Latest Cybersecurity News and Articles
24 July 2025
HeroDevs has received a $125 million strategic growth investment from PSG to secure enterprise security stacks.
The post HeroDevs Raises $125 Million to Secure Deprecated OSS appeared first on SecurityWeek.
24 July 2025
The proposed cyber regulations include the implementation of incident reporting, response plans, and cybersecurity controls, training, and certification of compliance.
The post New York Seeking Public Opinion on Water Systems Cyber Regulations appeared first on SecurityWeek.
24 July 2025
Risk management and compliance solutions provider Vanta has raised more than $500 million since 2021.
The post GRC Firm Vanta Raises $150 Million at $4.15 Billion Valuation appeared first on SecurityWeek.
24 July 2025
Clorox is blaming Congnizat for the 2023 cyberattack, claiming that the IT provided handed over passwords to the hackers.
The post Clorox Sues Cognizant for $380 Million Over 2023 Hack appeared first on SecurityWeek.
24 July 2025
Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone!
Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud,
24 July 2025
Hackers have injected malware into popular NPM packages after compromising several developer accounts in a fresh phishing campaign.
The post High-Value NPM Developers Compromised in New Phishing Campaign appeared first on SecurityWeek.
24 July 2025
You wouldn’t run your blue team once a year, so why accept this substandard schedule for your offensive side?
Your cybersecurity teams are under intense pressure to be proactive and to find your network’s weaknesses before adversaries do. But in many organizations, offensive security is still treated as a one-time event: an annual pentest, a quarterly red team engagement, maybe an audit sprint
24 July 2025
The Tibetan community has been targeted by a China-nexus cyber espionage group as part of two campaigns conducted last month ahead of the Dalai Lama's 90th birthday on July 6, 2025.
The multi-stage attacks have been codenamed Operation GhostChat and Operation PhantomPrayers by Zscaler ThreatLabz.
"The attackers compromised a legitimate website, redirecting users via a malicious link and
24 July 2025
Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems.
The tech giant, in an update shared Wednesday, said the findings are based on an "expanded analysis and threat intelligence from our continued monitoring of exploitation activity by Storm-2603."
The threat actor attributed to the financially
24 July 2025
SonicWall advises organizations to patch SMA 100 appliances and look for IoCs associated with Overstep malware attacks.
The post SonicWall Patches Critical SMA 100 Vulnerability, Warns of Recent Malware Attack appeared first on SecurityWeek.
24 July 2025
President Donald Trump has unveiled a sweeping new plan for America’s “global dominance” in artificial intelligence.
The post From Tech Podcasts to Policy: Trump’s New AI Plan Leans Heavily on Silicon Valley Industry Ideas appeared first on SecurityWeek.
24 July 2025
More information has emerged on the ToolShell SharePoint zero-day attacks, including impact, victims, and threat actors.
The post ToolShell Attacks Hit 400+ SharePoint Servers, US Government Victims Named appeared first on SecurityWeek.
24 July 2025
Europol on Monday announced the arrest of the suspected administrator of XSS.is (formerly DaMaGeLaB), a notorious Russian-speaking cybercrime platform.
The arrest, which took place in Kyiv, Ukraine, on July 222, 2025, was led by the French Police and Paris Prosecutor, in collaboration with Ukrainian authorities and Europol. The action is the result of an investigation that was launched by the
24 July 2025
Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the "mu-plugins" directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary actions.
Must-use plugins (aka mu-plugins) are special plugins that are automatically activated on all WordPress sites in the installation. They are located in the "wp-content/mu-plugins"
23 July 2025
The threat actor behind the exploitation of vulnerable Craft Content Management System (CMS) instances has shifted its tactics to target Magento CMS and misconfigured Docker instances.
The activity has been attributed to a threat actor tracked as Mimo (aka Hezb), which has a long history of leveraging N-day security flaws in various web applications to deploy cryptocurrency miners.
"Although
23 July 2025
AI voice clones can impersonate people in a way that Altman said is increasingly “indistinguishable from reality” and will require new methods for verification.
The post OpenAI’s Sam Altman Warns of AI Voice Fraud Crisis in Banking appeared first on SecurityWeek.
23 July 2025
The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework called UI Automation (UIA) to harvest sensitive information.
"The new Coyote variant is targeting Brazilian users, and uses UIA to extract credentials linked to 75 banking institutes' web addresses and cryptocurrency exchanges," Akamai security researcher Tomer
23 July 2025
Experts unpack the risks of trusting agentic AI, arguing that fallibility, hype, and a lack of transparency demand caution—before automation outpaces our understanding.
The post Should We Trust AI? Three Approaches to AI Fallibility appeared first on SecurityWeek.
23 July 2025
French authorities announced that an alleged admin of XSS.is, one of the longest-running cybercrime forums, has been arrested in Ukraine.
The post France Says Administrator of Cybercrime Forum XSS Arrested in Ukraine appeared first on SecurityWeek.
23 July 2025
Critics warn that a ban on ransomware payments may lead to dangerous unintended consequences, including forcing victims into secrecy or incentivizing attackers to shift tactics.
The post UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble? appeared first on SecurityWeek.