Latest Cybersecurity News and Articles
03 September 2025
Attack disrupted email, phones, and websites for weeks, but officials say no ransom was paid.
The post Pennsylvania Attorney General Confirms Ransomware Behind Weeks-Long Outage appeared first on SecurityWeek.
03 September 2025
Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two issues that it said have been exploited in targeted attacks.
The vulnerabilities are listed below -
CVE-2025-38352 (CVSS score: 7.4) - A privilege escalation flaw in the Linux Kernel component
CVE-2025-48543 (CVSS score: N/A) - A
03 September 2025
An Iran-nexus group has been linked to a "coordinated" and "multi-wave" spear-phishing campaign targeting the embassies and consulates in Europe and other regions across the world.
The activity has been attributed by Israeli cybersecurity company Dream to Iranian-aligned operators connected to broader offensive cyber activity undertaken by a group known as Homeland Justice.
"Emails were sent to
03 September 2025
The automotive company said it disconnected its systems, which severely impacted both retail and manufacturing operations.
The post Jaguar Land Rover Operations ‘Severely Disrupted’ by Cyberattack appeared first on SecurityWeek.
03 September 2025
Hackers accessed customer contact information and case data from Salesforce instances at Cloudflare, Palo Alto Networks, and Zscaler.
The post Security Firms Hit by Salesforce–Salesloft Drift Breach appeared first on SecurityWeek.
03 September 2025
Cloudflare on Tuesday said it automatically mitigated a record-setting volumetric distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps).
"Over the past few weeks, we've autonomously blocked hundreds of hyper-volumetric DDoS attacks, with the largest reaching peaks of 5.1 Bpps and 11.5 Tbps," the web infrastructure and security company said in a post on X. "
03 September 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, CVE-2020-24363 (CVSS score: 8.8), concerns a case of missing authentication that could be abused to obtain
02 September 2025
Salesloft on Tuesday announced that it's taking Drift temporarily offline "in the very near future," as multiple companies have been ensnared in a far-reaching supply chain attack spree targeting the marketing software-as-a-service product, resulting in the mass theft of authentication tokens.
"This will provide the fastest path forward to comprehensively review the application and build
02 September 2025
Tracked as CVE-2025-57819 (CVSS score of 10/10), the bug is described as an insufficient sanitization of user-supplied data.
The post Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers appeared first on SecurityWeek.
02 September 2025
The North Korea-linked threat actor known as the Lazarus Group has been attributed to a social engineering campaign that distributes three different pieces of cross-platform malware called PondRAT, ThemeForestRAT, and RemotePE.
The attack, observed by NCC Group's Fox-IT in 2024, targeted an organization in the decentralized finance (DeFi) sector, ultimately leading to the compromise of an
02 September 2025
Part of a wave of DDoS attacks that lasted for weeks, the assault was a UDP flood mainly originating from Google Cloud.
The post Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack appeared first on SecurityWeek.
02 September 2025
The transaction is valued up to $150 million, including performance-based retention awards, a Varonis spokesperson told SecurityWeek.
The post Varonis Acquires Email Security Firm SlashNext appeared first on SecurityWeek.
02 September 2025
Cybersecurity researchers have disclosed a stealthy new backdoor called MystRodX that comes with a variety of features to capture sensitive data from compromised systems.
"MystRodX is a typical backdoor implemented in C++, supporting features like file management, port forwarding, reverse shell, and socket management," QiAnXin XLab said in a report published last week. "Compared to typical
02 September 2025
The Midnight Blizzard cyberspies used compromised websites to trick users into authorizing devices they controlled.
The post Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users appeared first on SecurityWeek.
02 September 2025
The vulnerability (CVE-2025-55177) was exploited along an iOS/macOS zero-day in suspected spyware attacks.
The post WhatsApp Zero-Day Exploited in Attacks Targeting Apple Users appeared first on SecurityWeek.
02 September 2025
The Harsh Truths of AI Adoption
MITs State of AI in Business report revealed that while 40% of organizations have purchased enterprise LLM subscriptions, over 90% of employees are actively using AI tools in their daily work. Similarly, research from Harmonic Security found that 45.4% of sensitive AI interactions are coming from personal email accounts, where employees are bypassing corporate
02 September 2025
Cybersecurity researchers have flagged a Ukrainian IP network for engaging in massive brute-force and password spraying campaigns targeting SSL VPN and RDP devices between June and July 2025.
The activity originated from a Ukraine-based autonomous system FDN3 (AS211736), per French cybersecurity company Intrinsec.
"We believe with a high level of confidence that FDN3 is part of a wider abusive
02 September 2025
The threat actor known as Silver Fox has been attributed to abuse of a previously unknown vulnerable driver associated with WatchDog Anti-malware as part of a Bring Your Own Vulnerable Driver (BYOVD) attack aimed at disarming security solutions installed on compromised hosts.
The vulnerable driver in question is "amsdk.sys" (version 1.0.600), a 64-bit, validly signed Windows kernel device driver
02 September 2025
Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on Windows systems.
The package, named nodejs-smtp, impersonates the legitimate email library nodemailer with an identical tagline, page styling, and README descriptions, attracting a total of 347
01 September 2025
The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including Slack, Google Workspace, Amazon S3, Microsoft Azure, and OpenAI.