Latest Cybersecurity News and Articles
27 August 2025
Cybersecurity company ESET has disclosed that it discovered an artificial intelligence (AI)-powered ransomware variant codenamed PromptLock.
Written in Golang, the newly identified strain uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts in real-time. The open-weight language model was released by OpenAI earlier this month.
"PromptLock
27 August 2025
AI-powered phishing attacks leverage ConnectWise ScreenConnect for remote access, underscoring their sophistication.
The post Hackers Weaponize Trust with AI-Crafted Emails to Deploy ScreenConnect appeared first on SecurityWeek.
27 August 2025
Google says the hackers systematically exported corporate data, focusing on secrets such as AWS and Snowflake keys.
The post Hundreds of Salesforce Customers Hit by Widespread Data Theft Campaign appeared first on SecurityWeek.
27 August 2025
Google researchers say China-linked UNC6384 combined social engineering, signed malware, and adversary-in-the-middle attacks to evade detection.
The post China-Linked Hackers Hijack Web Traffic to Deliver Backdoor appeared first on SecurityWeek.
27 August 2025
An Apache ActiveMQ flaw is being actively exploited. Then, it’s being patched by the actors who leveraged it.
27 August 2025
Anthropic on Wednesday revealed that it disrupted a sophisticated operation that weaponized its artificial intelligence (AI)-powered chatbot Claude to conduct large-scale theft and extortion of personal data in July 2025.
"The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and government, and religious institutions," the company said. "
27 August 2025
The NCSC and international partners share technical details of malicious activities and urge organisations to take mitigative actions.
27 August 2025
A threat activity cluster known as ShadowSilk has been attributed to a fresh set of attacks targeting government entities within Central Asia and Asia-Pacific (APAC).
According to Group-IB, nearly three dozen victims have been identified, with the intrusions mainly geared towards data exfiltration. The hacking group shares toolset and infrastructural overlaps with campaigns undertaken by threat
27 August 2025
State websites and phone lines were taken offline, but officials say emergency services and personal data remain unaffected.
The post Nevada State Offices Closed Following Disruptive Cyberattack appeared first on SecurityWeek.
27 August 2025
Competition among malware-as-a-service developers has transformed infostealers into refined, accessible tools for cybercriminals worldwide.
The post Infostealers: The Silent Smash-and-Grab Driving Modern Cybercrime appeared first on SecurityWeek.
27 August 2025
Zero-day exploited in the wild forces Citrix and CISA to push emergency patch deadlines for federal agencies.
The post Citrix Patches Exploited NetScaler Zero-Day appeared first on SecurityWeek.
27 August 2025
Proof-of-concept ransomware uses AI models to generate attack scripts in real time.
The post PromptLock: First AI-Powered Ransomware Emerges appeared first on SecurityWeek.
27 August 2025
Employees are experimenting with AI at record speed. They are drafting emails, analyzing data, and transforming the workplace. The problem is not the pace of AI adoption, but the lack of control and safeguards in place.
For CISOs and security leaders like you, the challenge is clear: you don’t want to slow AI adoption down, but you must make it safe. A policy sent company-wide will not cut it.
27 August 2025
A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent.
The activity, assessed to be opportunistic in nature, has been attributed to a threat actor tracked by Google Threat Intelligence Group and Mandiant, tracked as UNC6395.
"Beginning as early as
27 August 2025
Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025.
These attacks, observed by Recorded Future Insikt Group, targeted various victims, but primarily within the Colombian government across local, municipal, and federal levels. The threat intelligence firm is tracking the activity under
26 August 2025
Citrix has released fixes to address three security flaws in NetScaler ADC and NetScaler Gateway, including one that it said has been actively exploited in the wild.
The vulnerabilities in question are listed below -
CVE-2025-7775 (CVSS score: 9.2) - Memory overflow vulnerability leading to Remote Code Execution and/or Denial-of-Service
CVE-2025-7776 (CVSS score: 8.8) - Memory overflow
26 August 2025
A team of academics has devised a novel attack that can be used to downgrade a 5G connection to a lower generation without relying on a rogue base station (gNB).
The attack, per the ASSET (Automated Systems SEcuriTy) Research Group at the Singapore University of Technology and Design (SUTD), relies on a new open-source software toolkit named Sni5Gect (short for "Sniffing 5G Inject") that's
26 August 2025
A new report reveals a disconnect between the organizational use of AI and AI security.
26 August 2025
Building secure AI agent systems requires a disciplined engineering approach focused on deliberate architecture and human oversight.
The post Beyond the Prompt: Building Trustworthy Agent Systems appeared first on SecurityWeek.
26 August 2025
The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they'd made with company called DSLRoot, which was paying $250 a month to plug a pair of laptops into the Redditor's high-speed Internet connection in the United States. This post examines the history and provenance of DSLRoot, one of the oldest "residential proxy" networks with origins in Russia and Eastern Europe.