Latest Cybersecurity News and Articles
23 September 2025
The botnet’s operators provide customers with access to an infected network of Docker containers so they can conduct DDoS attacks.
The post ShadowV2 DDoS Service Lets Customers Self-Manage Attacks appeared first on SecurityWeek.
23 September 2025
The juvenile suspect surrendered on September 17 and was booked on computer intrusion, extortion, and identity theft charges.
The post Scattered Spider Suspect Arrested in US appeared first on SecurityWeek.
23 September 2025
GitHub on Monday announced that it will be changing its authentication and publishing options "in the near future" in response to a recent wave of supply chain attacks targeting the npm ecosystem, including the Shai-Hulud attack.
This includes steps to address threats posed by token abuse and self-replicating malware by allowing local publishing with required two-factor authentication (2FA),
23 September 2025
The company says customer contact information was stolen from a third-party service provider’s platform.
The post Automotive Titan Stellantis Discloses Data Breach appeared first on SecurityWeek.
23 September 2025
Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken by a Chinese-speaking threat actor using a malware called BadIIS in attacks targeting East and Southeast Asia, particularly with a focus on Vietnam.
The activity, dubbed Operation Rewrite, is being tracked by Palo Alto Networks Unit 42 under the moniker CL-UNK-1037, where "
23 September 2025
A cyberattack disrupted operations in European airports. Cyber experts are sharing their insights.
22 September 2025
Organizations in Belarus, Kazakhstan, and Russia have emerged as the target of a phishing campaign undertaken by a previously undocumented hacking group called ComicForm since at least April 2025.
The activity primarily targeted industrial, financial, tourism, biotechnology, research, and trade sectors, cybersecurity company F6 said in an analysis published last week.
The attack chain involves
22 September 2025
The Canada-based company has emerged from stealth with autonomous AI agents designed to manage and operate the security and IT stack.
The post Mycroft Raises $3.5 Million for AI-Powered Security and Compliance Platform appeared first on SecurityWeek.
22 September 2025
A data hub for the DHS exposed sensitive information.
22 September 2025
L1TF Reloaded is a vulnerability combining the old L1TF and half-Spectre hardware flaws to bypass deployed software mitigations.
The post Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloud appeared first on SecurityWeek.
22 September 2025
Collins Aerospace is reportedly having difficulties recovering from the ransomware attack.
The post European Airport Disruptions Caused by Ransomware Attack appeared first on SecurityWeek.
22 September 2025
The security landscape now moves at a pace no patch cycle can match. Attackers aren’t waiting for quarterly updates or monthly fixes—they adapt within hours, blending fresh techniques with old, forgotten flaws to create new openings. A vulnerability closed yesterday can become the blueprint for tomorrow’s breach.
This week’s recap explores the trends driving that constant churn: how threat
22 September 2025
The Romania-based company has launched WorkHorse and is preparing for a funding round to accelerate growth.
The post HoundBytes Launches Automated Security Analyst appeared first on SecurityWeek.
22 September 2025
We hear this a lot:
“We’ve got hundreds of service accounts and AI agents running in the background. We didn’t create most of them. We don’t know who owns them. How are we supposed to secure them?”
Every enterprise today runs on more than users. Behind the scenes, thousands of non-human identities, from service accounts to API tokens to AI agents, access systems, move data, and execute tasks
22 September 2025
Threat actors rely on malicious GitHub repositories to infect LastPass’s macOS users with the Atomic infostealer.
The post Widespread Infostealer Campaign Targeting macOS Users appeared first on SecurityWeek.
22 September 2025
Threat actors likely spoofed the official government website for personal information theft and monetary fraudulent activity.
The post FBI Warns of Spoofed IC3 Website appeared first on SecurityWeek.
22 September 2025
Tracked as CVE-2025-10035 (CVSS score of 10), the critical deserialization vulnerability could be exploited for command injection.
The post Fortra Patches Critical GoAnywhere MFT Vulnerability appeared first on SecurityWeek.
22 September 2025
After Scattered Spider claimed to retire, research suggests the group has already returned to target the financial sector.
22 September 2025
A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including Global Administrators, across any tenant.
The vulnerability, tracked as CVE-2025-55241, has been assigned the maximum CVSS score of 10.0. It has been described by Microsoft as a privilege escalation flaw in Azure Entra. There is no
21 September 2025
The cyberattack affected software of Collins Aerospace, whose systems help passengers check in, print boarding passes and bag tags, and dispatch their luggage.
The post Airport Cyberattack Disrupts More Flights Across Europe appeared first on SecurityWeek.