Latest Cybersecurity News and Articles
25 April 2025
Software and AI supply chain transparency firm Manifest has raised $15 million in a Series A funding round led by Ensemble VC.
The post Manifest Raises $15 Million for SBOM Management Platform appeared first on SecurityWeek.
25 April 2025
Verizon Business has released its 2025 Data Breach Investigations Report.
25 April 2025
Noteworthy stories that might have slipped under the radar: former Disney employee sent to prison for hacking, MITRE releases ATT&CK v17, DDoS botnet powered by 1.3 million devices.
The post In Other News: Prison for Disney Hacker, MITRE ATT&CK v17, Massive DDoS Botnet appeared first on SecurityWeek.
25 April 2025
Multiple South Korean organizations across industries have been targeted in a recent Lazarus campaign dubbed Operation SyncHole.
The post South Korean Companies Targeted by Lazarus via Watering Hole Attacks, Zero-Days appeared first on SecurityWeek.
25 April 2025
Hundreds of companies are showcasing their products and services next week at the 2025 edition of the RSA Conference in San Francisco.
The post RSA Conference 2025 – Pre-Event Announcements Summary (Part 2) appeared first on SecurityWeek.
25 April 2025
Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution.
"The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue," ReliaQuest said in a report published this week.
The cybersecurity
25 April 2025
When we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt. But lurking beneath the surface is a growing threat that does not involve human credentials at all, as we witness the exponential growth of Non-Human Identities (NHIs).
At the top of mind when NHIs are mentioned, most security teams immediately think of Service Accounts.
25 April 2025
A zero-day vulnerability in SAP NetWeaver potentially affects more than 10,000 internet-facing applications.
The post SAP Zero-Day Possibly Exploited by Initial Access Broker appeared first on SecurityWeek.
25 April 2025
A new attack technique named Policy Puppetry can break the protections of major gen-AI models to produce harmful outputs.
The post All Major Gen-AI Models Vulnerable to ‘Policy Puppetry’ Prompt Injection Attack appeared first on SecurityWeek.
25 April 2025
Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions.
The vulnerabilities, flagged by cybersecurity vendor OPSWAT, are listed below -
CVE-2025-27610 (CVSS score: 7.5) - A path traversal
25 April 2025
Cybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS).
The malware, along with a web shell, were "installed by exploiting a zero-day vulnerability at that time, CVE-2025-0282, during attacks against organizations in Japan around December 2024," JPCERT/CC researcher Yuma
24 April 2025
Hundreds of companies are showcasing their products and services at the 2025 edition of the RSA Conference in San Francisco.
The post RSA Conference 2025 – Pre-Event Announcements Summary (Part 1) appeared first on SecurityWeek.
24 April 2025
Jericho Security has raised $15 million in Series A funding for its AI-powered employee cybersecurity training platform.
The post Jericho Security Gets $15 Million for AI-Powered Awareness Training appeared first on SecurityWeek.
24 April 2025
Of the threat groups tracked by Mandiant, 55% of threat groups active in 2024 were financially motivated, which marks a steady increase from 2023.
24 April 2025
The latest Verizon DBIR landed this week with a startling statistic about the security posture of VPNs and network edge devices.
The post Verizon DBIR Flags Major Patch Delays on VPNs, Edge Appliances appeared first on SecurityWeek.
24 April 2025
At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole.
The activity targeted South Korea's software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in
24 April 2025
Push Security has raised $30 million in Series B funding to scale its browser-based identity security platform.
The post Push Security Raises $30 Million in Series B Funding appeared first on SecurityWeek.
24 April 2025
As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024.
"We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure," VulnCheck said in a report shared with The Hacker News.
This translates to 45 security flaws that have been weaponized
24 April 2025
Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring.
This causes a "major blind spot in Linux runtime security tools," ARMO said.
"This mechanism allows a user application to perform various actions without using system calls," the company said in
24 April 2025
AI-powered threat prevention company Augur (rebranded from SecLytics) has raised $7 million in seed funding.
The post SecLytics Rebrands as Augur Security, Raises $7M in Seed Funding appeared first on SecurityWeek.