Cyber Security
News
Data Breach Settlement: Rite Aid Agrees to Pay $6.8 Million to Affected Customers
Rite Aid has agreed to a $6.8 million settlement following a data breach affecting over 2 million customers, emphasizing the need for robust cybersecurity measures.
News
New Chirp Tool Using Audio Tones for Data Transit Between Devices
The new Chirp tool allows data transfer between devices using audio tones, offering a unique and engaging way to communicate.
News
Akira Ransomware Uses Webcam to Bypass EDR
The Akira ransomware gang has found a way to bypass EDR by exploiting unsecured webcams, demonstrating a new level of sophistication in cyberattacks.
News
Taylor Swift Ticket Scam: Cybercrime Crew Steals $635,000
A cybercrime crew stole $635,000 worth of concert tickets, primarily for Taylor Swift's Eras Tour, exploiting a StubHub vendor loophole. Two employees were arrested and ...
News
Scott County Breach: Email Account Compromises Patient Data
The Scott County breach involved unauthorized access to email accounts, compromising protected health information for thousands of individuals across Iowa.
News
12,000 API Keys and Passwords Found in AI Training Datasets
Nearly 12,000 API keys and passwords were discovered in the Common Crawl dataset used for training AI models, highlighting significant security risks for enterprises. Many ...
News
Open-Source Tool Rayhunter Helps Users Detect Stingray Attacks
The EFF has introduced Rayhunter, an open-source tool for detecting Stingray attacks, helping users safeguard their sensitive data from unauthorized access.
News
Fake BianLian Ransom Notes Mailed to US CEOs in Postal Mail Scam
Scammers are impersonating the BianLian group, mailing fake ransom notes to US CEOs, threatening data leaks unless Bitcoin payments are made.
News
BadBox Malware Disrupted on 500K Infected Android Devices
The BadBox malware disruption has impacted over 500,000 devices, revealing the urgency of addressing cybersecurity threats in low-cost Android devices.
News
Silk Typhoon Hackers Now Target IT Supply Chains to Breach Networks
The Silk Typhoon hackers have shifted tactics, now focusing on IT supply chains to infiltrate networks and exploit sensitive data across multiple industries.
News
YouTube Warns of AI-Generated Phishing Attacks Targeting Creators
AI-generated video of YouTube's CEO is being used in phishing attacks to steal creators' credentials. YouTube warns users to avoid suspicious private videos and links.
News
US Charges Chinese Hackers Targeting Critical Infrastructure Breaches
US charges Chinese state security officers and hackers from APT27 and i-Soon for global cyberattacks targeting critical infrastructure and government agencies since 2011.
News
Hunters International Claims Ransomware Attack on Tata Technologies: 1.4TB Data Breached
Hunters International ransomware claims responsibility for a major attack on Tata Technologies, stealing 1.4 TB of data and threatening to release it.
News
Black Basta and Cactus Ransomware: Shared Tactics and BackConnect Malware Connection
Black Basta and Cactus ransomware groups share similar tactics and use BackConnect malware, highlighting the need for robust cybersecurity measures in enterprise businesses.
News
Cisco Warns of BroadWorks Flaw Exposing Credentials
Cisco warns of a BroadWorks flaw that could allow unauthenticated attackers to access sensitive credentials. Users are advised to implement security measures.
News
Broadcom Fixes Three VMware Zero-Days Exploited in Attacks
Broadcom fixes three critical VMware zero-days exploited in attacks, enabling attackers to escape virtual machine sandboxes. Immediate patching is advised.
News
Major Data Breach at Lost & Found Tracking Site Exposes Over 800,000 Records
A massive data breach at Lost & Found, a German travel tracking firm, exposed over 800,000 records, including passport scans and driver's licenses, raising serious ...
News
Polish Space Agency Suffers Cyberattack, Takes Systems Offline
The Polish Space Agency (POLSA) disconnected its systems after a weekend cyberattack. The agency is working with national CSIRT teams to restore services and investigate ...
News
New Polyglot Malware Targets Aviation and Satellite Communication Firms
A new polyglot malware, Sosano, targets aviation and satellite communication firms in the UAE, enabling remote command execution and persistent access on infected devices.
News
Eleven11bot: New Botnet Infects 86,000 Devices for DDoS Attacks
The Eleven11bot botnet has infected over 86,000 IoT devices, primarily focusing on security cameras and NVRs to launch DDoS attacks globally.
