Latest Cybersecurity News and Articles
06 August 2025
A Google Salesforce instance may have been targeted as part of a ShinyHunters campaign that hit several major companies.
The post Google Discloses Salesforce Hack appeared first on SecurityWeek.
06 August 2025
Splunk researchers developed a system to fingerprint post-logon behavior, using AI to find subtle signals of intrusion.
The post PLoB: A Behavioral Fingerprinting Framework to Hunt for Malicious Logins appeared first on SecurityWeek.
06 August 2025
Meta linked these scams to a criminal scam center in Cambodia — and said it disrupted the campaign in partnership with ChatGPT maker OpenAI.
The post WhatsApp Takes Down 6.8 Million Accounts Linked to Criminal Scam Centers, Meta Says appeared first on SecurityWeek.
06 August 2025
Trend Micro has rushed to fix two Apex One zero-days that may have been exploited by Chinese threat actors.
The post Trend Micro Patches Apex One Vulnerabilities Exploited in Wild appeared first on SecurityWeek.
06 August 2025
Microsoft handed out $17 million in rewards to 344 security researchers through its bug bounty programs over the past year.
The post Microsoft Paid Out $17 Million in Bug Bounties in Past Year appeared first on SecurityWeek.
06 August 2025
An AI extension to the Ox Security platform automatically generates organization specific code to fix vulnerabilities in the codebase.
The post Ox Security Launches AI Agent That Auto-Generates Code to Fix Vulnerabilities appeared first on SecurityWeek.
06 August 2025
DaVita has notified over 1 million individuals that their personal and health information was stolen in a ransomware attack.
The post Over 1 Million Impacted by DaVita Data Breach appeared first on SecurityWeek.
06 August 2025
On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the unnamed suspect, but the consensus is that he is a pivotal figure in the crime forum scene who goes by the hacker handle "Toha." Here's a deep dive on what's knowable about Toha, and a short stab at who got nabbed.
06 August 2025
ReVault vulnerabilities in the ControlVault3 firmware in Dell laptops could lead to firmware modifications or Windows login bypass.
The post Flaws Expose 100 Dell Laptop Models to Implants, Windows Login Bypass appeared first on SecurityWeek.
06 August 2025
As the volume and sophistication of cyber threats and risks grow, cybersecurity has become mission-critical for businesses of all sizes. To address this shift, SMBs have been urgently turning to vCISO services to keep up with escalating threats and compliance demands. A recent report by Cynomi has found that a full 79% of MSPs and MSSPs see high demand for vCISO services among SMBs.
How are
06 August 2025
Microsoft on Tuesday announced an autonomous artificial intelligence (AI) agent that can analyze and classify software without assistance in an effort to advance malware detection efforts.
The large language model (LLM)-powered autonomous malware classification system, currently a prototype, has been codenamed Project Ire by the tech giant.
The system "automates what is considered the gold
06 August 2025
Many companies are showcasing their products and services this week at the 2025 edition of the Black Hat conference in Las Vegas.
The post Black Hat USA 2025 – Summary of Vendor Announcements (Part 2) appeared first on SecurityWeek.
06 August 2025
Adobe has released urgent security updates to resolve two AEM Forms vulnerabilities for which proof-of-concept (PoC) code exists.
The post Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC appeared first on SecurityWeek.
06 August 2025
Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild.
The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both rated 9.4 on the CVSS scoring system, have been described as management console command injection and remote code execution flaws.
"A vulnerability in Trend Micro
06 August 2025
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks carried out by a threat actor called UAC-0099 targeting government agencies, the defense forces, and enterprises of the defense-industrial complex in the country.
The attacks, which leverage phishing emails as an initial compromise vector, are used to deliver malware families like MATCHBOIL, MATCHWOK, and
06 August 2025
When Technology Resets the Playing Field
In 2015 I founded a cybersecurity testing software company with the belief that automated penetration testing was not only possible, but necessary. At the time, the idea was often met with skepticism, but today, with 1200+ of enterprise customers and thousands of users, that vision has proven itself. But I also know that what we’ve built so far is only
06 August 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild.
The high-severity vulnerabilities, which are from 2020 and 2022, are listed below -
CVE-2020-25078 (CVSS score: 7.5) - An unspecified vulnerability in D-Link
05 August 2025
A combination of propagation methods, narrative sophistication, and evasion techniques enabled the social engineering tactic known as ClickFix to take off the way it did over the past year, according to new findings from Guardio Labs.
"Like a real-world virus variant, this new 'ClickFix' strain quickly outpaced and ultimately wiped out the infamous fake browser update scam that plagued the web
05 August 2025
Microsoft has unveiled Project Ire, a prototype autonomous AI agent that can analyze any software file to determine if it’s malicious.
The post Microsoft’s Project Ire Autonomously Reverse Engineers Software to Find Malware appeared first on SecurityWeek.
05 August 2025
Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in the wild.
The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6), by the chipmaker back in June 2025.
CVE-2025-21479