Latest Cybersecurity News and Articles
09 December 2025
Four distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader, strengthening the previous assessment that the tool is offered to other threat actors under a malware-as-a-service (MaaS) model.
The threat actor behind CastleLoader has been assigned the name GrayBravo by Recorded Future's Insikt Group, which was previously tracking it as TAG-150.
09 December 2025
North Korean threat actors are believed to be behind CVE-2025-55182 exploitation delivering EtherRAT.
The post React2Shell Attacks Linked to North Korean Hackers appeared first on SecurityWeek.
09 December 2025
The funding round was led by KKR, with participation from Sixth Street Growth, TenEleven, and Carrick Capital Partners.
The post Identity Security Firm Saviynt Raises $700 Million at $3 Billion Valuation appeared first on SecurityWeek.
09 December 2025
NCSC raises alert on “dangerous” misunderstanding of emergent class of vulnerability in generative artificial intelligence (AI) applications.
09 December 2025
The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks.
"These methods allow them to bypass defenses, infiltrate networks, maintain persistence, and operate undetected, raising serious concerns for
09 December 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 9, 2025 – Read the full story from Wiz Due to their cascading effect, supply chain attacks are costlier than most, with vendors and customers both bearing the brunt. Global costs of
The post Global Costs of Software Supply Chain Attacks On The Rise appeared first on Cybercrime Magazine.
09 December 2025
The US seeks information on the leader of Emennet Pasargad, Mohammad Bagher Shirinkar, and long-time employee Fatemeh Sedighian Kashi.
The post US Posts $10 Million Bounty for Iranian Hackers appeared first on SecurityWeek.
09 December 2025
Enterprise cybersecurity giant Proofpoint has completed the acquisition of Germany-based Microsoft 365 security solutions provider Hornetsecurity. Financial details were not officially disclosed when news of the transaction came to light, but it was reported that Proofpoint would be paying $1 billion for its European competitor. SecurityWeek learned at the time that the deal size well […]
The post Proofpoint Completes $1.8 Billion Acquisition of Hornetsecurity appeared first on SecurityWeek.
09 December 2025
The botnet attempts to steal credentials from infected TBK DVR devices, in addition to abusing them to launch DDoS attacks.
The post New ‘Broadside’ Botnet Poses Risk to Shipping Companies appeared first on SecurityWeek.
09 December 2025
Zero Trust helps organizations shrink their attack surface and respond to threats faster, but many still struggle to implement it because their security tools don’t share signals reliably. 88% of organizations admit they’ve suffered significant challenges in trying to implement such approaches, according to Accenture. When products can’t communicate, real-time access decisions break down.
The
09 December 2025
Google on Monday announced a set of new security features in Chrome, following the company's addition of agentic artificial intelligence (AI) capabilities to the web browser.
To that end, the tech giant said it has implemented layered defenses to make it harder for bad actors to exploit indirect prompt injections that arise as a result of exposure to untrusted web content and inflict harm.
Chief
09 December 2025
The Italian startup will use the investment to build proprietary AI models, accelerate global expansion, and hire new talent.
The post Equixly Raises $11 Million for AI-Powered API Penetration Testing appeared first on SecurityWeek.
09 December 2025
Vitas, the largest for-profit hospice chain in the United States, discovered a cybersecurity intrusion in October.
The post Over 300,000 Individuals Impacted by Vitas Hospice Data Breach appeared first on SecurityWeek.
09 December 2025
Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a threat activity cluster known as STAC6565.
Cybersecurity company Sophos said it investigated almost 40 intrusions linked to the threat actor between February 2024 and August 2025. The campaign is assessed with high confidence to share overlaps with a hacking group known as Gold Blade, which is also
09 December 2025
Marquis Software Solutions experienced a data breach; security leaders discuss.
09 December 2025
Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS Code) Marketplace that are designed to infect developer machines with stealer malware.
The VS Code extensions masquerade as a premium dark theme and an artificial intelligence (AI)-powered coding assistant, but, in actuality, harbor covert functionality to download additional payloads, take
08 December 2025
Chrome’s new agentic browsing protections include user alignment critic, expanded origin-isolation capabilities, and user confirmations.
The post Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks appeared first on SecurityWeek.
08 December 2025
Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named NetSupport RAT.
The attack chain, analyzed by Securonix, involves three main moving parts: An obfuscated JavaScript loader injected into a website, an HTML Application (HTA) that runs encrypted
08 December 2025
From a basement computer lab to the C-Suite: How Keith McCammon built his career and Red Canary with zero formal training.
The post CISO Conversations: Keith McCammon, CSO and Co-founder at Red Canary appeared first on SecurityWeek.
08 December 2025
The cybersecurity startup will use the investment to accelerate product development and fuel global expansion.
The post Resemble AI Raises $13 Million for AI Threat Detection appeared first on SecurityWeek.