Latest Cybersecurity News and Articles
30 September 2025
Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously undocumented China-aligned nation-state actor dubbed Phantom Taurus over the past two-and-a-half years.
"Phantom Taurus' main focus areas include ministries of foreign affairs, embassies, geopolitical events, and military operations," Palo Alto Networks Unit 42
30 September 2025
This online event is expected to attract more than 2,500 attendee registrations from around the world.
The post Call for Presentations Open for 2025 CISO Forum Virtual Summit appeared first on SecurityWeek.
30 September 2025
Researchers found more methods for tricking an AI assistant into aiding sensitive data theft.
The post Google Patches Gemini AI Hacks Involving Poisoned Logs, Search Results appeared first on SecurityWeek.
30 September 2025
Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft.
"They made Gemini vulnerable to search-injection attacks on its Search Personalization Model; log-to-prompt injection attacks against Gemini Cloud
30 September 2025
Microsoft on Tuesday unveiled the expansion of its Sentinel Security Incidents and Event Management solution (SIEM) as a unified agentic platform with the general availability of the Sentinel data lake.
In addition, the tech giant said it's also releasing a public preview of Sentinel Graph and Sentinel Model Context Protocol (MCP) server.
"With graph-based context, semantic access, and agentic
30 September 2025
Mondoo has raised more than $32 million in total, with the latest funding round led by HV Capital.
The post Mondoo Raises $17.5 Million for Vulnerability Management Platform appeared first on SecurityWeek.
30 September 2025
Flynn has been DeepMind’s VP of security since May 2024. Before then he had been a CISO with Amazon, CISO at Uber, and director of information security at Facebook.
The post CISO Conversations: John ‘Four’ Flynn, VP of Security at Google DeepMind appeared first on SecurityWeek.
30 September 2025
Agencies in several countries have created guidance titled ‘Creating and Maintaining a Definitive View of Your OT Architecture’.
The post New Guidance Calls on OT Operators to Create Continually Updated System Inventory appeared first on SecurityWeek.
30 September 2025
The Transparency in Frontier Artificial Intelligence Act (TFAIA) requires AI companies to implement and disclose publicly safety protocols to prevent their most advanced models from being used to cause major harm.
The post California Gov. Gavin Newsom Signs Bill Creating AI Safety Measures appeared first on SecurityWeek.
30 September 2025
The flaws could allow attackers to escalate privileges, manipulate notifications, and enumerate usernames.
The post High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter appeared first on SecurityWeek.
30 September 2025
The Problem: Legacy SOCs and Endless Alert Noise
Every SOC leader knows the feeling: hundreds of alerts pouring in, dashboards lighting up like a slot machine, analysts scrambling to keep pace. The harder they try to scale people or buy new tools, the faster the chaos multiplies. The problem is not just volume; it is the model itself. Traditional SOCs start with rules, wait for alerts to fire,
30 September 2025
Webinar: How do you embrace AI’s potential while defending against its threats?
The post Webinar Today: AI and the Trust Dilemma: Balancing Innovation and Risk appeared first on SecurityWeek.
30 September 2025
A newly patched security flaw impacting Broadcom VMware Tools and VMware Aria Operations has been exploited in the wild as a zero-day since mid-October 2024 by a threat actor called UNC5174, according to NVISO Labs.
The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), a local privilege escalation bug affecting the following versions -
VMware Cloud Foundation 4.x and 5.x
VMware
30 September 2025
The vulnerability could lead to a denial-of-service condition or memory corruption when a malicious font is processed.
The post Apple Updates iOS and macOS to Prevent Malicious Font Attacks appeared first on SecurityWeek.
30 September 2025
The incident has resulted in a system failure that impacted orders and shipments in Japan, and call center operations.
The post Cyberattack on Beer Giant Asahi Disrupts Production appeared first on SecurityWeek.
30 September 2025
Cybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover (DTO) attacks and perform fraudulent transactions by preying on the elderly.
Dutch mobile security company ThreatFabric said it discovered the campaign in August 2025 after users in Australia reported scammers managing Facebook groups promoting "active senior
30 September 2025
The vulnerability could allow local, low-privileged attackers to execute commands with root privileges, leading to full system compromise.
The post Organizations Warned of Exploited Sudo Vulnerability appeared first on SecurityWeek.
30 September 2025
The world of enterprise technology is undergoing a dramatic shift. Gen-AI adoption is accelerating at an unprecedented pace, and SaaS vendors are embedding powerful LLMs directly into their platforms. Organizations are embracing AI-powered applications across every function, from marketing and development to finance and HR. This transformation unlocks innovation and efficiency, but it also
30 September 2025
A Chinese national has been convicted for her role in a fraudulent cryptocurrency scheme after law enforcement authorities in the U.K. confiscated £5.5 billion (about $7.39 billion) during a raid of her home in London.
The cryptocurrency seizure, amounting to 61,000 Bitcoin, is believed to be the single largest such effort in the world, the Metropolitan Police said.
Zhimin Qian (aka Yadi Zhang),
30 September 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to