Latest Cybersecurity News and Articles
Files Deleted From GitHub Repos Leak Valuable Secrets
23 April 2025
A security researcher has discovered hundreds of leaked secrets by restoring files deleted from GitHub repositories.
The post Files Deleted From GitHub Repos Leak Valuable Secrets appeared first on SecurityWeek.
Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices
23 April 2025
Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the guise of the Alpine Quest mapping software.
"The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it in various ways, including through one of the Russian Android app catalogs," Doctor Web said in an
Miggo Security Banks $17M Series A for ADR Technology
23 April 2025
Israeli runtime application security startups closes a $17 million Series A round led by Florida‑based SYN Ventures and YL Ventures.
The post Miggo Security Banks $17M Series A for ADR Technology appeared first on SecurityWeek.
Picnic Corporation Rebrands to VanishID, Raises $10 Million
23 April 2025
Picnic Corporation has rebranded to VanishID and announced the launch of a CEO privacy and security offering.
The post Picnic Corporation Rebrands to VanishID, Raises $10 Million appeared first on SecurityWeek.
Three Reasons Why the Browser is Best for Stopping Phishing Attacks
23 April 2025
Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a bigger threat than ever before.
Attackers are increasingly leveraging identity-based techniques over software exploits, with phishing and stolen credentials (a byproduct of phishing) now the primary
Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp
23 April 2025
Multiple suspected Russia-linked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since early March 2025.
The highly targeted social engineering operations, per Volexity, are a shift from previously documented attacks that leveraged a technique known as device code
Kelly Benefits Data Breach Impacts 260,000 People
23 April 2025
Benefits and payroll solutions provider Kelly Benefits has disclosed a data breach impacting more than 260,000 individuals.
The post Kelly Benefits Data Breach Impacts 260,000 People appeared first on SecurityWeek.
Cyberattack Hits British Retailer Marks & Spencer
23 April 2025
British retailer Marks & Spencer has been experiencing certain service disruptions after falling victim to a cyberattack.
The post Cyberattack Hits British Retailer Marks & Spencer appeared first on SecurityWeek.
Data Breach at Onsite Mammography Impacts 350,000
23 April 2025
Massachusetts medical firm Onsite Mammography discloses data breach impacting the personal information of 350,000 patients.
The post Data Breach at Onsite Mammography Impacts 350,000 appeared first on SecurityWeek.
Terra Security Raises $8M for Agentic AI Penetration Testing Platform
23 April 2025
Cybersecurity startup Terra Security has raised $8 million in seed funding from SYN Ventures, FXP Ventures, and Underscore VC.
The post Terra Security Raises $8M for Agentic AI Penetration Testing Platform appeared first on SecurityWeek.
Korean Telco Giant SK Telecom Hacked
23 April 2025
SK Telecom, South Korea’s largest telecom company, disclosed a data leak involving a malware infection.
The post Korean Telco Giant SK Telecom Hacked appeared first on SecurityWeek.
Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack
23 April 2025
The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users' private keys.
The malicious activity has been found to affect five different versions of the package: 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. The issue has been addressed in versions 4.2.5 and 2.14.3.
Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito
23 April 2025
Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative.
"We've made the decision to maintain our current approach to offering users third-party cookie choice in Chrome, and will not be rolling out a new standalone prompt for third-party cookies," Anthony Chavez, vice president of Privacy
Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals
22 April 2025
Cybersecurity researchers have detailed a malware campaign that's targeting Docker environments with a previously undocumented technique to mine cryptocurrency.
The activity cluster, per Darktrace and Cado Security, represents a shift from other cryptojacking campaigns that directly deploy miners like XMRig to illicitly profit off the compute resources.
This involves deploying a malware strain
University of Michigan faces lawsuit due hacking and privacy breach
22 April 2025
The University of Michigan is facing a class action lawsuit due to the actions of a former football coach, Matt Weiss, who is accused of exposing the private images and videos of thousands of student-athletes.
Cloud Data Security Play Sentra Raises $50 Million Series B
22 April 2025
Sentra has now raised north of $100 million for controls technology to keep sensitive data out of misconfigured AI workflows.
The post Cloud Data Security Play Sentra Raises $50 Million Series B appeared first on SecurityWeek.
DataKrypto Launches Homomorphic Encryption Framework to Secure Enterprise AI Models
22 April 2025
DataKrypto’s FHEnom for AI combines real-time homomorphic encryption with trusted execution environments to protect enterprise data and models from leakage, exposure, and tampering.
The post DataKrypto Launches Homomorphic Encryption Framework to Secure Enterprise AI Models appeared first on SecurityWeek.
Cyberattack Knocks Texas City’s Systems Offline
22 April 2025
The city of Abilene, Texas, is scrambling to restore systems that have been taken offline in response to a cyberattack.
The post Cyberattack Knocks Texas City’s Systems Offline appeared first on SecurityWeek.
GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages
22 April 2025
Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service that's based on Apache Airflow.
"This vulnerability lets attackers with edit permissions in Cloud Composer to escalate their access to the default Cloud Build service account, which
Ofcom closes technical loophole used by criminals to intercept mobile calls and texts
22 April 2025
Regulator acts on leasing of ‘global title’ numbers after industry efforts to tackle problem were ineffectiveThe UK communications regulator is banning mobile operators from leasing numbers that can be used by criminals to intercept and divert calls and messages, including security codes sent by banks to customers.Ofcom said it would stop the leasing of “global titles”, special types of phone numbers used by mobile networks to support services to make sure messages and calls reach the intended recipient. Continue reading...