Latest Cybersecurity News and Articles

---

Cybersecurity M&A Roundup: 44 Deals Announced in July 2025

Forty-four cybersecurity merger and acquisition (M&A) deals were announced in July 2025. The post Cybersecurity M&A Roundup: 44 Deals Announced in July 2025 appeared first on SecurityWeek.

---

Man-in-the-Middle Attack Prevention Guide

Some of the most devastating cyberattacks don’t rely on brute force, but instead succeed through stealth. These quiet intrusions often go unnoticed until long after the attacker has disappeared. Among the most insidious are man-in-the-middle (MITM) attacks, where criminals exploit weaknesses in communication protocols to silently position themselves between two unsuspecting parties

---

Northwest Radiologists Data Breach Impacts 350,000 Washingtonians

Northwest Radiologists says the personal information of 350,000 Washington State residents was stolen in a January 2025 data breach. The post Northwest Radiologists Data Breach Impacts 350,000 Washingtonians appeared first on SecurityWeek.

---

The Wild West of Shadow IT

Everyone’s an IT decision-maker now. The employees in your organization can install a plugin with just one click, and they don’t need to clear it with your team first. It’s great for productivity, but it’s a serious problem for your security posture. When the floodgates of SaaS and AI opened, IT didn’t just get democratized, its security got outpaced. Employees are onboarding apps faster than

---

Several Vulnerabilities Patched in AI Code Editor Cursor 

Attackers could silently modify sensitive MCP files to trigger the execution of arbitrary code without requiring user approval. The post Several Vulnerabilities Patched in AI Code Editor Cursor  appeared first on SecurityWeek.

---

Gene Sequencing Giant Illumina Settles for $9.8M Over Product Vulnerabilities

Illumina will pay $9.8 million to settle accusations that products provided to the US government were affected by cybersecurity flaws. The post Gene Sequencing Giant Illumina Settles for $9.8M Over Product Vulnerabilities appeared first on SecurityWeek.

---

PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads

Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong. "The botnet's rapid growth, which now exceeds 2,000 new infections per week, is driven by aggressive campaigns focusing on Spanish and French speakers, indicating a strategic

---

Legal aid cyber-attack has pushed sector towards collapse, say lawyers

Barristers report going unpaid and cases being turned away amid fears firms will desert legal aid work altogetherLawyers have warned that a cyber-attack on the Legal Aid Agency has pushed the sector into chaos, with barristers going unpaid, cases being turned away and fears a growing number of firms could desert legal aid work altogether.In May, the legal aid agency announced that the personal data of hundreds of thousands of legal aid applicants in England and Wales dating back to 2010 had been accessed and downloaded in a significant cyber-attack. Continue reading...

---

CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign

Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks. Palo Alto Networks Unit 42 said it observed multiple incidents in the region, including one aimed at critical telecommunications infrastructure between February and November 2024. The attacks are characterized by the

---

New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft

Cybersecurity researchers have flagged a previously undocumented Linux backdoor dubbed Plague that has managed to evade detection for a year. "The implant is built as a malicious PAM (Pluggable Authentication Module), enabling attackers to silently bypass system authentication and gain persistent SSH access," Nextron Systems researcher Pierre-Henri Pezier said. Pluggable Authentication Modules

---

Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices

SonicWall SSL VPN devices have become the target of Akira ransomware attacks as part of a newfound surge in activity observed in late July 2025. "In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall SSL VPNs," Arctic Wolf Labs researcher Julian Tuin said in a report. The cybersecurity company

---

Gen Z in the Crosshairs: Cybercriminals Shift Focus to Young, Digital-Savvy Workers

Should Gen Z to be treated as a separate attack surface within your company? The post Gen Z in the Crosshairs: Cybercriminals Shift Focus to Young, Digital-Savvy Workers appeared first on SecurityWeek.

---

54% of Organizations in UK and Ireland Lack Cloud Cost Visibility

A majority of organizations (54%) do not have complete visibility into cloud spends.

---

Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection

Cybersecurity researchers have disclosed a now-patched, high-severity security flaw in Cursor, a popular artificial intelligence (AI) code editor, that could result in remote code execution. The vulnerability, tracked as CVE-2025-54135 (CVSS score: 8.6), has been addressed in version 1.3 released on July 29, 2025. It has been codenamed CurXecute by Aim Labs, which previously disclosed EchoLeak.

---

In Other News: Microsoft Probes ToolShell Leak, Port Cybersecurity, Raspberry Pi ATM Hack

Noteworthy stories that might have slipped under the radar: Microsoft investigates whether the ToolShell exploit was leaked via MAPP, two reports on port cybersecurity, physical backdoor used for ATM hacking attempt. The post In Other News: Microsoft Probes ToolShell Leak, Port Cybersecurity, Raspberry Pi ATM Hack appeared first on SecurityWeek.

---

Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts

Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applications to facilitate credential harvesting as part of account takeover attacks. "The fake Microsoft 365 applications impersonate various companies, including RingCentral, SharePoint, Adobe, and Docusign," Proofpoint said in a Thursday report. The

---

Is There Value in Being a Certified Ethical Hacker? Research Says Yes

A new report provides a comprehensive look at the value of Certified Ethical Hacker (CEH) credentials. 

---

Microsoft Boosts .NET Bounty Program Rewards to $40,000

Valid, complete reports detailing remote code execution or elevation of privilege bugs in .NET qualify for the maximum rewards. The post Microsoft Boosts .NET Bounty Program Rewards to $40,000 appeared first on SecurityWeek.

---

Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft

Russian state-sponsored APT Secret Blizzard has used ISP-level AitM attacks to infect diplomatic devices with malware. The post Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft appeared first on SecurityWeek.

---

AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown

Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet drainer. The package, @kodane/patch-manager, claims to offer "advanced license validation and registry optimization utilities for high-performance Node.js applications." It was uploaded to npm by a user named "Kodane" on July 28, 2025. The