Latest Cybersecurity News and Articles
29 July 2025
Until recently, the cyber attacker methodology behind the biggest breaches of the last decade or so has been pretty consistent:
Compromise an endpoint via software exploit, or social engineering a user to run malware on their device;
Find ways to move laterally inside the network and compromise privileged identities;
Repeat as needed until you can execute your desired attack — usually
29 July 2025
The TCC bypass could expose information cached by Apple Intelligence, including geolocation and biometric data.
The post Sploitlight: macOS Vulnerability Leaks Sensitive Information appeared first on SecurityWeek.
29 July 2025
Dropzone AI has announced a Series B funding round led by Theory Ventures to boost its AI SOC solution.
The post Dropzone AI Raises $37 Million for Autonomous SOC Analyst appeared first on SecurityWeek.
29 July 2025
Cybersecurity researchers have discovered a new, large-scale mobile malware campaign that's targeting Android and iOS platforms with fake dating, social networking, cloud storage, and car service apps to steal sensitive personal data.
The cross-platform threat has been codenamed SarangTrap by Zimperium zLabs. Users in South Korea appear to be the primary focus.
"This extensive campaign involved
29 July 2025
From prompt injection to emergent behavior, today’s curious AI models are quietly breaching trust boundaries.
The post From Ex Machina to Exfiltration: When AI Gets Too Curious appeared first on SecurityWeek.
29 July 2025
React conquered XSS? Think again. That's the reality facing JavaScript developers in 2025, where attackers have quietly evolved their injection techniques to exploit everything from prototype pollution to AI-generated code, bypassing the very frameworks designed to keep applications secure.
Full 47-page guide with framework-specific defenses (PDF, free).
JavaScript conquered the web, but with
29 July 2025
Threat actors are exploiting a two-year-old vulnerability in PaperCut that allows them to execute arbitrary code remotely.
The post Organizations Warned of Exploited PaperCut Flaw appeared first on SecurityWeek.
29 July 2025
Fable Security has emerged from stealth mode with a solution designed to detect risky behaviors and educate employees.
The post Fable Security Raises $31 Million for Human Risk Management Platform appeared first on SecurityWeek.
29 July 2025
Aanchal Gupta has been named CSO at Adobe after holding cybersecurity leadership roles at Microsoft for more than five years.
The post Aanchal Gupta Joins Adobe as Chief Security Officer appeared first on SecurityWeek.
29 July 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security vulnerability impacting PaperCutNG/MF print management software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerability, tracked as CVE-2023-2533 (CVSS score: 8.4), is a cross-site request forgery (CSRF) bug that could
28 July 2025
Creating realistic deepfakes is easier than ever, causing security problems for governments, businesses and individuals and making trust the most valuable currency of the digital age.
The post Creating Realistic Deepfakes Is Getting Easier Than Ever. Fighting Back May Take Even More AI appeared first on SecurityWeek.
28 July 2025
Ukrainian and Belarusian hacker groups, which oppose the rule of Belarusian President Alexander Lukashenko, claimed responsibility for the cyberattack.
The post Cyberattack On Russian Airline Aeroflot Causes the Cancellation of More Than 100 Flights appeared first on SecurityWeek.
28 July 2025
In what's the latest instance of a software supply chain attack, unknown threat actors managed to compromise Toptal's GitHub organization account and leveraged that access to publish 10 malicious packages to the npm registry.
The packages contained code to exfiltrate GitHub authentication tokens and destroy victim systems, Socket said in a report published last week. In addition, 73 repositories
28 July 2025
NASCAR says names, Social Security numbers, and other personal information was stolen in an April 2025 ransomware attack.
The post NASCAR Confirms Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.
28 July 2025
Root Evidence is developing fully integrated vulnerability scanning and attack surface management technology.
The post Root Evidence Launches With $12.5 Million in Seed Funding appeared first on SecurityWeek.
28 July 2025
The financially motivated group is pivoting from Active Directory to VMware vSphere environments, deploying ransomware from the hypervisor.
The post Scattered Spider Targeting VMware vSphere Environments appeared first on SecurityWeek.
28 July 2025
Some risks don’t breach the perimeter—they arrive through signed software, clean resumes, or sanctioned vendors still hiding in plain sight.
This week, the clearest threats weren’t the loudest—they were the most legitimate-looking. In an environment where identity, trust, and tooling are all interlinked, the strongest attack path is often the one that looks like it belongs. Security teams are
28 July 2025
Allianz subsidiary said the information of customers, financial professionals and employees was compromised as a result of a hack.
The post Allianz Life Data Breach Impacts Most of 1.4 Million US Customers appeared first on SecurityWeek.
28 July 2025
Picture this: you’ve hardened every laptop in your fleet with real‑time telemetry, rapid isolation, and automated rollback. But the corporate mailbox—the front door for most attackers—is still guarded by what is effectively a 1990s-era filter.
This isn't a balanced approach. Email remains a primary vector for breaches, yet we often treat it as a static stream of messages instead of a dynamic,
28 July 2025
The emerging Chaos ransomware appears to be a rebranding of BlackSuit, which had its leak site seized by law enforcement.
The post BlackSuit Ransomware Group Transitioning to ‘Chaos’ Amid Leak Site Seizure appeared first on SecurityWeek.