Latest Cybersecurity News and Articles
25 September 2025
Latest malware analysis report helps organisations detect and mitigate malicious activity targeting certain Cisco devices.
25 September 2025
Despite a coordinated investment of time, effort, planning, and resources, even the most up-to-date cybersecurity systems continue to fail. Every day. Why?
It’s not because security teams can't see enough. Quite the contrary. Every security tool spits out thousands of findings. Patch this. Block that. Investigate this. It's a tsunami of red dots that not even the most crackerjack team on
25 September 2025
/* ===== Container ===== */
.td-wrap {}
/* ===== Section ===== */
.td-section {
}
.td-title { margin: 16px 0 4px; font-size: 32px; line-height: 1.2; font-weight: 800; }
.td-subtitle { margin: 0 0 24px; color: #64748b; font-size: 16px; }
/* ===== Timeline ===== */
.td-timeline { position: relative; margin: 0 !important;padding: 0!important; list-style: none; }
/* spine */
.td-timeline:before {
25 September 2025
Google’s Threat Intelligence Group and Mandiant have shared findings on a recent BrickStorm campaign linked to UNC5221.
The post Chinese Spies Lurked in Networks for 393 Days, Hunted for Zero-Day Intel appeared first on SecurityWeek.
25 September 2025
New framework from the Cloud Security Alliance helps SaaS customers navigate the shared responsibility model with confidence.
The post CSA Unveils SaaS Security Controls Framework to Ease Complexity appeared first on SecurityWeek.
25 September 2025
The latest Gcore Radar report analyzing attack data from Q1–Q2 2025, reveals a 41% year-on-year increase in total attack volume. The largest attack peaked at 2.2 Tbps, surpassing the 2 Tbps record in late 2024. Attacks are growing not only in scale but in sophistication, with longer durations, multi-layered strategies, and a shift in target industries. Technology now overtakes gaming as the most
25 September 2025
The Miljödata data breach has impacted numerous organizations, education institutions, and Swedish municipalities.
The post Volvo Group Employee Data Stolen in Ransomware Attack appeared first on SecurityWeek.
25 September 2025
The security defect allows remote attackers with administrative privileges to execute arbitrary code as the root user.
The post Cisco Patches Zero-Day Flaw Affecting Routers and Switches appeared first on SecurityWeek.
25 September 2025
Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and Ethereum wallet keys from source code.
The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased on May 25, 2025, amassing 8,424 downloads in total, according to software supply chain
25 September 2025
Cisco has warned of a high-severity security flaw in IOS Software and IOS XE Software that could allow a remote attacker to execute arbitrary code or trigger a denial-of-service (DoS) condition under specific circumstances.
The company said the vulnerability, CVE-2025-20352 (CVSS score: 7.7), has been exploited in the wild, adding it became aware of it "after local Administrator credentials were
25 September 2025
More than 5 million records were exposed in an online database.
24 September 2025
A suspected cyber espionage activity cluster that was previously found targeting global government and private sector organizations spanning Africa, Asia, North America, South America, and Oceania has been assessed to be a Chinese state-sponsored threat actor.
Recorded Future, which was tracking the activity under the moniker TAG-100, has now graduated it to a hacking group dubbed RedNovember.
24 September 2025
Companies in the legal services, software-as-a-service (SaaS) providers, Business Process Outsourcers (BPOs), and technology sectors in the U.S. have been targeted by a suspected China-nexus cyber espionage group to deliver a known backdoor referred to as BRICKSTORM.
The activity, attributed to UNC5221 and closely related, suspected China-nexus threat clusters, is designed to facilitate
24 September 2025
Boyd Gaming has informed the SEC about a data breach affecting the information of employees and other individuals.
The post Hackers Target Casino Operator Boyd Gaming appeared first on SecurityWeek.
24 September 2025
Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the system to artificial intelligence (AI) model tampering and supply chain risks.
The critical-rated vulnerabilities in question, discovered by Trend Micro, are listed below -
CVE-2025-10643 (CVSS score: 9.1) - An authentication bypass vulnerability that
24 September 2025
The hackers remained undetected for three weeks, deploying China Chopper, remote access scripts, and reconnaissance tools.
The post GeoServer Flaw Exploited in US Federal Agency Hack appeared first on SecurityWeek.
24 September 2025
Cybersecurity researchers believe the attack on Collins Aerospace involved a piece of ransomware known as HardBit.
The post European Airport Cyberattack Linked to Obscure Ransomware, Suspect Arrested appeared first on SecurityWeek.
24 September 2025
Most businesses don't make it past their fifth birthday - studies show that roughly 50% of small businesses fail within the first five years. So when KNP Logistics Group (formerly Knights of Old) celebrated more than a century and a half of operations, it had mastered the art of survival. For 158 years, KNP adapted and endured, building a transport business that operated 500 trucks
24 September 2025
U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and an alleged co-conspirator appeared in a London court to face accusations of hacking into and extorting several large U.K. retailers, the London transit system, and healthcare providers in the United States.
24 September 2025
Cybersecurity researchers have disclosed details of a new malware family dubbed YiBackdoor that has been found to share "significant" source code overlaps with IcedID and Latrodectus.
"The exact connection to YiBackdoor is not yet clear, but it may be used in conjunction with Latrodectus and IcedID during attacks," Zscaler ThreatLabz said in a Tuesday report. "YiBackdoor is able to execute