech giant noted that
26 April 2025
Cynomi announced a new $37 million Series B funding to grow its AI-powered vCISO platform for MSPs and MSSPs.
The post Cynomi Raises $37 Million Series B to Expand Its vCISO Platform appeared first on SecurityWeek.
26 April 2025
Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS.
The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN).
"LAGTOY can be
25 April 2025
SquareX offers what it has dubbed a “Browser Detection and Response (BDR)” solution.
The post Browser Security Firm SquareX Raises $20 Million appeared first on SecurityWeek.
25 April 2025
21,344 medical records with sensitive patient information were exposed.
25 April 2025
North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process.
"In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry—BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co)—to spread
25 April 2025
Venables has served as CISO and security executive across several large organizations, including Google Cloud, Goldman Sachs, Deutsche Bank.
The post Former Google Cloud CISO Phil Venables Joins Ballistic Ventures appeared first on SecurityWeek.
25 April 2025
Lattica has raised $3.25 million in pre-seed funding for a platform that uses FHE to enable AI models to process encrypted data.
The post Lattica Emerges From Stealth With FHE Platform for AI appeared first on SecurityWeek.
25 April 2025
Mandiant’s latest threat report shows how attackers adapt faster than defenses, shifting strategies toward credential theft and insider threats.
The post M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat appeared first on SecurityWeek.
25 April 2025
With over 12,000 breaches analyzed, this year’s DBIR reveals a landscape shaped by not just individual threats, but by entire economies of compromise.
The post Inside the Verizon 2025 DBIR: Five Trends That Signal a Shift in the Cyber Threat Economy appeared first on SecurityWeek.
25 April 2025
AI-powered threat protection startup Scamnetic has raised $13 million in a Series A funding round led by Roo Capital.
The post Scamnetic Raises $13 Million to Prevent Scams in Real Time appeared first on SecurityWeek.