Latest Cybersecurity News and Articles
09 October 2025
Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, and take control of susceptible sites.
The authentication bypass vulnerability, tracked as CVE-2025-5947 (CVSS score: 9.8), affects the Service Finder Bookings, a WordPress plugin bundled with the
08 October 2025
Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites.
"Site visitors get injected content that was drive-by malware like fake Cloudflare verification," Sucuri researcher Puja Srivastava said in an analysis published last week.
The website security company
08 October 2025
From defending AI agents to teaching robots to move safely, finalists at this year’s DataTribe Challenge are charting the next frontier in cybersecurity innovation.
The post AI Takes Center Stage at DataTribe’s Cyber Innovation Day appeared first on SecurityWeek.
08 October 2025
How security posture management for AI can protect against model poisoning, excessive agency, jailbreaking and other LLM risks.
The post Will AI-SPM Become the Standard Security Layer for Safe AI Adoption? appeared first on SecurityWeek.
08 October 2025
In this episode of Lock It Down with Security Magazine, Associate Editor Taelor Sutherland speaks with Chetrice Romero, a senior cybersecurity advisor at Ice Miller.
08 October 2025
Join the virtual event we dive into the world of digital identity management and the role of zero-trust principles and associated technologies.
The post Virtual Event Today: Zero Trust & Identity Strategies Summit appeared first on SecurityWeek.
08 October 2025
Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to targets.
The activity, observed by cybersecurity company Huntress in August 2025, is characterized by the use of an unusual technique called log poisoning (aka log injection) to plant a web shell on a web
08 October 2025
The new product is called CodeMender and it can rewrite vulnerable code to prevent future exploits.
The post Google DeepMind’s New AI Agent Finds and Fixes Vulnerabilities appeared first on SecurityWeek.
08 October 2025
The company has updated the program’s scope and has combined the rewards for abuse and security issues into a single table.
The post Google Offers Up to $20,000 in New AI Bug Bounty Program appeared first on SecurityWeek.
08 October 2025
Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape.
The coalition is seen as an attempt on the part of the financially motivated threat actors to conduct more effective ransomware attacks, ReliaQuest said in a report shared with The Hacker News.
"Announced shortly
08 October 2025
Every year, weak passwords lead to millions in losses — and many of those breaches could have been stopped.
Attackers don’t need advanced tools; they just need one careless login.
For IT teams, that means endless resets, compliance struggles, and sleepless nights worrying about the next credential leak.
This Halloween, The Hacker News and Specops Software invite you to a live webinar: “
08 October 2025
The hackers are believed to have stolen over $6 billion for the Pyongyang regime, financing its military programs.
The post North Korean Hackers Have Stolen $2 Billion in Cryptocurrency in 2025 appeared first on SecurityWeek.
08 October 2025
Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution.
The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker can
08 October 2025
Radiflow360 provides enhanced visibility, risk management, and incident response capabilities for mid-sized industrial enterprises.
The post Radiflow Unveils New OT Security Platform appeared first on SecurityWeek.
08 October 2025
The hackers claim the theft of 27 gigabytes of data, including contracts, employee information, and financial documents.
The post Ransomware Group Claims Attack on Beer Giant Asahi appeared first on SecurityWeek.
08 October 2025
Hackers accessed user accounts and compromised names, addresses, phone numbers, email addresses, and other information.
The post DraftKings Warns Users of Credential Stuffing Attacks appeared first on SecurityWeek.
08 October 2025
Hundreds of internet-exposed Oracle E-Business Suite instances may still be vulnerable to attacks.
The post Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching appeared first on SecurityWeek.
08 October 2025
OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development.
This includes a Russian‑language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan (RAT), a credential stealer with an aim to evade detection. The operator also used several ChatGPT accounts to
08 October 2025
Most organizations today aren’t short on alerts. The real problem is what comes next.
07 October 2025
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord user data, and for stealing terabytes of sensitive files from thousands of customers of the enterprise software maker Red Hat.