Latest Cybersecurity News and Articles
20 June 2025
Threat actors are exploiting a critical-severity vulnerability in Motors theme for WordPress to change arbitrary user passwords.
The post Motors Theme Vulnerability Exploited to Hack WordPress Websites appeared first on SecurityWeek.
20 June 2025
WhatsApp told SecurityWeek that it linked the exploited FreeType vulnerability CVE-2025-27363 to a Paragon exploit.
The post FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks appeared first on SecurityWeek.
20 June 2025
Hackers never sleep, so why should enterprise defenses? Threat actors prefer to target businesses during off-hours. That’s when they can count on fewer security personnel monitoring systems, delaying response and remediation.
When retail giant Marks & Spencer experienced a security event over Easter weekend, they were forced to shut down their online operations, which account for
20 June 2025
Cloudflare on Thursday said it autonomously blocked the largest ever distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps).
The attack, which was detected in mid-May 2025, targeted an unnamed hosting provider.
"Hosting providers and critical Internet infrastructure have increasingly become targets of DDoS attacks," Cloudflare's Omer
20 June 2025
A threat actor is abusing Cloudflare Tunnels for the delivery of a Python loader as part of a complex infection chain.
The post Cloudflare Tunnels Abused in New Malware Campaign appeared first on SecurityWeek.
20 June 2025
Krispy Kreme is sharing more information on the data breach resulting from the ransomware attack targeting the company in 2024.
The post 161,000 People Impacted by Krispy Kreme Data Breach appeared first on SecurityWeek.
20 June 2025
Cybersecurity researchers have uncovered a new campaign in which the threat actors have published more than 67 GitHub repositories that claim to offer Python-based hacking tools, but deliver trojanized payloads instead.
The activity, codenamed Banana Squad by ReversingLabs, is assessed to be a continuation of a rogue Python campaign that was identified in 2023 as targeting the Python Package
20 June 2025
Personal data of former and current council workers, including election staff, may have been accessed by hackers.
The post Hackers Access Legacy Systems in Oxford City Council Cyberattack appeared first on SecurityWeek.
19 June 2025
Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique campaigns.
"Operated by the financially motivated threat actor LARVA-398, AntiDot is actively sold as a Malware-as-a-Service (MaaS) on underground forums and has been linked to a wide range of mobile campaigns," PRODAFT said in a report
19 June 2025
Israel-linked Predatory Sparrow hackers torched more than $90 million at Iran’s largest cryptobank as Israel-Iran cyberwar escalates.
The post Predatory Sparrow Burns $90 Million on Iranian Crypto Exchange in Cyber Shadow War appeared first on SecurityWeek.
19 June 2025
Scania, a transport solution organization, has confirmed it faced a cybersecurity incident.
19 June 2025
Scattered Spider, who is believed to be responsible for several cyberattacks against the retail sector in recent months, has apparently shifted targets to the insurance sector.
19 June 2025
Trend Micro and ReversingLabs uncovered over 100 GitHub accounts distributing malware embedded in open source hacking tools.
The post New Campaigns Distribute Malware via Open Source Hacking Tools appeared first on SecurityWeek.
19 June 2025
The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices.
Huntress, which revealed details of the cyber intrusion, said the attack targeted an unnamed cryptocurrency foundation employee, who received a
19 June 2025
DALL-E for coders? That’s the promise behind vibe coding, a term describing the use of natural language to create software. While this ushers in a new era of AI-generated code, it introduces "silent killer" vulnerabilities: exploitable flaws that evade traditional security tools despite perfect test performance.
A detailed analysis of secure vibe coding practices is available here.
TL;DR: Secure
19 June 2025
A ransomware group has claimed the theft of millions of files from procurement service provider Chain IQ and 19 other companies.
The post Chain IQ, UBS Data Stolen in Ransomware Attack appeared first on SecurityWeek.
19 June 2025
After decades of failed attempts to access encrypted communications, governments are shifting from persuasion to coercion—security experts say the risks are too high.
The post Encryption Backdoors: The Security Practitioners’ View appeared first on SecurityWeek.
19 June 2025
Krispy Kreme is sending notifications to thousands of people impacted by the data breach that came to light at the end of 2024.
The post Krispy Kreme Confirms Data Breach After Ransomware Attack appeared first on SecurityWeek.
19 June 2025
Most cyberattacks today don’t start with loud alarms or broken firewalls. They start quietly—inside tools and websites your business already trusts.
It’s called “Living Off Trusted Sites” (LOTS)—and it’s the new favorite strategy of modern attackers. Instead of breaking in, they blend in.
Hackers are using well-known platforms like Google, Microsoft, Dropbox, and Slack as launchpads. They hide
19 June 2025
In a rapidly changing AI environment, CISOs are worried about investing in the wrong solution or simply not investing because they can’t decide what the best option is.
The post Choosing a Clear Direction in the Face of Growing Cybersecurity Demands appeared first on SecurityWeek.