Latest Cybersecurity News and Articles

---

AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar

AI is changing everything — from how we code, to how we sell, to how we secure. But while most conversations focus on what AI can do, this one focuses on what AI can break — if you’re not paying attention. Behind every AI agent, chatbot, or automation script lies a growing number of non-human identities — API keys, service accounts, OAuth tokens — silently operating in the background. And here’s

---

Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior

Hirundo tackles AI hallucinations and bias by making trained models “forget” poisoned, malicious, and confidential data. The post Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior appeared first on SecurityWeek.

---

Security Leaders Discuss the Whole Foods Distributor Cyberattack

Security leaders discuss the Whole Foods distributor cyberattack, with insights on attacker motivations as well as risk mitigation strategies.  

---

New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches

The new attack technique uses smartwatches to capture ultrasonic covert communication in air-gapped environments and exfiltrate data. The post New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches appeared first on SecurityWeek.

---

European journalists targeted with Paragon Solutions spyware, say researchers

Citizen Lab says it found ‘digital fingerprints’ of military-grade spyware that Italy has admitted using against activistsThe hacking mystery roiling the Italian prime minister Giorgia Meloni’s rightwing government is deepening after researchers said they had found new evidence that two more journalists were targeted using the same military-grade spyware that Italy has admitted to using against activists.A parliamentary committee overseeing intelligence confirmed earlier this month that Italy had used mercenary spyware made by Israel-based Paragon Solutions against two Italian activists. Continue reading...

---

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

A novel attack technique named EchoLeak has been characterized as a "zero-click" artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 Copilot's context sans any user interaction. The critical-rated vulnerability has been assigned the CVE identifier CVE-2025-32711 (CVSS score: 9.3). It requires no customer action and has been already

---

‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot

Microsoft recently patched CVE-2025-32711, a vulnerability that could have been used for zero-click attacks to steal data from Copilot. The post ‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot appeared first on SecurityWeek.

---

Non-Human Identities: How to Address the Expanding Security Risk

Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Non-human identities also referred to as machine identities. GitGuardian’s end-to-end NHI security platform is here to close the gap. Enterprises are Losing Track of Their Machine Identities Machine identities–service

---

The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce

It’s time for enterprises to stop treating unmanaged devices as an edge case and start securing them as part of a unified Zero Trust strategy. The post The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce appeared first on SecurityWeek.

---

Surge in Cyberattacks Targeting Journalists: Cloudflare

Between May 2024 and April 2025, Cloudflare blocked 109 billion malicious requests targeting organizations protected under Project Galileo. The post Surge in Cyberattacks Targeting Journalists: Cloudflare appeared first on SecurityWeek.

---

Palo Alto Networks Patches Privilege Escalation Vulnerabilities

Palo Alto Networks has released patches for seven vulnerabilities and incorporated the latest Chrome fixes in its products. The post Palo Alto Networks Patches Privilege Escalation Vulnerabilities appeared first on SecurityWeek.

---

Interpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims Notified

Interpol has announced a crackdown on infostealer malware in Asia as part of an effort called Operation Secure. The post Interpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims Notified appeared first on SecurityWeek.

---

ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

ConnectWise has disclosed that it's planning to rotate the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management (RMM) executables due to security concerns. The company said it's doing so "due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions.

---

Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool

Cybersecurity researchers have uncovered a new account takeover (ATO) campaign that leverages an open-source penetration testing framework called TeamFiltration to breach Microsoft Entra ID (formerly Azure Active Directory) user accounts. The activity, codenamed UNK_SneakyStrike by Proofpoint, has affected over 80,000 targeted user accounts across hundreds of organizations' cloud tenants since a

---

With Retail Cyberattacks on the Rise, Customers Find Orders Blocked and Shelves Empty

Beyond potentially halting sales of physical goods, breaches can expose customers’ personal data to future phishing or fraud attempts. The post With Retail Cyberattacks on the Rise, Customers Find Orders Blocked and Shelves Empty appeared first on SecurityWeek.

---

Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access to target networks. "Recently, attackers have introduced Python script execution alongside these techniques, using cURL requests to fetch and deploy malicious payloads," ReliaQuest said in a report

---

Securonix Acquires Threat Intelligence Firm ThreatQuotient

Cybersecurity heavyweight Securonix acquires ThreatQuotient to boost plans to build an all-in-one security operations stack. The post Securonix Acquires Threat Intelligence Firm ThreatQuotient appeared first on SecurityWeek.

---

Maze Banks $25M to Tackle Cloud Security with AI Agents

Maze and its investors are betting on finding profits in software that uses AI-powered agents to automate critical parts of the process. The post Maze Banks $25M to Tackle Cloud Security with AI Agents appeared first on SecurityWeek.

---

Flaw in Industrial Computer Maker’s UEFI Apps Enables Secure Boot Bypass on Many Devices

Vulnerable DTResearch UEFI firmware applications can be used in BYOVD attacks to bypass Secure Boot. The post Flaw in Industrial Computer Maker’s UEFI Apps Enables Secure Boot Bypass on Many Devices appeared first on SecurityWeek.

---

295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager

Threat intelligence firm GreyNoise has warned of a "coordinated brute-force activity" targeting Apache Tomcat Manager interfaces. The company said it observed a surge in brute-force and login attempts on June 5, 2025, an indication that they could be deliberate efforts to "identify and access exposed Tomcat services at scale." To that end, 295 unique IP addresses have been found to be engaged