Latest Cybersecurity News and Articles
10 April 2025
Law enforcement agencies in multiple countries have announced the arrests of users of the malicious Smokeloader botnet.
The post Europol Targets Customers of Smokeloader Pay-Per-Install Botnet appeared first on SecurityWeek.
10 April 2025
Research has shown a recent increase in email bombing attacks.
10 April 2025
Trump orders a termination of any active security clearances held by Krebs and a suspension of clearances held by individuals at SentinelOne.
The post Trump Revokes Security Clearance for Ex-CISA Director Chris Krebs appeared first on SecurityWeek.
10 April 2025
Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk.
The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for
10 April 2025
Juniper Networks has patched two dozen vulnerabilities in Junos OS and Junos OS Evolved, and dozens of flaws in Junos Space third-party dependencies.
The post Juniper Networks Patches Dozens of Junos Vulnerabilities appeared first on SecurityWeek.
10 April 2025
Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries to execute malicious code in what's seen as a sneakier attempt to stage a software supply chain attack.
The newly discovered package, named pdf-to-office, masquerades as a utility for converting PDF files to Microsoft Word documents. But, in
10 April 2025
Routers are the riskiest devices in enterprise networks as they contain the most critical vulnerabilities, a new Forescout report shows.
The post Study Identifies 20 Most Vulnerable Connected Devices of 2025 appeared first on SecurityWeek.
10 April 2025
Overview of the PlayPraetor Masquerading Party Variants
CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown to 16,000+ with multiple variants. This research is ongoing, and much more is expected to be discovered in the coming days.
As before, all the newly discovered play
10 April 2025
GitHub security campaigns make it easier for developers and security teams to collaborate on fixing vulnerabilities in their applications.
The post GitHub Announces General Availability of Security Campaigns appeared first on SecurityWeek.
10 April 2025
AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis highlights how these autonomous software entities can make decisions, chain complex actions together, and operate continuously without human intervention. They're no longer just tools,
10 April 2025
The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel.
The group targeted the military mission of a Western country, per the Symantec Threat Hunter team, with first signs of the malicious activity detected on
10 April 2025
Researchers find vulnerabilities that can be exploited to remotely take control of a Nissan Leaf’s functions, including physical controls.
The post Nissan Leaf Hacked for Remote Spying, Physical Takeover appeared first on SecurityWeek.
10 April 2025
Sensata has informed the SEC that shipping, manufacturing and other operations have been impacted by a ransomware attack.
The post Operations of Sensor Giant Sensata Disrupted by Ransomware Attack appeared first on SecurityWeek.
10 April 2025
Law enforcement authorities have announced that they tracked down the customers of the SmokeLoader malware and detained at least five individuals.
"In a coordinated series of actions, customers of the Smokeloader pay-per-install botnet, operated by the actor known as 'Superstar,' faced consequences such as arrests, house searches, arrest warrants or 'knock and talks,'" Europol said in a
10 April 2025
CAPTCHA-evading Python framework AkiraBot has spammed over 80,000 websites with AI-generated spam messages.
The post ‘AkiraBot’ Spammed 80,000 Websites With AI-Generated Messages appeared first on SecurityWeek.
10 April 2025
Cybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that's used to spam website chats, comment sections, and contact forms to promote dubious search engine optimization (SEO) services such as Akira and ServicewrapGO.
"AkiraBot has targeted more than 400,000 websites and successfully spammed at least 80,000 websites since September
10 April 2025
Security leaders share their thoughts on the NSA director dismissal, providing insights as to why it may have occurred.
09 April 2025
Google plans to unleash automated AI agents into overtaxed SOCs to reduce the manual workload for cybersecurity investigators.
The post Google Targets SOC Overload With Automated AI Alert and Malware Analysis Tools appeared first on SecurityWeek.
09 April 2025
The greatest security policies in the world are useless if enterprises don’t have a reasonable, consistent, and reliable way to implement them.
The post Groucho’s Wit, Cloud Complexity, and the Case for Consistent Security Policy appeared first on SecurityWeek.
09 April 2025
Agentic AI has improved spear phishing effectiveness by 55% since 2023, research shows.
The post AI Now Outsmarts Humans in Spear Phishing, Analysis Shows appeared first on SecurityWeek.