Cybersecurity News Hero

Combing the world for the cybersecurity stories you need to know.

Cybersecurity News
macOS infostealers
macOS Malware Surge: Infostealers Drive a 101% Spike in Attacks
February 20, 2025
Malware attacks on macOS systems have surged recently, with malicious activity especially focused on infostealers. Palo Alto Networks’ Unit 42 found that infostealers make up the largest part of macOS malware introduced in 2024. Some…
Read More >
DOGE Department of Education FERPA
Elon Musk’s DOGE Sparks Controversy at the U.S. Education Department
February 19, 2025
A recent report from The Washington Post has ignited a debate over the role of AI in government oversight. According to the report, Elon Musk’s Department of Government Efficiency (DOGE) has been granted access to…
Read More >
ASP.Net machine keys
The Hidden Dangers of Publicly Disclosed ASP.NET Machine Keys
February 18, 2025
Microsoft has recently issued a notice warning of code injection attacks by an unknown threat actor taking advantage of publicly disclosed ASP.NET machine keys. These are cryptographic keys for encrypting and validating data in ASP.NET…
Read More >
Sneaky 2FA phishing kit
The Rise of Phishing-as-a-Service Targeting Microsoft 365 Accounts
February 14, 2025
Cybersecurity firm Sekoia recently spotted a new phishing kit using an Adversary-in-the-Middle (AitM) technique to target Microsoft 365 accounts. Discovered in December 2024, the Sneaky 2FA phishing kit is a sophisticated phishing-as-a-service (PhaaS) attack from…
Read More >
rsync vulnerabilities
Critical rsync Vulnerabilities Exposed: Over 660,000 Systems at Risk
February 12, 2025
On January 14, Google Cloud and other independent security researchers announced the discovery of six vulnerabilities in rsync, a widely used file synchronization tool. The most severe, CVE-2024-12084, is a buffer overflow flaw in the…
Read More >
Halcyon ransomware
The Rise of RansomHub and Geopolitical Risks
February 11, 2025
Military strategist Sun Tzu wrote over 2000 years ago that it is critical to understand your adversary. This concept is why anti-ransomware platform provider Halcyon publishes their "Ransomware Malicious Quartile (MQ) Power Rankings." They released…
Read More >
Homebrew AmosStealer malvertising
Homebrew Targeted in Malvertising Campaign Distributing AmosStealer Malware
February 10, 2025
The free, open-source software package management system Homebrew is a popular tool for simplifying the process of installing software on macOS and Linux systems. It is entirely run by volunteers and often benefits from user…
Read More >
ransomware agentic AI Malwarebytes
AI, Ransomware, and the Escalating Cybersecurity Battlefield in 2025
February 07, 2025
Cybersecurity in 2025 is caught in a tug-of-war between innovation and exploitation. The rise of agentic AI—AI that can operate autonomously, make decisions, and interact with systems—has reshaped both cyber defense and cybercrime. Security teams…
Read More >
PDF mishing mobile phishing
Cybercriminals Exploit Vulnerabilities in Mobile Phishing Campaign
February 07, 2025
Phishing has been a tried-and-true cyberattack tactic for decades, as it allows threat actors to adapt and expand their methods to take advantage of different technologies and evade many cybersecurity measures. Recent years have seen…
Read More >
Gravatar cloud credential harvesting
Cloud App Impersonations and the Rise of Sophisticated Credential Harvesting
February 04, 2025
There are no safe spaces on the internet. Cybercriminals will exploit any and every opportunity to launch attacks. This has been demonstrated again by researchers at SlashNext, who have uncovered a new credential harvesting campaign.…
Read More >
Sophos mobile access appliance
Critical Flaw Puts Secure Mobile Access Appliances at Risk
February 04, 2025
SonicWall has issued an urgent warning about a newly discovered zero-day vulnerability, CVE-2025-23006, in its Secure Mobile Access (SMA) 1000 Series appliances. This flaw leaves affected devices open to full system compromise, enabling attackers to…
Read More >
Arcus Media ransomware Halcyon
Arcus Media: The Rising Ransomware Threat Redefining Modern Cybersecurity Defenses
January 29, 2025
Ransomware continues to evolve as one of today’s most formidable cyber threats. Cybercriminals continue to refine their tactics to inflict the most damage possible and, ultimately, increase the likelihood of a ransom payment. Over the…
Read More >
AppLite Trojan Zimperium
Dream Jobs or Digital Traps? AppLite Trojan Attacks Mobile Job Seekers
January 28, 2025
Finding a good job is difficult. This is why cybercriminals use job recruitment offers to trick people into downloading malicious Android mobile applications pretending to be job application software. Zimperium’s zLabs uncovered a new variant…
Read More >
FCC cybersecurity telecommunications
FCC Proposes Cybersecurity Mandate to Combat Advanced Threats
January 22, 2025
In response to a recent rise in foreign and state-sponsored attacks threatening critical communications infrastructure, FCC Chairwoman Jessica Rosenworcel has proposed a new mandate to protect communications systems. Technological advances and geopolitical conflict contribute to…
Read More >
Web 8989999 1280
The Expanding Reach of Chinese Cyber Espionage in U.S. Telecommunications
January 21, 2025
A recent wave of cyberespionage has exposed the vulnerabilities of U.S. telecommunications networks. Dubbed "Salt Typhoon" by Microsoft, this campaign, attributed to Chinese hackers, infiltrated at least eight major telecommunications companies, including AT&T and Verizon.…
Read More >
VSPC Veeam vulnerabilities
Critical Flaws in Veeam Service Provider Console Demand Urgent Action
January 17, 2025
Veeam, a provider of data replication and protection software, released critical security patches to fix severe vulnerabilities affecting its Service Provider Console (VSPC). One of the vulnerabilities is rated as critical (9.9/10 on the CVSS…
Read More >
China-based threat actors
Inside the Four-Month Espionage Campaign by Suspected Chinese Threat Actors
January 16, 2025
In mid-2024, a large U.S. organization with sizeable operations in China was targeted by a persistent attack thought to originate from Chinese actors. The reported intrusion lasted four months, from April to August, with the…
Read More >
Cloak ransomware Halcyon
Cloak Ransomware: The Rising Threat with Advanced Disruption Techniques
January 15, 2025
The Cloak ransomware group emerged in late 2022 and has quickly become a major cybersecurity threat. By targeting small- to medium-sized businesses (SMBs) across Europe and Asia, Cloak has made a significant impact with its…
Read More >
Subscribe for the Latest News
Webinars
Scaling Code Security for Builders Beyond Developer-First
Register Now
Cyber Resilience in Action: How IBM and Index Engines Deliver a Detection-to-Recovery Pipeline
Register Now
Passwordless Authentication: A Practical Approach to Modernizing Access
Register Now