Latest Cybersecurity News and Articles
05 May 2025
Most organizations are unprepared for the era of quantum computing.
05 May 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw impacting Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog, a little over a week after it was publicly disclosed.
The vulnerability in question is CVE-2025-34028 (CVSS score: 10.0), a path traversal bug that affects 11.38 Innovation Release, from versions
05 May 2025
The proposed $491 million cut is being positioned as a “refocusing”of CISA on its core mission “while eliminating weaponization and waste.”
The post White House Proposal Slashes Half-Billion from CISA Budget appeared first on SecurityWeek.
05 May 2025
The new investment values Doppel at $205 million and provides runway to meet enterprise demand for AI-powered threat detection tools.
The post Doppel Banks $35M for AI-Based Digital Risk Protection appeared first on SecurityWeek.
05 May 2025
Kelly Benefits has determined that the impact of the recently disclosed data breach is much bigger than initially believed.
The post Kelly Benefits Data Breach Impact Grows to 400,000 Individuals appeared first on SecurityWeek.
05 May 2025
CISA has flagged a critical-severity Commvault vulnerability as exploited one week after technical details were released.
The post Critical Commvault Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.
05 May 2025
A 25-year-old has admitted hacking Disney systems and leaking data under the guise of a hacktivist collective named NullBulge.
The post Man Admits Hacking Disney and Leaking Data Disguised as Hacktivist appeared first on SecurityWeek.
05 May 2025
What if attackers aren't breaking in—they're already inside, watching, and adapting?
This week showed a sharp rise in stealth tactics built for long-term access and silent control. AI is being used to shape opinions. Malware is hiding inside software we trust. And old threats are returning under new names. The real danger isn’t just the breach—it’s not knowing who’s still lurking in your
05 May 2025
The DragonForce ransomware group has claimed responsibility for the recent cyberattacks on UK retailers Co-op, Harrods, and M&S.
The post Ransomware Group Claims Attacks on UK Retailers appeared first on SecurityWeek.
05 May 2025
Let’s be honest: if you're one of the first (or the first) security hires at a small or midsize business, chances are you're also the unofficial CISO, SOC, IT Help Desk, and whatever additional roles need filling. You’re not running a security department. You are THE security department. You're getting pinged about RFPs in one area, and reviewing phishing alerts in another, all while sifting
05 May 2025
PoC code targeting two exploited SonicWall flaws was published just CISA added them to the KEV catalog.
The post PoC Published for Exploited SonicWall Vulnerabilities appeared first on SecurityWeek.
05 May 2025
Thirty-one cybersecurity merger and acquisition (M&A) deals were announced in April 2025.
The post Cybersecurity M&A Roundup: 31 Deals Announced in April 2025 appeared first on SecurityWeek.
05 May 2025
EU privacy watchdog fined TikTok $600 million after a four-year investigation found that data transfers to China put users at risk of spying, in breach of strict EU data privacy rules.
The post TikTok Fined $600 Million for China Data Transfers That Broke EU Privacy Rules appeared first on SecurityWeek.
05 May 2025
The threat actors known as Golden Chickens have been attributed to two new malware families dubbed TerraStealerV2 and TerraLogger, suggesting continued development efforts to fine-tune and diversify their arsenal.
"TerraStealerV2 is designed to collect browser credentials, cryptocurrency wallet data, and browser extension information," Recorded Future Insikt Group said. "TerraLogger, by contrast
05 May 2025
APTs focusing on the United States increased by 136%.
03 May 2025
Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system's primary disk and render it unbootable.
The names of the packages are listed below -
github[.]com/truthfulpharm/prototransform
github[.]com/blankloggia/go-mcp
github[.]com/steelpoor/tlsproxy
"Despite appearing legitimate,
03 May 2025
An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years.
The activity, which lasted from at least May 2023 to February 2025, entailed "extensive espionage operations and suspected network prepositioning – a tactic often used to maintain persistent access for future
03 May 2025
The U.S. Department of Justice (DoJ) on Thursday announced charges against a 36-year-old Yemeni national for allegedly deploying the Black Kingdom ransomware against global targets, including businesses, schools, and hospitals in the United States.
Rami Khaled Ahmed of Sana'a, Yemen, has been charged with one count of conspiracy, one count of intentional damage to a protected computer, and one
02 May 2025
Apple has issued threat notifications to select individuals who it believes may have been targeted by mercenary spyware attacks.
02 May 2025
The US government says defense contractor Raytheon and Nightwing agreed to pay $8.4 million to settle False Claims Act allegations.
The post Raytheon, Nightwing to Pay $8.4 Million in Settlement Over Cybersecurity Failures appeared first on SecurityWeek.