Latest Cybersecurity News and Articles
18 July 2025
Cyber threat group APT 28 has been responsible for deploying a sophisticated malware against user email accounts as part of its operations.
18 July 2025
Radiology Associates of Richmond has disclosed a data breach impacting protected health and personal information.
The post 1.4 Million Affected by Data Breach at Virginia Radiology Practice appeared first on SecurityWeek.
18 July 2025
Google on Thursday revealed it's pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and residential proxy infrastructure.
"The BADBOX 2.0 botnet compromised over 10 million uncertified devices running Android's open-source software (Android Open Source Project), which lacks Google's security protections,"
18 July 2025
With generative AI enabling fraud-as-a-service at scale, legacy defenses are crumbling. The next wave of cybercrime is faster, smarter, and terrifyingly synthetic.
The post Fraud: A Growth Industry Powered by Gen-AI appeared first on SecurityWeek.
18 July 2025
Cybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that could pose a severe threat to managed AI cloud services.
The vulnerability, tracked as CVE-2025-23266, carries a CVSS score of 9.0 out of 10.0. It has been codenamed NVIDIAScape by Google-owned cloud security company Wiz.
"NVIDIA Container Toolkit for all platforms contains a
18 July 2025
With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations during an incident. One of the key drivers behind this shift is the growing threat of ransomware, which continues to evolve in both frequency and complexity. Ransomware-as-a-Service (RaaS) platforms have made it possible for even inexperienced threat actors with
18 July 2025
The CitrixBleed 2 vulnerability in NetScaler may expose organizations to compromise even if patches have been applied.
The post CitrixBleed 2: 100 Organizations Hacked, Thousands of Instances Still Vulnerable appeared first on SecurityWeek.
18 July 2025
Google has filed a lawsuit against the Badbox 2.0 botnet operators, after identifying over 10 million infected Android devices.
The post Google Sues Operators of 10-Million-Device Badbox 2.0 Botnet appeared first on SecurityWeek.
18 July 2025
Wiz researchers discovered NVIDIAScape, an Nvidia Container Toolkit flaw that can be exploited for full control of the host machine.
The post Critical Nvidia Toolkit Flaw Exposes AI Cloud Services to Hacking appeared first on SecurityWeek.
18 July 2025
Anne Arundel Dermatology said hackers had access to its systems for three months and may have stolen personal and health information.
The post Anne Arundel Dermatology Data Breach Impacts 1.9 Million People appeared first on SecurityWeek.
18 July 2025
A settlement has been reached in the class action brought by investors against Meta over the Cambridge Analytica incident, but details have not been shared.
The post Settlement Reached in Investors’ Lawsuit Against Meta CEO Mark Zuckerberg and Other Company Leaders appeared first on SecurityWeek.
17 July 2025
Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald's was exposed after they guessed the password ("123456") for the fast food chain's account at Paradox.ai, a company that makes artificial intelligence based hiring chatbots used by many Fortune 500 companies. Paradox.ai said the security oversight was an isolated incident that did not affect its other customers, but recent security breaches involving its employees in Vietnam tell a more nuanced story.
17 July 2025
Threat actors are leveraging public GitHub repositories to host malicious payloads and distribute them via Amadey as part of a campaign observed in April 2025.
"The MaaS [malware-as-a-service] operators used fake GitHub accounts to host payloads, tools, and Amadey plug-ins, likely as an attempt to bypass web filtering and for ease of use," Cisco Talos researchers Chris Neal and Craig Jackson
17 July 2025
Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryptocurrency miner called Linuxsys.
The vulnerability in question is CVE-2021-41773 (CVSS score: 7.5), a high-severity path traversal vulnerability in Apache HTTP Server version 2.4.49 that could result in remote code execution.
"The attacker leverages
17 July 2025
A report reveals that while 83% of U.S. business leaders are fast-tracking AI and automation initiatives in response to trade uncertainty, 69% remain stuck in tactical reactions or have frozen strategic investments.
17 July 2025
Cybersecurity startup Empirical Security has raised $12 million in seed funding for its vulnerability management platform.
The post Empirical Security Raises $12 Million for AI-Driven Vulnerability Management appeared first on SecurityWeek.
17 July 2025
Karen Serobovich Vardanyan pleaded not guilty to charges related to his alleged role in the Ryuk ransomware operation.
The post Armenian Man Extradited to US Over Ryuk Ransomware Attacks appeared first on SecurityWeek.
17 July 2025
Hacktivists are increasingly targeting critical infrastructure.
17 July 2025
Deployed on mobile devices confiscated by Chinese law enforcement, Massistant can collect user information, files, and location.
The post Mobile Forensics Tool Used by Chinese Law Enforcement Dissected appeared first on SecurityWeek.
17 July 2025
An international operation coordinated by Europol has disrupted the infrastructure of a pro-Russian hacktivist group known as NoName057(16) that has been linked to a string of distributed denial-of-service (DDoS) attacks against Ukraine and its allies.
The actions have led to the dismantling of a major part of the group's central server infrastructure and more than 100 systems across the world.