Latest Cybersecurity News and Articles
23 September 2025
Cybersecurity researchers have disclosed details of two security vulnerabilities impacting Supermicro Baseboard Management Controller (BMC) firmware that could potentially allow attackers to bypass crucial verification steps and update the system with a specially crafted image.
The medium-severity vulnerabilities, both of which stem from improper verification of a cryptographic signature, are
23 September 2025
Binarly researchers have found a way to bypass a patch for a previously disclosed vulnerability.
The post Patch Bypassed for Supermicro Vulnerability Allowing BMC Hack appeared first on SecurityWeek.
23 September 2025
Law enforcement authorities in Europe have arrested five suspects in connection with an "elaborate" online investment fraud scheme that stole more than €100 million ($118 million) from over 100 victims in France, Germany, Italy, and Spain.
According to Eurojust, the coordinated action saw searches in five places across Spain and Portugal, as well as in Italy, Romania and Bulgaria. Bank accounts
23 September 2025
CVE-2025-26399 is a patch bypass of CVE-2024-28988, which is a patch bypass of the exploited CVE-2024-28986.
The post SolarWinds Makes Third Attempt at Patching Exploited Vulnerability appeared first on SecurityWeek.
23 September 2025
The U.S. Secret Service on Tuesday said it took down a network of electronic devices located across the New York tri-state area that were used to threaten U.S. government officials and posed an imminent threat to national security.
"This protective intelligence investigation led to the discovery of more than 300 co-located SIM servers and 100,000 SIM cards across multiple sites," the Secret
23 September 2025
SolarWinds has released hot fixes to address a critical security flaw impacting its Web Help Desk software that, if successfully exploited, could allow attackers to execute arbitrary commands on susceptible systems.
The vulnerability, tracked as CVE-2025-26399 (CVSS score: 9.8), has been described as an instance of deserialization of untrusted data that could result in code execution. It affects
23 September 2025
The company will expand its platform’s capabilities and accelerate investigative collaboration and go-to-market efforts.
The post Unit 221B Raises $5 Million for Threat Intel Aiding Hacker Arrests appeared first on SecurityWeek.
23 September 2025
The strength of responsible disclosure is that it can solve problems before they are actioned. The weakness is that it potentially generates a false sense of security in the vendor.
The post All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher appeared first on SecurityWeek.
23 September 2025
Big companies are getting smaller, and their CEOs want everyone to know it. Wells Fargo has cut its workforce by 23% over five years, Bank of America has shed 88,000 employees since 2010, and Verizon's CEO recently boasted that headcount is "going down all the time." What was once a sign of corporate distress has become a badge of honor, with executives celebrating lean operations and AI-driven
23 September 2025
Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against targets of interest.
The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers on Amazon Web Services (AWS) cloud servers to deploy a Go-based malware that turns infected systems into attack nodes
23 September 2025
A new ranking of Model Context Protocol weaknesses highlights critical risks—from prompt injection to command injection—and provides a roadmap for securing the foundations of agentic AI.
The post Top 25 MCP Vulnerabilities Reveal How AI Agents Can Be Exploited appeared first on SecurityWeek.
23 September 2025
The botnet’s operators provide customers with access to an infected network of Docker containers so they can conduct DDoS attacks.
The post ShadowV2 DDoS Service Lets Customers Self-Manage Attacks appeared first on SecurityWeek.
23 September 2025
The juvenile suspect surrendered on September 17 and was booked on computer intrusion, extortion, and identity theft charges.
The post Scattered Spider Suspect Arrested in US appeared first on SecurityWeek.
23 September 2025
GitHub on Monday announced that it will be changing its authentication and publishing options "in the near future" in response to a recent wave of supply chain attacks targeting the npm ecosystem, including the Shai-Hulud attack.
This includes steps to address threats posed by token abuse and self-replicating malware by allowing local publishing with required two-factor authentication (2FA),
23 September 2025
The company says customer contact information was stolen from a third-party service provider’s platform.
The post Automotive Titan Stellantis Discloses Data Breach appeared first on SecurityWeek.
23 September 2025
Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken by a Chinese-speaking threat actor using a malware called BadIIS in attacks targeting East and Southeast Asia, particularly with a focus on Vietnam.
The activity, dubbed Operation Rewrite, is being tracked by Palo Alto Networks Unit 42 under the moniker CL-UNK-1037, where "
23 September 2025
A cyberattack disrupted operations in European airports. Cyber experts are sharing their insights.
22 September 2025
Organizations in Belarus, Kazakhstan, and Russia have emerged as the target of a phishing campaign undertaken by a previously undocumented hacking group called ComicForm since at least April 2025.
The activity primarily targeted industrial, financial, tourism, biotechnology, research, and trade sectors, cybersecurity company F6 said in an analysis published last week.
The attack chain involves
22 September 2025
The Canada-based company has emerged from stealth with autonomous AI agents designed to manage and operate the security and IT stack.
The post Mycroft Raises $3.5 Million for AI-Powered Security and Compliance Platform appeared first on SecurityWeek.
22 September 2025
A data hub for the DHS exposed sensitive information.