Latest Cybersecurity News and Articles
03 June 2025
In the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the severity of the disruption caused — currently looking like hundreds of millions in lost profits for M&S alone.
This coverage is extremely valuable for the cybersecurity community as it raises
03 June 2025
Covered organizations in Australia are now required to report ransomware and other cyber extortion payments within three days.
The post Australia Enforces Ransomware Payment Reporting appeared first on SecurityWeek.
03 June 2025
A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America.
The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victim's contacts list.
"Recent
03 June 2025
Reported by the Google Threat Analysis Group, the vulnerability might have been exploited by commercial spyware.
The post Google Researchers Find New Chrome Zero-Day appeared first on SecurityWeek.
03 June 2025
Microsoft and CrowdStrike are running a project that aims to align threat actor names, and Google and Palo Alto Networks will also contribute.
The post Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names appeared first on SecurityWeek.
03 June 2025
Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed over the past year."
The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version is 137.
The update will affect all Transport Layer Security (TLS)
03 June 2025
Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping.
"By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence," Vasu Jakkal, corporate vice president at Microsoft
03 June 2025
Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild.
The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine.
"Out-of-bounds read and write in V8 in Google
02 June 2025
Luxury brand Cartier disclosed a data breach in which an unauthorized party gained access to its systems and obtained some client information.
The post Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed appeared first on SecurityWeek.
02 June 2025
Cybersecurity researchers have discovered a new cryptojacking campaign that's targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies.
Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations and
02 June 2025
AI emerges as the top concern for security leaders, surpassing concerns of ransomware.
02 June 2025
Cryptocurrency mining operation hits exposed Consul dashboards, Docker Engine APIs and Gitea code-hosting instances to push Monero miner.
The post Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure appeared first on SecurityWeek.
02 June 2025
Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application.
A brief description of the three flaws is as follows -
CVE-2024-13915 (CVSS score: 6.9) - A pre-installed "com.pri.factorytest" application on Ulefone and
02 June 2025
Chipmaker says there are indications from Google Threat Analysis Group that a trio of flaws “may be under limited, targeted exploitation.”
The post Qualcomm Flags Exploitation of Adreno GPU Flaws, Urges OEMs to Patch Urgently appeared first on SecurityWeek.
02 June 2025
Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild.
The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below -
CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6) - Two incorrect authorization vulnerabilities in the Graphics
02 June 2025
Exploitation of the vBulletin vulnerability tracked as CVE-2025-48827 and CVE-2025-48828 started shortly after disclosure.
The post vBulletin Vulnerability Exploited in the Wild appeared first on SecurityWeek.
02 June 2025
Victoria’s Secret took down its United States website after a security incident.
02 June 2025
If this had been a security drill, someone would’ve said it went too far. But it wasn’t a drill—it was real. The access? Everything looked normal. The tools? Easy to find. The detection? Came too late.
This is how attacks happen now—quiet, convincing, and fast. Defenders aren’t just chasing hackers anymore—they’re struggling to trust what their systems are telling them.
The problem isn’t too
02 June 2025
Patterns of concerning behavior led Google to remove trust in certificates from Chunghwa Telecom and Netlock from Chrome.
The post Chrome to Distrust Chunghwa Telecom and Netlock Certificates appeared first on SecurityWeek.
02 June 2025
The evolution of cyber threats has forced organizations across all industries to rethink their security strategies. As attackers become more sophisticated — leveraging encryption, living-off-the-land techniques, and lateral movement to evade traditional defenses — security teams are finding more threats wreaking havoc before they can be detected. Even after an attack has been identified, it can