Latest Cybersecurity News and Articles


Industry Moves for the week of February 10, 2025 - SecurityWeek

10 February 2025
Explore industry moves and significant changes in the industry for the week of February 10, 2025. Stay updated with the latest industry trends and shifts.

Lawmakers propose DeepSeek ban on government devices

10 February 2025
A bipartisan congressional bill has been proposed, which would prohibit the use of DeepSeek on government devices.

XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells

10 February 2025
Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrime

Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection

08 February 2025
Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of the file," ReversingLabs researcher Karlo Zanki said in a report shared with The Hacker News. "

Teen on Musk’s DOGE Team Graduated from ‘The Com’

07 February 2025
Wired reported this week that a 19-year-old working for Elon Musk's so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today's story explores, the DOGE teen is a former denizen of 'The Com,' an archipelago of Discord and Telegram chat channels that function as a kind of distributed cybercriminal social network for facilitating instant collaboration.

ThreatMate Raises $3.2 Million for Attack Surface Management Platform

07 February 2025
ThreatMate has raised $3.2 million in seed funding for its AI-powered attack surface management solution for MSPs. The post ThreatMate Raises $3.2 Million for Attack Surface Management Platform appeared first on SecurityWeek.

59% insurance sector breaches caused by third parties

07 February 2025
A review of breach histories of the top 150 insurance companies worldwide reveals 59% included third-party attack vectors.

DeepSeek App Transmits Sensitive User and Device Data Without Encryption

07 February 2025
A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks. The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and

Deepseek-impersonating malware is stealing data, research finds

07 February 2025
The emergence of DeepSeek has led to malicious actors attempting to exploit its prominence.

In Other News: Cybersecurity Salaries, NanoLock Collapse, NSO Transparency Report

07 February 2025
Noteworthy stories that might have slipped under the radar: NanoLock Security ceases operations, NSO publishes transparency report, cybersecurity salaries data.   The post In Other News: Cybersecurity Salaries, NanoLock Collapse, NSO Transparency Report appeared first on SecurityWeek.

Information of 883,000 Stolen in Crippling Attack on Hospital Sisters Health System

07 February 2025
Hospital Sisters Health System says the personal information of 883,000 individuals was compromised in a 2023 crippling cyberattack. The post Information of 883,000 Stolen in Crippling Attack on Hospital Sisters Health System appeared first on SecurityWeek.

CISA Warns of Active Exploitation in Trimble Cityworks Vulnerability Leading to IIS RCE

07 February 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution. "This could

UK Engineering Giant IMI Hit by Cyberattack

07 February 2025
UK engineering firm IMI says it suffered a cyberattack that resulted in unauthorized access to some of its systems. The post UK Engineering Giant IMI Hit by Cyberattack appeared first on SecurityWeek.

430,000 Impacted by Data Breaches at New York, Pennsylvania Healthcare Organizations

07 February 2025
University Diagnostic Medical Imaging and Allegheny Health Network have disclosed data breaches impacting approximately 430,000 patients. The post 430,000 Impacted by Data Breaches at New York, Pennsylvania Healthcare Organizations appeared first on SecurityWeek.

Ransomware Payments Dropped to $813 Million in 2024

07 February 2025
An analysis by Chainalysis shows that ransomware payments dropped to $813 million in 2024, from $1.25 billion in 2023.  The post Ransomware Payments Dropped to $813 Million in 2024 appeared first on SecurityWeek.

AI-Powered Social Engineering: Reinvented Threats

07 February 2025
The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It’s the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution.  This article explores how these changes are impacting business, and how cybersecurity leaders can respond. Impersonation attacks:

Microsoft Identifies 3,000+ Publicly Disclosed ASP.NET Machine Keys Vulnerable to Code Injection

07 February 2025
Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers' pathway. The tech giant's threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET

India’s RBI Introduces Exclusive "bank.in" Domain to Combat Digital Banking Fraud

07 February 2025
India's central bank, the Reserve Bank of India (RBI), said it's introducing an exclusive "bank.in" internet domain for banks in the country to combat digital financial fraud. "This initiative aims to reduce cyber security threats and malicious activities like phishing; and, streamline secure financial services, thereby enhancing trust in digital banking and payment services," the RBI said in a

Trimble Cityworks Customers Warned of Zero-Day Exploitation

07 February 2025
Trimble Cityworks is affected by a zero-day vulnerability that has been exploited in attacks involving the delivery of malware. The post Trimble Cityworks Customers Warned of Zero-Day Exploitation appeared first on SecurityWeek.

Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware

07 February 2025
Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp's Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a