Latest Cybersecurity News and Articles
31 July 2025
Cyber threats and attacks like ransomware continue to increase in volume and complexity with the endpoint typically being the most sought after and valued target. With the rapid expansion and adoption of AI, it is more critical than ever to ensure the endpoint is adequately secured by a platform capable of not just keeping pace, but staying ahead of an ever-evolving threat landscape.
31 July 2025
SentinelLabs connects the dots between prolific Chinese state-sponsored hackers and companies developing intrusion tools.
The post Report Links Chinese Companies to Tools Used by State-Sponsored Hackers appeared first on SecurityWeek.
31 July 2025
The financially motivated threat actor known as UNC2891 has been observed targeting Automatic Teller Machine (ATM) infrastructure using a 4G-equipped Raspberry Pi as part of a covert attack.
The cyber-physical attack involved the adversary leveraging their physical access to install the Raspberry Pi device and have it connected directly to the same network switch as the ATM, effectively placing
31 July 2025
Security Operations Centers (SOCs) are stretched to their limits. Log volumes are surging, threat landscapes are growing more complex, and security teams are chronically understaffed. Analysts face a daily battle with alert noise, fragmented tools, and incomplete data visibility. At the same time, more vendors are phasing out their on-premises SIEM solutions, encouraging migration to SaaS
31 July 2025
Honeywell has patched several critical and high-severity vulnerabilities in its Experion PKS industrial process control and automation product.
The post Honeywell Experion PKS Flaws Allow Manipulation of Industrial Processes appeared first on SecurityWeek.
31 July 2025
Google Project Zero now publicly shares the discovery of a vulnerability and when its 90-day disclosure deadline expires.
The post Google Project Zero Tackles Upstream Patch Gap With New Policy appeared first on SecurityWeek.
31 July 2025
Threat actors are actively exploiting a critical security flaw in "Alone – Charity Multipurpose Non-profit WordPress Theme" to take over susceptible sites.
The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug.
According to Wordfence, the shortcoming relates to an arbitrary file upload
30 July 2025
Committee Members voted to recommend Sean Plankey for director of the Cybersecurity and Infrastructure Security Agency.
The post Senate Committee Advances Trump Nominee to Lead CISA appeared first on SecurityWeek.
30 July 2025
Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here's a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites.
30 July 2025
Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called JSCEAL that can capture data from credentials and wallets.
The activity leverages thousands of malicious advertisements posted on Facebook in an attempt to redirect unsuspecting victims to counterfeit sites that instruct
30 July 2025
Cybersecurity experts have released a decryptor for a ransomware strain called FunkSec, allowing victims to recover access to their files for free.
"Because the ransomware is now considered dead, we released the decryptor for public download," Gen Digital researcher Ladislav Zezula said.
FunkSec, which emerged towards the end of 2024, has claimed 172 victims, according to data from
30 July 2025
BlinkOps has announced a Series B funding round that brings the total raised by the company for its micro-agents builder to $90 million.
The post BlinkOps Raises $50 Million for Agentic Security Automation Platform appeared first on SecurityWeek.
30 July 2025
Legion has raised $38 million in seed and Series A funding for its browser-native AI Security Operations Center (SOC) platform.
The post Legion Emerges From Stealth With $38 Million in Funding appeared first on SecurityWeek.
30 July 2025
Multiple financially motivated threat actors are targeting backup systems and employing Scattered Spider’s social engineering techniques.
The post Scattered Spider Activity Drops Following Arrests, but Others Adopting Group’s Tactics appeared first on SecurityWeek.
30 July 2025
Strategic acquisitions marks Palo Alto Networks' formal entry into the identity security space and accelerates its platform strategy.
The post Palo Alto Networks to Acquire CyberArk for $25 Billion appeared first on SecurityWeek.
30 July 2025
Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if left unaddressed, could allow attackers to hijack control of susceptible devices.
"The flaws, affecting the device's ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device,"
30 July 2025
Orange was targeted by hackers in an attack that resulted in the disruption of services offered to corporate and individual customers.
The post Telecom Giant Orange Hit by Cyberattack appeared first on SecurityWeek.
30 July 2025
The Israeli startup helps organizations identify, monitor, and control AI agents across their environments.
The post Cyata Emerges From Stealth With $8.5 Million in Funding appeared first on SecurityWeek.
30 July 2025
Allianz Life Insurance Company of North America experienced a data breach.
30 July 2025
Chinese companies linked to the state-sponsored hacking group known as Silk Typhoon (aka Hafnium) have been identified as behind over a dozen technology patents, shedding light on the shadowy cyber contracting ecosystem and its offensive capabilities.
The patents cover forensics and intrusion tools that enable encrypted endpoint data collection, Apple device forensics, and remote access to