Latest Cybersecurity News and Articles
29 September 2025
The CISA is set to expire on September 30, 2025, raising urgent questions about risk, politics, and the future of threat intelligence.
The post The Cybersecurity Information Sharing Act Faces Expiration appeared first on SecurityWeek.
29 September 2025
Threat actors have been observed using seemingly legitimate artificial intelligence (AI) tools and software to sneakily slip malware for future attacks on organizations worldwide.
According to Trend Micro, the campaign is using productivity or AI-enhanced tools to deliver malware targeting various regions, including Europe, the Americas, and the Asia, Middle East, and Africa (AMEA) region.
29 September 2025
WestJet, an Alberta Partnership and Canadian commercial airline headquartered in Calgary, Alberta has notified United States residents of a recent cybersecurity incident that may affect certain individuals' personal information.
29 September 2025
Cybersecurity never stops—and neither do hackers. While you wrapped up last week, new attacks were already underway.
From hidden software bugs to massive DDoS attacks and new ransomware tricks, this week’s roundup gives you the biggest security moves to know. Whether you’re protecting key systems or locking down cloud apps, these are the updates you need before making your next security
29 September 2025
Security leaders are embracing AI for triage, detection engineering, and threat hunting as alert volumes and burnout hit breaking points.
A comprehensive survey of 282 security leaders at companies across industries reveals a stark reality facing modern Security Operations Centers: alert volumes have reached unsustainable levels, forcing teams to leave critical threats uninvestigated. You can
29 September 2025
The government has announced a support package, but a cybersecurity expert has raised some concerns.
The post Cyberattack on JLR Prompts £1.5 Billion UK Government Intervention appeared first on SecurityWeek.
29 September 2025
Co-founder Hector Monsegur, formerly known as “Sabu,” a black hat hacker and leader of LulzSec, now serves as SafeHill’s chief research officer.
The post SafeHill Emerges from Stealth With $2.6 Million Pre-Seed Funding appeared first on SecurityWeek.
29 September 2025
One of the two 17-year-old boys allegedly walked by law enforcement and embassy offices carrying a Wi-Fi sniffer.
The post Dutch Teens Arrested for Allegedly Helping Russian Hackers appeared first on SecurityWeek.
29 September 2025
In one attack, the hackers leveraged the Datto RMM utility on a domain controller and various other legitimate tools to evade detection.
The post Akira Ransomware’s Exploitation of SonicWall Vulnerability Continues appeared first on SecurityWeek.
29 September 2025
Microsoft is calling attention to a new phishing campaign primarily aimed at U.S.-based organizations that has likely utilized code generated using large language models (LLMs) to obfuscate payloads and evade security defenses.
"Appearing to be aided by a large language model (LLM), the activity obfuscated its behavior within an SVG file, leveraging business terminology and a synthetic structure
29 September 2025
Cybersecurity researchers have discovered what has been described as the first-ever instance of a Model Context Protocol (MCP) server spotted in the wild, raising software supply chain risks.
According to Koi Security, a legitimate-looking developer managed to slip in rogue code within an npm package called "postmark-mcp" that copied an official Postmark Labs library of the same name. The
28 September 2025
Four people were arrested in July on suspicion of their involvement in cyberattacks against Harrods and two other leading British retail chains, Marks & Spencer and the Co-op and Harrods.
The post British Department Store Harrods Warns Customers That Some Personal Details Taken in Data Breach appeared first on SecurityWeek.
27 September 2025
Telecommunications and manufacturing sectors in Central and South Asian countries have emerged as the target of an ongoing campaign distributing a new variant of a known malware called PlugX (aka Korplug or SOGU).
"The new variant's features overlap with both the RainyDay and Turian backdoors, including abuse of the same legitimate applications for DLL side-loading, the
26 September 2025
A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader, which is then used to drop Amatera Stealer and PureMiner.
"The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments," Fortinet FortiGuard Labs researcher Yurren Wan said in a report shared with The
26 September 2025
Other noteworthy stories that might have slipped under the radar: Co-op lost £206 million due to cyberattack, South Korean credit card company hacked, Maryland Transit Administration ransomware attack.
The post In Other News: LockBit 5.0, Department of War Cybersecurity Framework, OnePlus Vulnerability appeared first on SecurityWeek.
26 September 2025
The operation took place in July and August and focused on scams in which perpetrators build online romantic relationships to extract money from targets or blackmail them with explicit images, Interpol said.
The post Interpol Says 260 Suspects in Online Romance Scams Have Been Arrested in Africa appeared first on SecurityWeek.
26 September 2025
The Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed to deliver two new "lightweight" malware families tracked as BAITSWITCH and SIMPLEFIX.
Zscaler ThreatLabz, which detected the new multi-stage ClickFix campaign earlier this month, described BAITSWITCH as a downloader that ultimately drops SIMPLEFIX, a
26 September 2025
Microsoft has disabled services to a unit within the Israeli military after a company review had determined its AI and cloud computing products were being used to help carry out mass surveillance of Palestinians.
The post Microsoft Reduces Israel’s Access to Cloud and AI Products Over Reports of Mass Surveillance in Gaza appeared first on SecurityWeek.
26 September 2025
North Korean threat actors pose as recruiters to steal developers’ identities and supply them to fraudulent IT workers.
The post North Korea’s Fake Recruiters Feed Stolen Data to IT Workers appeared first on SecurityWeek.
26 September 2025
Car makers don’t trust blueprints. They smash prototypes into walls. Again and again. In controlled conditions.
Because design specs don’t prove survival. Crash tests do. They separate theory from reality. Cybersecurity is no different. Dashboards overflow with “critical” exposure alerts. Compliance reports tick every box.
But none of that proves what matters most to a CISO:
The