Latest Cybersecurity News and Articles
18 April 2025
Data protection firm Cy4Data Labs has raised $10 million in a Series A funding round led by Pelion Venture Partners.
The post Cy4Data Labs Raises $10 Million to Secure Data in Use appeared first on SecurityWeek.
18 April 2025
Legends International says the personal information of employees and customers was compromised as a result of a cyberattack.
The post Live Events Giant Legends International Hacked appeared first on SecurityWeek.
18 April 2025
Ahold Delhaize has confirmed that data was stolen from its systems in November 2024 after a ransomware group claimed the attack.
The post Ahold Delhaize Confirms Data Stolen in Ransomware Attack appeared first on SecurityWeek.
18 April 2025
Your employees didn’t mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AI-enhanced tool. Integrated a chatbot into Salesforce. No big deal—until it is.
If this sounds familiar, you're not alone. Most security teams are already behind in detecting how AI tools are quietly reshaping their SaaS environments. And
18 April 2025
A Windows NTLM vulnerability patched in March has been exploited in attacks targeting government and private institutions.
The post Fresh Windows NTLM Vulnerability Exploited in Attacks appeared first on SecurityWeek.
18 April 2025
Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States.
"From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence," Cisco Talos researcher Joey Chen said in a Thursday analysis.
18 April 2025
CISA has released guidance on managing credential risks, prompted by the potential compromise of a legacy Oracle cloud environment.
18 April 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.
The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure
17 April 2025
Minh Phuong Ngoc Vong pleaded guilty to defrauding US companies of roughly $1 million in a fake IT worker scheme.
The post Man Helped Chinese Nationals Get Jobs Involving Sensitive US Government Projects appeared first on SecurityWeek.
17 April 2025
The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware.
This includes updated versions of a known backdoor called TONESHELL, as well as a new lateral movement
17 April 2025
Although MITRE’s contact has been extended for 11 more months, uncertainty remains un the cyber community.
17 April 2025
While the Security Posture Management buzz is real, its long-term viability depends on whether it can deliver measurable outcomes without adding more complexity.
The post Demystifying Security Posture Management appeared first on SecurityWeek.
17 April 2025
Atlassian and Cisco have released patches for multiple high-severity vulnerabilities, including remote code execution bugs.
The post Vulnerabilities Patched in Atlassian, Cisco Products appeared first on SecurityWeek.
17 April 2025
Servers exposed to complete takeover due to CVE-2025-32433, an unauthenticated remote code execution flaw in Erlang/OTP SSH.
The post Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking appeared first on SecurityWeek.
17 April 2025
Security leaders discuss the results of a ransomware attack against DaVita, including operational disruptions and stock market impacts.
17 April 2025
Our collective voices and one community will provide the intelligence we need to safeguard our businesses in today’s modern digital environment.
The post Why ‘One Community’ Resonates in Cybersecurity appeared first on SecurityWeek.
17 April 2025
Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025.
The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 (aka Kimsuky), TA450 (aka MuddyWater,
17 April 2025
Talking about AI: Definitions
Artificial Intelligence (AI) — AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decision-making and problem-solving. AI is the broadest concept in this field, encompassing various technologies and methodologies, including Machine Learning (ML) and Deep Learning.
Machine
17 April 2025
CISA is making recommendations for organizations and users in light of the recent Oracle legacy cloud environment hack.
The post CISA Issues Guidance After Oracle Cloud Hack appeared first on SecurityWeek.
17 April 2025
The Chinese state-sponsored group Mustang Panda has used new and updated malicious tools in a recent attack.
The post Chinese APT Mustang Panda Updates, Expands Arsenal appeared first on SecurityWeek.