Latest Cybersecurity News and Articles
03 December 2025
AWS and cybersecurity vendors have made several announcements at the cloud giant’s re:Invent 2025 event.
The post re:Invent 2025: AWS and Security Vendors Unveil New Products and Capabilities appeared first on SecurityWeek.
03 December 2025
Windows now displays in the properties tab of LNK files critical information that could reveal malicious code.
The post Microsoft Silently Mitigated Exploited LNK Vulnerability appeared first on SecurityWeek.
03 December 2025
Most people know the story of Paul Bunyan. A giant lumberjack, a trusted axe, and a challenge from a machine that promised to outpace him. Paul doubled down on his old way of working, swung harder, and still lost by a quarter inch. His mistake was not losing the contest. His mistake was assuming that effort alone could outmatch a new kind of tool.
Security professionals are facing a similar
03 December 2025
Online criminals foiled by National Cyber Security Centre’s Share and Defend service in partnership with industry.
03 December 2025
Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the tool's protections.
Picklescan, developed and maintained by Matthieu Maitre (@mmaitre314), is a security scanner that's designed to parse Python pickle files and detect suspicious
03 December 2025
Chrome 143 stable was released with patches for 13 vulnerabilities, including a high-severity flaw in the V8 JavaScript engine.
The post Chrome 143 Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
03 December 2025
Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine (EVM) unit helper tool.
The Rust crate, named "evm-units," was uploaded to crates.io in mid-April 2025 by a user named "ablerust,"
02 December 2025
India's Department of Telecommunications (DoT) has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an active SIM card linked to the user's mobile number.
To that end, messaging apps like WhatsApp, Telegram, Snapchat, Arattai, Sharechat, Josh, JioChat, and Signal that use an Indian mobile number for uniquely identifying their
02 December 2025
The cybersecurity startup will use the investment to accelerate product innovation and global expansion.
The post Zafran Security Raises $60 Million in Series C Funding appeared first on SecurityWeek.
02 December 2025
A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea’s most persistent infiltration schemes: a network of remote IT workers tied to Lazarus Group’s Famous Chollima division.
For the first time, researchers managed
02 December 2025
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue.
GlassWorm was first documented in October 2025, detailing its use of the Solana blockchain for command-and-control (C2) and harvest npm,
02 December 2025
When familiar security concepts carry unfamiliar meanings for different audiences, teams talk past each other without even realizing it. This silent disconnect weakens communication, clarity, and outcomes.
The post The Great Disconnect: Unmasking the ‘Two Separate Conversations’ in Security appeared first on SecurityWeek.
02 December 2025
Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners.
The package in question is eslint-plugin-unicorn-ts-2, which masquerades as a TypeScript extension of the popular ESLint plugin. It was uploaded to the registry by a user named "hamburgerisland" in February 2024. The package has been downloaded
02 December 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 2, 2025 – Read the full story in Bolde The working world is far weirder, cooler, and more creative than anyone tells you. Behind the scenes, there are people making real
The post Ethical Hacker: Coolest Job In 2026 appeared first on Cybercrime Magazine.
02 December 2025
The extensions were seen profiling users, reading cookie data to create unique identifiers, and executing payloads with browser API access.
The post Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors appeared first on SecurityWeek.
02 December 2025
Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian nation-state actors that have delivered a previously undocumented backdoor called MuddyViper.
The activity has been attributed by ESET to a hacking group known as MuddyWater (aka Mango
02 December 2025
The Swiss cybersecurity firm will scale its R&D, sales and marketing teams as it pursues expansion across Europe.
The post Saporo Raises $8 Million for Identity Security Platform appeared first on SecurityWeek.
02 December 2025
The Codex CLI vulnerability tracked as CVE-2025-61260 can be exploited for command execution.
The post Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers appeared first on SecurityWeek.
02 December 2025
Security leaders discuss the Coupang data breach, which affected approximately 34 million customers.
02 December 2025
Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and keeping track of all the vulnerability alerts, notifications, and updates can be a burden on resources and often leads to missed vulnerabilities.
Taking into account that nearly 10% of