Latest Cybersecurity News and Articles
30 October 2025
The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs.
AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration testing. While the server component is written in Golang, the GUI Client is written in C++ QT for
30 October 2025
Spektrum Labs has raised $10 million in seed funding for its cyber resilience platform.
The post Spektrum Labs Emerges From Stealth to Help Companies Prove Resilience appeared first on SecurityWeek.
30 October 2025
A severe vulnerability disclosed in Chromium's Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds.
Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash.
"It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations are managed," Pino said in a
30 October 2025
The company will expand its product offering, establish global headquarters in Boston, and fuel growth and go-to-market efforts.
The post Reflectiz Raises $22 Million for Website Security Solution appeared first on SecurityWeek.
30 October 2025
The hackers stole names, addresses, dates of birth, Social Security numbers, and health and insurance information.
The post Millions Impacted by Conduent Data Breach appeared first on SecurityWeek.
30 October 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 30, 2025 – Read the full story in Forbes Cybersecurity Ventures predicts that the world will store 200 zettabytes of data in 2025. Half of enterprise data will be produced and processed at
The post The Edge Is A Hacker’s Delight, A Dream Come True For Cybercriminals appeared first on Cybercrime Magazine.
30 October 2025
Ribbon Communications provides technology for communications networks and its customers include the US government and major telecom firms.
The post Major US Telecom Backbone Firm Hacked by Nation-State Actors appeared first on SecurityWeek.
30 October 2025
Security doesn’t fail at the point of breach. It fails at the point of impact.
That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It's about proof.
When a new exploit drops, scanners scour the internet in minutes. Once attackers gain a foothold,
30 October 2025
The Canadian Centre for Cyber Security has warned CISOs that hacktivists are increasingly targeting internet-exposed ICS.
The post Canada Says Hackers Tampered With ICS at Water Facility, Oil and Gas Firm appeared first on SecurityWeek.
30 October 2025
The packages deployed malicious code harvesting system information, credentials, tokens, API keys, and other sensitive information.
The post 136 NPM Packages Delivering Infostealers Downloaded 100,000 Times appeared first on SecurityWeek.
30 October 2025
The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering.
This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s
30 October 2025
Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers' machines.
The campaign has been codenamed PhantomRaven by Koi Security. The activity is assessed to have begun in August 2025, when the first
30 October 2025
Peter Williams stole trade secrets from his US employer and sold them to a Russian cybersecurity tools broker.
The post Former US Defense Contractor Executive Admits to Selling Exploits to Russia appeared first on SecurityWeek.
29 October 2025
Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and Mozi.
"These automated campaigns exploit known CVE vulnerabilities and cloud misconfigurations to gain control over exposed systems and expand botnet networks," the Qualys Threat Research Unit (TRU) said in a report
29 October 2025
Cybersecurity researchers have flagged a new security issue in agentic web browsers like OpenAI ChatGPT Atlas that exposes underlying artificial intelligence (AI) models to context poisoning attacks.
In the attack devised by AI security company SPLX, a bad actor can set up websites that serve different content to browsers and AI crawlers run by ChatGPT and Perplexity. The technique has been
29 October 2025
MITRE has unveiled the latest version of ATT&CK, with the most significant changes in the defensive part of the framework.
The post MITRE Unveils ATT&CK v18 With Updates to Detections, Mobile, ICS appeared first on SecurityWeek.
29 October 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 29, 2025 – Watch the YouTube video The Women in Cybersecurity Report, a 2-minute video hosted by Cybercrime Magazine Deputy Editor Amanda Glassner, highlights the latest breakthroughs, voices, and stories from women leading
The post Women In Cybersecurity Report, Fall 2025 appeared first on Cybercrime Magazine.
29 October 2025
Polygraf AI has developed proprietary small language model (SLM) technology designed to help organizations mitigate AI risks.
The post AI Security Firm Polygraf Raises $9.5 Million in Seed Funding appeared first on SecurityWeek.
29 October 2025
BeyondTrust’s annual cybersecurity predictions point to a year where old defenses will fail quietly, and new attack vectors will surge.
Introduction
The next major breach won’t be a phished password. It will be the result of a massive, unmanaged identity debt. This debt takes many forms: it’s the “ghost” identity from a 2015 breach lurking in your IAM, the privilege sprawl from thousands of new
29 October 2025
Organizations in Ukraine have been targeted by threat actors of Russian origin with an aim to siphon sensitive data and maintain persistent access to compromised networks.
The activity, according to a new report from the Symantec and Carbon Black Threat Hunter Team, targeted a large business services organization for two months and a local government entity in the country for a week.
The attacks