Latest Cybersecurity News and Articles
22 August 2025
Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn't kept pace.
Most organizations still rely on traditional reporting methods—static PDFs, emailed documents, and spreadsheet-based tracking. The problem? These outdated workflows introduce delays,
22 August 2025
CPAP Medical Supplies and Services has disclosed a data breach resulting from an intrusion that occurred in December 2024.
The post CPAP Medical Data Breach Impacts 90,000 People appeared first on SecurityWeek.
22 August 2025
AWS has addressed a vulnerability that could have been leveraged to bypass Trusted Advisor’s S3 bucket permissions check.
The post AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure appeared first on SecurityWeek.
22 August 2025
Between June and August, over 300 entities were targeted with the Atomic macOS Stealer via malvertising.
The post Hundreds Targeted in New Atomic macOS Stealer Campaign appeared first on SecurityWeek.
22 August 2025
MITRE has updated the list of Most Important Hardware Weaknesses to align it with evolving hardware security challenges.
The post MITRE Updates List of Most Common Hardware Weaknesses appeared first on SecurityWeek.
22 August 2025
A 55-year-old Chinese national has been sentenced to four years in prison and three years of supervised release for sabotaging his former employer's network with custom malware and deploying a kill switch that locked out employees when his account was disabled.
Davis Lu, 55, of Houston, Texas, was convicted of causing intentional damage to protected computers in March 2025. He was arrested and
21 August 2025
Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances.
The list of vulnerabilities, identified in Commvault versions before 11.36.60, is as follows -
CVE-2025-57788 (CVSS score: 6.9) - A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user
21 August 2025
Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3.
Google-owned Mandiant described the activity, which it tracks as UNC5518, as part of an access-as-a-service scheme that employs fake CAPTCHA pages as lures to trick users into providing initial access to their systems, which is then
21 August 2025
An attack campaign is exploiting Virtual Private Server (VPS) infrastructure.
21 August 2025
Colt Technology Services is working on restoring systems disrupted by a ransomware attack that involved data theft.
The post Telecom Firm Colt Confirms Data Breach as Ransomware Group Auctions Files appeared first on SecurityWeek.
21 August 2025
Noah Urban was sentenced to 10 years in prison for his role in the notorious cybercriminal operation known as Scattered Spider.
The post Scattered Spider Hacker Sentenced to Prison appeared first on SecurityWeek.
21 August 2025
A researcher has tested nearly a dozen password managers and found that they were all vulnerable to clickjacking attacks.
The post Password Managers Vulnerable to Data Theft via Clickjacking appeared first on SecurityWeek.
21 August 2025
To commemorate the 29th anniversary of HIPAA, experts share their perspectives on modern privacy threats and how healthcare organizations can bolster security.
21 August 2025
Russian state-sponsored hackers tracked as Static Tundra continue to target Cisco devices affected by CVE-2018-0171.
The post Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI appeared first on SecurityWeek.
21 August 2025
Cybersecurity researchers have disclosed details of a new malware loader called QuirkyLoader that's being used to deliver via email spam campaigns an array of next-stage payloads ranging from information stealers to remote access trojans since November 2024.
Some of the notable malware families distributed using QuirkyLoader include Agent Tesla, AsyncRAT, Formbook, Masslogger, Remcos RAT,
21 August 2025
As security professionals, it's easy to get caught up in a race to counter the latest advanced adversary techniques. Yet the most impactful attacks often aren't from cutting-edge exploits, but from cracked credentials and compromised accounts. Despite widespread awareness of this threat vector, Picus Security's Blue Report 2025 shows that organizations continue to struggle with preventing
21 August 2025
Orange Belgium says hackers accessed data pertaining to 850,000 customer accounts during a July cyberattack.
The post Orange Belgium Data Breach Impacts 850,000 Customers appeared first on SecurityWeek.
21 August 2025
Apple has rolled out iOS and macOS updates that resolve a zero-day vulnerability exploited in highly targeted attacks.
The post Apple Patches Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek.
21 August 2025
A 20-year-old member of the notorious cybercrime gang known as Scattered Spider has been sentenced to ten years in prison in the U.S. in connection with a series of major hacks and cryptocurrency thefts.
Noah Michael Urban pleaded guilty to charges related to wire fraud and aggravated identity theft back in April 2025. News of Urban's sentencing was reported by Bloomberg and Jacksonville news
21 August 2025
Research reveals a shift in consumer behavior in regard to data privacy.