SecurityWeek
Freelance Software Developers in North Korean Malware Crosshairs
ESET says hundreds of freelance software developers have fallen victim to North Korean hackers posing as recruiters.
The post Freelance Software Developers in North Korean Malware Crosshairs appeared first on SecurityWeek.
Apple Pulls Advanced Data Protection for New UK Users Amid Backdoor Demand
Apple says it can no longer offer end-to-end encrypted cloud backups in the UK and insists it will never build a backdoor or master key.
The post Apple Pulls Advanced Data Protection for New UK Users Amid Backdoor Demand appeared first on SecurityWeek.
Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics
Cisco Talos observed Chinese hackers pivoting from a compromised device operated by one telecom to target a device in another telecom.
The post Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics appeared first on SecurityWeek.
In Other News: Black Basta Chats Leaked, New SEC Cyber Unit, DOGE Site Hacked
Noteworthy stories that might have slipped under the radar: Black Basta ransomware chat logs leaked, SEC launches new cyber unit, DOGE website hacked.
The post In Other News: Black Basta Chats Leaked, New SEC Cyber Unit, DOGE Site Hacked appeared first on SecurityWeek.
Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers
OPSWAT details two critical vulnerabilities in the Mongoose ODM library for MongoDB leading to remote code execution on the Node.js server.
The post Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers appeared first on SecurityWeek.
How China Pinned University Cyberattacks on NSA Hackers
A researcher dives into Chinese reports attributing cyberattacks on Northwestern Polytechnical University to the NSA’s TAO division.
The post How China Pinned University Cyberattacks on NSA Hackers appeared first on SecurityWeek.
CISA Warns of Attacks Exploiting Craft CMS Vulnerability
CISA has added a Craft CMS flaw tracked as CVE-2025-23209 to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Warns of Attacks Exploiting Craft CMS Vulnerability appeared first on SecurityWeek.
Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls
Palo Alto Networks is warning customers that a second vulnerability patched in February is being exploited in attacks.
The post Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls appeared first on SecurityWeek.
Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines
China-linked cyberespionage toolkits are popping up in ransomware attacks, forcing defenders to rethink how they combat state-backed hackers.
The post Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines appeared first on SecurityWeek.
Mining Company NioCorp Loses $500,000 in BEC Hack
NioCorp Developments has informed the SEC that it lost $0.5 million after its systems were compromised.
The post Mining Company NioCorp Loses $500,000 in BEC Hack appeared first on SecurityWeek.
AI Can Supercharge Productivity, But we Still Need a Human-in-the-Loop
AI systems can sometimes struggle with complex or nuanced situations, so human intervention can help identify and address potential issues that algorithms might not.
The post AI Can Supercharge Productivity, But we Still Need a Human-in-the-Loop appeared first on SecurityWeek.
Atlassian Patches Critical Vulnerabilities in Confluence, Crowd
Atlassian has released patches for 12 critical- and high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd, and Jira.
The post Atlassian Patches Critical Vulnerabilities in Confluence, Crowd appeared first on SecurityWeek.
CISA, FBI Warn of China-Linked Ghost Ransomware Attacks
CISA and the FBI warn organizations of attacks employing the Ghost (Cring) ransomware, operated by Chinese hackers.
The post CISA, FBI Warn of China-Linked Ghost Ransomware Attacks appeared first on SecurityWeek.
PoC Exploit Published for Critical Ivanti EPM Vulnerabilities
Proof-of-concept (PoC) code and technical details on four critical-severity Ivanti EPM vulnerabilities are now available.
The post PoC Exploit Published for Critical Ivanti EPM Vulnerabilities appeared first on SecurityWeek.
US Military Health Provider HNFS Pays $11M in Settlement Over Cybersecurity Failures
US military health benefits program administrator HNFS to pay $11 million in settlement over its false claims of cybersecurity compliance.
The post US Military Health Provider HNFS Pays $11M in Settlement Over Cybersecurity Failures appeared first on SecurityWeek.
Microsoft Patches Exploited Power Pages Vulnerability
Microsoft has patched CVE-2025-24989, a Power Pages privilege escalation vulnerability that has been exploited in attacks.
The post Microsoft Patches Exploited Power Pages Vulnerability appeared first on SecurityWeek.
How Hackers Manipulate Agentic AI with Prompt Engineering
Organizations adopting the transformative nature of agentic AI are urged to take heed of prompt engineering tactics being practiced by threat actors.
The post How Hackers Manipulate Agentic AI with Prompt Engineering appeared first on SecurityWeek.
CISO Conversations: Kevin Winter at Deloitte and Richard Marcus at AuditBoard
SecurityWeek speaks with Kevin Winter, Global CISO at Deloitte, and Richard Marcus, CISO at AuditBoard.
The post CISO Conversations: Kevin Winter at Deloitte and Richard Marcus at AuditBoard appeared first on SecurityWeek.
Blockaid Raises $50 Million to Secure Blockchain Applications
Blockaid raises $50 million in Series B funding to scale operations to meet demand for its blockchain application security platform.
The post Blockaid Raises $50 Million to Secure Blockchain Applications appeared first on SecurityWeek.
OpenSSH Patches Vulnerabilities Allowing MitM, DoS Attacks
The latest OpenSSH update patches two vulnerabilities, including one that enabled MitM attacks with no user interaction.
The post OpenSSH Patches Vulnerabilities Allowing MitM, DoS Attacks appeared first on SecurityWeek.