Latest Cybersecurity News and Articles
06 June 2025
An observed voice phishing campaign is impersonating IT support workers.
06 June 2025
Noteworthy stories that might have slipped under the radar: FBI issues an alert on BadBox 2 botnet, NSO disputing the $168 million WhatsApp fine, 1,000 people left CISA since Trump took office.
The post In Other News: FBI Warns of BadBox 2, NSO Disputes WhatsApp Fine, 1,000 Leave CISA appeared first on SecurityWeek.
06 June 2025
When generative AI tools became widely available in late 2022, it wasn’t just technologists who paid attention. Employees across all industries immediately recognized the potential of generative AI to boost productivity, streamline communication and accelerate work. Like so many waves of consumer-first IT innovation before it—file sharing, cloud storage and collaboration platforms—AI landed in
06 June 2025
India's Central Bureau of Investigation (CBI) has revealed that it has arrested four individuals and dismantled two illegal call centers that were found to be engaging in a sophisticated transnational tech support scam targeting Japanese citizens.
The law enforcement agency said it conducted coordinated searches at 19 locations across Delhi, Haryana, and Uttar Pradesh on May 28, 2025, as part of
06 June 2025
The number of cybersecurity-related merger and acquisition (M&A) announcements surged in May 2025.
The post Cybersecurity M&A Roundup: 42 Deals Announced in May 2025 appeared first on SecurityWeek.
06 June 2025
Data security firm MIND has raised $30 million in Series A funding to expand its R&D and go-to-market teams.
The post MIND Raises $30 Million for Data Loss Prevention appeared first on SecurityWeek.
06 June 2025
Cybersecurity involves both playing the good guy and the bad guy. Diving deep into advanced technologies and yet also going rogue in the Dark Web. Defining technical policies and also profiling attacker behavior. Security teams cannot be focused on just ticking boxes, they need to inhabit the attacker’s mindset.
This is where AEV comes in.
AEV (Adversarial Exposure Validation) is an advanced
06 June 2025
A Russia-linked threat actor has used the destructive malware dubbed PathWiper against a critical infrastructure organization in Ukraine.
The post Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure appeared first on SecurityWeek.
06 June 2025
Cisco has released patches for a critical vulnerability impacting cloud deployments of Identity Services Engine (ISE).
The post Cisco Patches Critical ISE Vulnerability With Public PoC appeared first on SecurityWeek.
06 June 2025
An HPE StoreOnce vulnerability allows attackers to bypass authentication, potentially leading to remote code execution.
The post HPE Patches Critical Vulnerability in StoreOnce appeared first on SecurityWeek.
06 June 2025
A reward is being offered for Maxim Alexandrovich Rudometov, who is accused of developing and managing the RedLine malware.
The post US Offering $10 Million Reward for RedLine Malware Developer appeared first on SecurityWeek.
06 June 2025
A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos.
"The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the administrative console, that was then used to issue malicious commands and deploy PathWiper across
06 June 2025
As cloud infrastructure increases in complexity, security teams are having difficulty keeping pace.
05 June 2025
Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of proxy and anonymity services nested at some of America's largest Internet service providers (ISPs).
05 June 2025
Censys researchers follow some clues and find hundreds of control-room dashboards for US water utilities on the public internet.
The post Misconfigured HMIs Expose US Water Systems to Anyone with a Browser appeared first on SecurityWeek.
05 June 2025
Harrods, Marks & Spencer, Adidas and more — why are retailers facing this wave of cyberattacks in recent months?
05 June 2025
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks.
"Several widely used extensions [...] unintentionally transmit sensitive data over simple HTTP," Yuanjing Guo, a security researcher in the Symantec's Security Technology and Response
05 June 2025
The threat actor known as Bitter has been assessed to be a state-backed hacking group that's tasked with gathering intelligence that aligns with the interests of the Indian government.
That's according to new findings jointly published by Proofpoint and Threatray in an exhaustive two-part analysis.
"Their diverse toolset shows consistent coding patterns across malware families, particularly in
05 June 2025
A threat actor has been creating backdoored open source malware repositories to target novice cybercriminals and game cheaters.
The post Backdoored Open Source Malware Repositories Target Novice Cybercriminals appeared first on SecurityWeek.
05 June 2025
Cellebrite and Corellium, whose names have been mentioned in spyware stories, are joining forces to provide advanced investigative solutions.
The post Controversial Firms Cellebrite and Corellium Announce $200 Million Acquisition Deal appeared first on SecurityWeek.