Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York for $2 million, trojanized RAT builder targets script kiddies. The post In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies appeared first on SecurityWeek.
The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to North Korea. The post US Charges Five People Over North Korean IT Worker Scheme appeared first on SecurityWeek.
CISA has added the JQuery flaw CVE-2020-11023, previously linked to APT1, to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Warns of Old jQuery Vulnerability Linked to Chinese APT appeared first on SecurityWeek.
Four decades of student and educator information was stolen from PowerSchool – tens of millions are potentially affected. The post Millions Impacted by PowerSchool Data Breach appeared first on SecurityWeek.
Business resilience must be the ultimate purpose of all the security controls and processes we employ, because we will never conclusively defeat or protect ourselves from social engineering. The post Cyber Insights 2025: Social Engineering Gets AI Wings appeared first on SecurityWeek.
Pwn2Own Automotive 2025 has come to an end and participants have earned a total of $886,000 for exploits targeting EV chargers and infotainment systems. The post Hackers Earn $886,000 at Pwn2Own Automotive 2025 for Charger, OS, Infotainment Exploits appeared first on SecurityWeek.
Eclypsium warns that Palo Alto Networks firewalls are impacted by BIOS and bootloader flaws, but the vendor says users should not be concerned. The post Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls appeared first on SecurityWeek.
Conduent has confirmed suffering disruptions due to a cyberattack after government agencies reported service outages. The post Conduent Confirms Cyberattack After Government Agencies Report Outages appeared first on SecurityWeek.
Two separate threat actors have been observed abusing Microsoft 365 services and exploiting default Microsoft Teams configurations to initiate conversations with internal users, Sophos warns. Operating Microsoft 365 tenants, the two hacking groups launched at least 15 attacks over the past three months, likely aiming to compromise organizations for ransomware deployment and data theft. Tracked […]
SecurityWeek’s Cyber Insights 2025 examines expert opinions on the expected evolution of more than a dozen areas of cybersecurity interest over the next 12 months. We spoke to hundreds of individual experts to gain their expert opinions. Here we discuss what to expect in Attack Surface Management. Business transformation is redefining attack surface management (ASM). […]