Latest Cybersecurity News and Articles
12 September 2025
A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program.
The issue stems from the fact that an out-of-the-box security setting is disabled by default, opening the door for attackers to run arbitrary code on users' computers with their privileges.
"
11 September 2025
In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new data shows those sanctions have done little to stop Stark from simply rebranding and transferring their assets to other corporate entities controlled by its original hosting providers.
11 September 2025
1.6 million audio files were exposed.
11 September 2025
Google on Tuesday announced that its new Google Pixel 10 phones support the Coalition for Content Provenance and Authenticity (C2PA) standard out of the box to verify the origin and history of digital content.
To that end, support for C2PA's Content Credentials has been added to Pixel Camera and Google Photos apps for Android. The move, Google said, is designed to further digital media
11 September 2025
Join the webinar as we reveal a new model for AI pen testing – one grounded in social engineering, behavioral manipulation, and even therapeutic dialogue.
The post Webinar Today: Breaking AI – Inside the Art of LLM Pen Testing appeared first on SecurityWeek.
11 September 2025
U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to probe Microsoft and hold it responsible for what he called "gross cybersecurity negligence" that enabled ransomware attacks on U.S. critical infrastructure, including against healthcare networks.
"Without timely action, Microsoft's culture of negligent cybersecurity, combined with its de facto monopolization of the
11 September 2025
High-severity flaws in IOS XR could lead to ISO image verification bypass and denial-of-service conditions.
The post Cisco Patches High-Severity IOS XR Vulnerabilities appeared first on SecurityWeek.
11 September 2025
LNER said the security incident involved a third-party supplier and resulted in contact information and other data being compromised.
The post UK Train Operator LNER Warns Customers of Data Breach appeared first on SecurityWeek.
11 September 2025
Google patched a critical use-after-free vulnerability in Chrome that could potentially lead to code execution.
The post Critical Chrome Vulnerability Earns Researcher $43,000 appeared first on SecurityWeek.
11 September 2025
The Akira ransomware group is likely exploiting a combination of three attack vectors to gain unauthorized access to vulnerable appliances.
The post Akira Ransomware Attacks Fuel Uptick in Exploitation of SonicWall Flaw appeared first on SecurityWeek.
11 September 2025
Researchers exploited K2 Think’s built-in explainability to dismantle its safety guardrails, raising new questions about whether transparency and security in AI can truly coexist.
The post UAE’s K2 Think AI Jailbroken Through Its Own Transparency Features appeared first on SecurityWeek.
11 September 2025
The tools manufacturer was targeted in a ransomware attack claimed by the Cactus group.
The post 100,000 Impacted by Cornwell Quality Tools Data Breach appeared first on SecurityWeek.
11 September 2025
Senator Ron Wyden’s complaints focus on Windows security and the Kerberoasting attack technique.
The post Senator Urges FTC Probe of Microsoft Over Security Failures appeared first on SecurityWeek.
11 September 2025
With security teams drowning in alerts, many suppress detection rules and accept hidden risks. AI promises relief through automation and triage—but without human oversight, it risks becoming part of the problem.
The post AI Emerges as the Hope—and Risk—for Overloaded SOCs appeared first on SecurityWeek.
11 September 2025
AegisAI uses autonomous AI agents to prevent phishing, malware, and BEC attacks from reaching inboxes.
The post Email Security Startup AegisAI Launches With $13 Million in Funding appeared first on SecurityWeek.
11 September 2025
Threat actors affiliated with the Akira ransomware group have continued to target SonicWall devices for initial access.
Cybersecurity firm Rapid7 said it observed a spike in intrusions involving SonicWall appliances over the past month, particularly following reports about renewed Akira ransomware activity since late July 2025.
SonicWall subsequently revealed the SSL VPN activity aimed at its
11 September 2025
Oligo Security has shared details on an Apple CarPlay attack that hackers may be able to launch without any interaction.
The post Remote CarPlay Hack Puts Drivers at Risk of Distraction and Surveillance appeared first on SecurityWeek.
11 September 2025
Cybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake websites to steal sensitive data.
The malvertising campaign, per Bitdefender, is designed to push fake "Meta Verified" browser extensions named SocialMetrics Pro that claim to unlock the blue check badge for Facebook and Instagram profiles. At least 37 malicious ads
11 September 2025
CISOs know their field. They understand the threat landscape. They understand how to build a strong and cost-effective security stack. They understand how to staff out their organization. They understand the intricacies of compliance. They understand what it takes to reduce risk. Yet one question comes up again and again in our conversations with these security leaders: how do I make the impact
11 September 2025
Cyber experts share 3 major threats to school cybersecurity and provide advice for managing these risks.