Latest Cybersecurity News and Articles
19 June 2025
Cisco has resolved a high-severity vulnerability in Meraki MX and Meraki Z devices. Atlassian pushed patches for multiple third-party dependencies.
The post High-Severity Vulnerabilities Patched by Cisco, Atlassian appeared first on SecurityWeek.
19 June 2025
Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords (or app passwords) as part of a novel social engineering tactic designed to gain access to victims' emails.
Details of the highly targeted campaign were disclosed by Google Threat Intelligence Group (GTIG) and the Citizen Lab, stating the activity
19 June 2025
A hacker is selling allegedly valuable data stolen from Scania, but the truck maker believes impact is very limited.
The post Swedish Truck Giant Scania Investigating Hack appeared first on SecurityWeek.
19 June 2025
Meta Platforms on Wednesday announced that it's adding support for passkeys, the next-generation password standard, on Facebook.
"Passkeys are a new way to verify your identity and login to your account that's easier and more secure than traditional passwords," the tech giant said in a post.
Support for passkeys is expected to be available "soon" on Android and iOS mobile devices. The feature is
18 June 2025
Cybersecurity researchers have uncovered two local privilege escalation (LPE) flaws that could be exploited to gain root privileges on machines running major Linux distributions.
The vulnerabilities, discovered by Qualys, are listed below -
CVE-2025-6018 - LPE from unprivileged to allow_active in SUSE 15's Pluggable Authentication Modules (PAM)
CVE-2025-6019 - LPE from allow_active to root in
18 June 2025
Russian hackers posed as US State Department staff and convinced targets to generate and give up Google app-specific passwords.
The post Russian Hackers Bypass Gmail MFA with App Specific Password Ruse appeared first on SecurityWeek.
18 June 2025
Misconfigured permissions in Google’s Gerrit code collaboration platform could have led to the compromise of ChromiumOS and other Google projects.
The post Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection appeared first on SecurityWeek.
18 June 2025
A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments embedded in phishing emails.
The ongoing campaign has been codenamed SERPENTINE#CLOUD by Securonix.
It leverages "the Cloudflare Tunnel infrastructure and Python-based loaders to deliver memory-injected payloads through a chain of shortcut files and obfuscated
18 June 2025
A new multi-stage malware campaign is targeting Minecraft users with a Java-based malware that employs a distribution-as-service (DaaS) offering called Stargazers Ghost Network.
"The campaigns resulted in a multi-stage attack chain targeting Minecraft users specifically," Check Point researchers Jaromír Hořejší and Antonis Terefos said in a report shared with The Hacker News.
"The malware was
18 June 2025
Citrix has released patches for critical- and high-severity vulnerabilities in NetScaler and Secure Access Client and Workspace for Windows.
The post Critical Vulnerability Patched in Citrix NetScaler appeared first on SecurityWeek.
18 June 2025
Qualys has disclosed two Linux vulnerabilities that can be chained for full root access, and CISA added a flaw to its KEV catalog.
The post Linux Security: New Flaws Allow Root Access, CISA Warns of Old Bug Exploitation appeared first on SecurityWeek.
18 June 2025
Researchers have discovered that the Python Package Index (PyPI) has a malicious package in its repository.
18 June 2025
For organizations eyeing the federal market, FedRAMP can feel like a gated fortress. With strict compliance requirements and a notoriously long runway, many companies assume the path to authorization is reserved for the well-resourced enterprise. But that’s changing.
In this post, we break down how fast-moving startups can realistically achieve FedRAMP Moderate authorization without derailing
18 June 2025
Adopting a layered defense strategy that includes human-centric tools and updating security components.
The post Mitigating AI Threats: Bridging the Gap Between AI and Legacy Security appeared first on SecurityWeek.
18 June 2025
OpenAI has been awarded a $200 million contract for AI capabilities to help the Defense Department address national security challenges.
The post OpenAI to Help DoD With Cyber Defense Under New $200 Million Contract appeared first on SecurityWeek.
18 June 2025
Cybersecurity researchers have exposed a previously unknown threat actor known as Water Curse that relies on weaponized GitHub repositories to deliver multi-stage malware.
"The malware enables data exfiltration (including credentials, browser data, and session tokens), remote access, and long-term persistence on infected systems," Trend Micro researchers Jovit Samaniego, Aira Marcelo, Mohamed
18 June 2025
Google has released a Chrome 137 update to resolve two memory bugs in the browser’s V8 and Profiler components.
The post Chrome 137 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
18 June 2025
Veeam and BeyondTrust have resolved several vulnerabilities that could be exploited for remote code execution.
The post Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Products appeared first on SecurityWeek.
18 June 2025
Hackers have stolen personal and health information belonging to the customers of healthcare organizations served by Episource.
The post Data Breach at Healthcare Services Firm Episource Impacts 5.4 Million People appeared first on SecurityWeek.
18 June 2025
A former U.S. Central Intelligence Agency (CIA) analyst has been sentenced to little more than three years in prison for unlawfully retaining and transmitting top secret National Defense Information (NDI) to people who were not entitled to receive them and for attempting to cover up the malicious activity.
Asif William Rahman, 34, of Vienna, has been sentenced today to 37 months on charges of