TOP CYBERSECURITY HEADLINES
SECURITYWEEK INDUSTRY EXPERTS
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Threat Actors
- Threat Detection Tools
- Uncategorized
Next.js Flaw Allows Unauthorized Access
Critical Next.js vulnerability (CVE-2025-29927) lets attackers bypass authorization, impacting versions before 15.2.3. Urgent updates are needed.
Ukraine Railway Hit by Cyberattack: Online Systems Disrupted
A major cyberattack targeted Ukraine's railway system, disrupting online services but not train operations. Restoration efforts are ongoing.
Chinese Weaver Ant Hackers Spied on Telco Network for Four Years
Chinese Weaver Ant hackers infiltrated a telecom network for over four years, using advanced techniques like web shell tunneling and data exfiltration.
Astral Foods Cyberattack: R20 Million Profit Plunge
Astral Foods suffered a cyberattack causing a R20 million profit loss and operational disruption. Swift recovery was implemented, but the incident highlights the need for ...
VanHelsing Ransomware Targets Multiple Platforms Including Windows and ESXi Systems
The new VanHelsing ransomware targets various systems, employing advanced encryption techniques and demanding ransoms up to $500,000 from its victims.
INTERPOL Operation Red Card Nets 300 Cybercrime Suspects in Africa
INTERPOL's Operation Red Card resulted in the arrest of 306 cybercrime suspects across seven African nations, seizing thousands of devices used in various scams.
Oracle Cloud Breach Compromises 6 Million Records, Threatening 140,000 Businesses
A massive Oracle Cloud breach exposed 6 million records, impacting 140,000 businesses. The attacker, "rose87168," is selling the data and demanding ransoms.
NYU Data Breach: Class Action Lawsuit Investigation Underway
NYU's March 2025 data breach exposed millions of applicants' personal data, prompting a class action lawsuit investigation. Attorneys seek to recover compensation for affected individuals.
Microsoft’s Trusted Signing Service Abused to Code-Sign Malware
Microsoft's Trusted Signing service is being abused to code-sign malware using short-lived certificates. This allows malicious software to bypass security and appear legitimate. Microsoft is ...
10 Key Benefits of Cyber Tabletop Exercises
Regular cybersecurity tabletop exercises are crucial for identifying weaknesses and strengthening your defenses. This blog explores the ten major advantages of incorporating these simulations into ...
Coinbase Targeted in GitHub Actions Breach
A major GitHub Actions breach targeted Coinbase, exploiting the tj-actions/changed-files action to steal secrets. Although Coinbase claims no damage, the attack highlights supply chain vulnerabilities.
CISA Says NAKIVO Backup Flaw is Actively Exploited in Attacks
CISA warns of a critical NAKIVO backup flaw, CVE-2024-48248, allowing unauthorized file access, urging organizations to patch systems promptly.
GitHub Supply Chain Attack Exposes Secrets in 218 Repositories
A GitHub Action supply chain attack exposed secrets from 218 repositories due to malicious code in tj-actions/changed-files, impacting popular projects and potentially causing further supply ...
WordPress Plugin WP Ghost Vulnerable to Critical Remote Code Execution Bug
Critical remote code execution vulnerability in WordPress plugin WP Ghost allows attackers to hijack servers. Urgent updates are required.
Network Security in a Digital World: Understanding and Mitigating Risks
The digital landscape is riddled with threats in modern networks. From malware and phishing to DDoS attacks and physical sabotage, the challenges are multifaceted. This ...
Critical Cisco Smart Licensing Utility Flaws Exploited in Attacks
Cisco's Smart Licensing Utility vulnerabilities CVE-2024-20439 and CVE-2024-20440 are now exploited, allowing unauthorized access through a backdoor admin account.
HellCat Hacking Spree Targets Jira Servers Worldwide
HellCat hackers are exploiting compromised Jira credentials in a worldwide hacking spree, targeting companies like Ascom and Jaguar Land Rover, stealing sensitive data including source ...
RansomHub Ransomware Leverages New Betruger Backdoor for Enhanced Attacks
RansomHub ransomware uses a new multi-function backdoor, Betruger, for enhanced attacks, streamlining the deployment process and minimizing detection.
Critical MegaRAC Bug Lets Attackers Hijack and Brick Servers
MI MegaRAC BMC vulnerability (CVE-2024-54085) lets attackers remotely hijack and brick servers, impacting numerous vendors and potentially causing significant damage.