Latest Cybersecurity News and Articles

---

Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly

Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB Script) malware dubbed PROMPTFLUX that interacts with its Gemini artificial intelligence (AI) model API to write its own source code for improved obfuscation and evasion. "PROMPTFLUX is written in VBScript and interacts with Gemini's API to request specific VBScript obfuscation and

---

Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns

Google has released a report describing the novel ways in which malware has been using AI to adapt and evade detection. The post Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns appeared first on SecurityWeek.

---

Webinar Today: Scattered Spider Exposed – Critical Takeaways for Cyber Defenders

Get practical strategies to help minimize your risk exposure, including the need for identity threat detection and mitigation. The post Webinar Today: Scattered Spider Exposed – Critical Takeaways for Cyber Defenders appeared first on SecurityWeek.

---

Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data

Cybersecurity researchers have disclosed a new set of vulnerabilities impacting OpenAI's ChatGPT artificial intelligence (AI) chatbot that could be exploited by an attacker to steal personal information from users' memories and chat histories without their knowledge. The seven vulnerabilities and attack techniques, according to Tenable, were found in OpenAI's GPT-4o and GPT-5 models. OpenAI has

---

Royal Bank Of Canada’s CISO On The ‘Cyber Poverty Line’: Plan For The Worst

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 5, 2025 – Read the full story from Royal Bank of Canada According to Cybersecurity Ventures, cybercrime damage costs are predicted to exceed $10 trillion USD in 2025, making it the world’s The post Royal Bank Of Canada’s CISO On The ‘Cyber Poverty Line’: Plan For The Worst appeared first on Cybercrime Magazine.

---

Flare Raises $30 Million for Threat Exposure Management Platform

The company plans to advance its identity exposure management capabilities and pursue M&A opportunities. The post Flare Raises $30 Million for Threat Exposure Management Platform appeared first on SecurityWeek.

---

Armis Raises $435 Million in Pre-IPO Funding Round at $6.1 Billion Valuation

Armis recently surpassed $300 million in annual recurring revenue as it prepares for an IPO. The post Armis Raises $435 Million in Pre-IPO Funding Round at $6.1 Billion Valuation appeared first on SecurityWeek.

---

Malanta Emerges from Stealth with $10 Million Seed Funding

Malanta collects and analyzes digital breadcrumbs that attackers leave behind and then forecasts how and when they will be weaponized. The post Malanta Emerges from Stealth with $10 Million Seed Funding appeared first on SecurityWeek.

---

ConductorOne Raises $79 Million in Series B Funding

Leveraging AI, ConductorOne’s platform secures and manages millions of human, non-human, and AI identities. The post ConductorOne Raises $79 Million in Series B Funding appeared first on SecurityWeek.

---

Securing the Open Android Ecosystem with Samsung Knox

Raise your hand if you’ve heard the myth, “Android isn’t secure.” Android phones, such as the Samsung Galaxy, unlock new ways of working. But, as an IT admin, you may worry about the security—after all, work data is critical. However, outdated concerns can hold your business back from unlocking its full potential. The truth is, with work happening everywhere, every device connected to your

---

Exploited ‘Post SMTP’ Plugin Flaw Exposes WordPress Sites to Takeover 

The critical vulnerability allows attackers to read arbitrary emails, including password reset messages. The post Exploited ‘Post SMTP’ Plugin Flaw Exposes WordPress Sites to Takeover  appeared first on SecurityWeek.

---

Daylight Raises $33 Million for AI-Powered MDR Platform

The funding will fuel the development of Daylight’s security operations platform and the launch of new protection modules. The post Daylight Raises $33 Million for AI-Powered MDR Platform appeared first on SecurityWeek.

---

Nikkei Says 17,000 Impacted by Data Breach Stemming From Slack Account Hack

The Japanese media giant says compromised Slack credentials were used to steal employee and business partner information. The post Nikkei Says 17,000 Impacted by Data Breach Stemming From Slack Account Hack appeared first on SecurityWeek.

---

Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions

A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel. "UNK_SmudgedSerpent leveraged domestic political lures, including societal change in Iran and investigation into the

---

Portal26 Raises $9 Million for Gen-AI Adoption Platform

The gen-AI adoption management platform will invest the funds in accelerating growth and product innovations. The post Portal26 Raises $9 Million for Gen-AI Adoption Platform appeared first on SecurityWeek.

---

U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud

The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea's global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud. "North Korean state-sponsored hackers steal and launder money to fund the regime's nuclear weapons program," said Under Secretary of

---

Why SOC Burnout Can Be Avoided: Practical Steps

Behind every alert is an analyst; tired eyes scanning dashboards, long nights spent on false positives, and the constant fear of missing something big. It’s no surprise that many SOCs face burnout before they face their next breach. But this doesn’t have to be the norm. The path out isn’t through working harder, but through working smarter, together. Here are three practical steps every SOC can

---

US Sanctions North Korean Bankers Accused of Laundering Stolen Cryptocurrency

The United States on Tuesday imposed sanctions on a group of bankers, financial institutions and others accused of laundering money from cyber crime schemes — money the Treasury Department says helps pay for North Korea’s nuclear weapons program. Over the past three years, North Korean malware and social engineering schemes have diverted more than $3 […] The post US Sanctions North Korean Bankers Accused of Laundering Stolen Cryptocurrency appeared first on SecurityWeek.

---

CISA Warns of CWP Vulnerability Exploited in the Wild

A critical vulnerability in Control Web Panel (CWP), tracked as CVE-2025-48703, allows remote, unauthenticated command execution. The post CISA Warns of CWP Vulnerability Exploited in the Wild appeared first on SecurityWeek.

---

CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-11371 (CVSS score: 7.5) - A vulnerability in files or directories accessible to