Latest Cybersecurity News and Articles
15 August 2025
We used to think of privacy as a perimeter problem: about walls and locks, permissions, and policies. But in a world where artificial agents are becoming autonomous actors — interacting with data, systems, and humans without constant oversight — privacy is no longer about control. It’s about trust. And trust, by definition, is about what happens when you’re not looking.
Agentic AI — AI that
15 August 2025
With cybersecurity budgets strained, organizations are turning to AI-powered automation to plug staffing gaps, maintain defenses, and survive escalating threats.
The post Tight Cybersecurity Budgets Accelerate the Shift to AI-Driven Defense appeared first on SecurityWeek.
15 August 2025
Android pKVM has achieved SESIP Level 5 certification, which means it’s resistant to highly skilled, motivated, and funded attackers.
The post Google Says Android pKVM Earns Highest Level of Security Assurance appeared first on SecurityWeek.
15 August 2025
Rockwell Automation has published several advisories describing critical and high-severity vulnerabilities affecting its products.
The post Critical Flaws Patched in Rockwell FactoryTalk, Micro800, ControlLogix Products appeared first on SecurityWeek.
15 August 2025
Cisco has released over 20 advisories as part of its August 2025 bundled publication for ASA, FMC and FTD products.
The post Cisco Patches Critical Vulnerability in Firewall Management Platform appeared first on SecurityWeek.
15 August 2025
Cisco has released security updates to address a maximum-severity security flaw in Secure Firewall Management Center (FMC) Software that could allow an attacker to execute arbitrary code on affected systems.
The vulnerability, assigned the CVE identifier CVE-2025-20265 (CVSS score: 10.0), affects the RADIUS subsystem implementation that could permit an unauthenticated, remote attacker to inject
14 August 2025
New data reveals insights into AI adoption in the workplace.
14 August 2025
Multiple HTTP/2 implementations have been found susceptible to a new attack technique called MadeYouReset that could be explored to conduct powerful denial-of-service (DoS) attacks.
"MadeYouReset bypasses the typical server-imposed limit of 100 concurrent HTTP/2 requests per TCP connection from a client. This limit is intended to mitigate DoS attacks by restricting the number of simultaneous
14 August 2025
Path traversal and XXE injection flaws allowing unauthenticated remote code execution have been patched in Xerox FreeFlow Core.
The post Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution appeared first on SecurityWeek.
14 August 2025
Japan's CERT coordination center (JPCERT/CC) on Thursday revealed it observed incidents that involved the use of a command-and-control (C2) framework called CrossC2, which is designed to extend the functionality of Cobalt Strike to other platforms like Linux and Apple macOS for cross-platform system control.
The agency said the activity was detected between September and December 2024, targeting
14 August 2025
CISA reported becoming aware of attacks exploiting CVE-2025-8875 and CVE-2025-8876 in N-able N-central on the day they were patched.
The post CISA Warns of Attacks Exploiting N-able Vulnerabilities appeared first on SecurityWeek.
14 August 2025
Enterprise passwords have become increasingly vulnerable in the past year.
14 August 2025
You check that the windows are shut before leaving home. Return to the kitchen to verify that the oven and stove were definitely turned off. Maybe even circle back again to confirm the front door was properly closed. These automatic safety checks give you peace of mind because you know the unlikely but potentially dangerous consequences of forgetting – a break-in, fire, or worse.
Your
14 August 2025
The new DDoS attack vector, which involves HTTP/2 implementation flaws, has been compared to Rapid Reset.
The post ‘MadeYouReset’ HTTP2 Vulnerability Enables Massive DDoS Attacks appeared first on SecurityWeek.
14 August 2025
Cybersecurity researchers have disclosed a new Android trojan called PhantomCard that abuses near-field communication (NFC) to conduct relay attacks for facilitating fraudulent transactions in attacks targeting banking customers in Brazil.
"PhantomCard relays NFC data from a victim's banking card to the fraudster's device," ThreatFabric said in a report. "PhantomCard is based on
14 August 2025
Story teaser text: Cybersecurity leaders face mounting pressure to stop attacks before they start, and the best defense may come down to the settings you choose on day one. In this piece, Yuriy Tsibere explores how default policies like deny-by-default, MFA enforcement, and application Ringfencing ™ can eliminate entire categories of risk. From disabling Office macros to blocking outbound server
14 August 2025
Researchers at enterprise browser security firm SquareX showed how an attacker can impersonate a user and bypass passkey security.
The post Passkey Login Bypassed via WebAuthn Process Manipulation appeared first on SecurityWeek.
14 August 2025
Google said it's implementing a new policy requiring developers of cryptocurrency exchanges and wallets to obtain government licenses before publishing apps in 15 jurisdictions in order to "ensure a safe and compliant ecosystem for users."
The policy applies to markets like Bahrain, Canada, Hong Kong, Indonesia, Israel, Japan, the Philippines, South Africa, South Korea, Switzerland, Thailand,
14 August 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
N-able N-central is a Remote Monitoring and Management (RMM) platform designed for Managed Service Providers (MSPs), allowing customers to efficiently manage and secure
13 August 2025
During the April incident, hackers gained access to a digital system which remotely controls one of the dam’s valves and opened it to increase the water flow.
The post Norwegian Police Say Pro-Russian Hackers Were Likely Behind Suspected Sabotage at a Dam appeared first on SecurityWeek.