Cybersecurity News Hero

Combing the world for the cybersecurity stories you need to know.

Cybersecurity News
PDF mishing mobile phishing
Cybercriminals Exploit Vulnerabilities in Mobile Phishing Campaign
February 07, 2025
Phishing has been a tried-and-true cyberattack tactic for decades, as it allows threat actors to adapt and expand their methods to take advantage of different technologies and evade many cybersecurity measures. Recent years have seen…
Read More >
Gravatar cloud credential harvesting
Cloud App Impersonations and the Rise of Sophisticated Credential Harvesting
February 04, 2025
There are no safe spaces on the internet. Cybercriminals will exploit any and every opportunity to launch attacks. This has been demonstrated again by researchers at SlashNext, who have uncovered a new credential harvesting campaign.…
Read More >
Sophos mobile access appliance
Critical Flaw Puts Secure Mobile Access Appliances at Risk
February 04, 2025
SonicWall has issued an urgent warning about a newly discovered zero-day vulnerability, CVE-2025-23006, in its Secure Mobile Access (SMA) 1000 Series appliances. This flaw leaves affected devices open to full system compromise, enabling attackers to…
Read More >
Arcus Media ransomware Halcyon
Arcus Media: The Rising Ransomware Threat Redefining Modern Cybersecurity Defenses
January 29, 2025
Ransomware continues to evolve as one of today’s most formidable cyber threats. Cybercriminals continue to refine their tactics to inflict the most damage possible and, ultimately, increase the likelihood of a ransom payment. Over the…
Read More >
AppLite Trojan Zimperium
Dream Jobs or Digital Traps? AppLite Trojan Attacks Mobile Job Seekers
January 28, 2025
Finding a good job is difficult. This is why cybercriminals use job recruitment offers to trick people into downloading malicious Android mobile applications pretending to be job application software. Zimperium’s zLabs uncovered a new variant…
Read More >
FCC cybersecurity telecommunications
FCC Proposes Cybersecurity Mandate to Combat Advanced Threats
January 22, 2025
In response to a recent rise in foreign and state-sponsored attacks threatening critical communications infrastructure, FCC Chairwoman Jessica Rosenworcel has proposed a new mandate to protect communications systems. Technological advances and geopolitical conflict contribute to…
Read More >
Web 8989999 1280
The Expanding Reach of Chinese Cyber Espionage in U.S. Telecommunications
January 21, 2025
A recent wave of cyberespionage has exposed the vulnerabilities of U.S. telecommunications networks. Dubbed "Salt Typhoon" by Microsoft, this campaign, attributed to Chinese hackers, infiltrated at least eight major telecommunications companies, including AT&T and Verizon.…
Read More >
VSPC Veeam vulnerabilities
Critical Flaws in Veeam Service Provider Console Demand Urgent Action
January 17, 2025
Veeam, a provider of data replication and protection software, released critical security patches to fix severe vulnerabilities affecting its Service Provider Console (VSPC). One of the vulnerabilities is rated as critical (9.9/10 on the CVSS…
Read More >
China-based threat actors
Inside the Four-Month Espionage Campaign by Suspected Chinese Threat Actors
January 16, 2025
In mid-2024, a large U.S. organization with sizeable operations in China was targeted by a persistent attack thought to originate from Chinese actors. The reported intrusion lasted four months, from April to August, with the…
Read More >
Cloak ransomware Halcyon
Cloak Ransomware: The Rising Threat with Advanced Disruption Techniques
January 15, 2025
The Cloak ransomware group emerged in late 2022 and has quickly become a major cybersecurity threat. By targeting small- to medium-sized businesses (SMBs) across Europe and Asia, Cloak has made a significant impact with its…
Read More >
Black Basta ransomware
The Evolution of Black Basta’s Ransomware Tactics
January 14, 2025
Ransomware continues to evolve as one of the most significant threats in the entire cybersecurity landscape, and not surprisingly, the industry is now seeing an increase in the total number of ransomware groups. Recent research…
Read More >
CISA CWE Top 25 vulnerabilities
Breaking Down the 2024 CWE Top 25: Addressing the Most Dangerous Software Weaknesses
January 10, 2025
A new year is a time for reflection. Looking at what happened in the prior year and setting goals for the future year. This applies to all activities, including software weaknesses. The Cybersecurity and Infrastructure…
Read More >
Rockstar 2FA MFA phishing
Rockstar 2FA: The New Face of Phishing-as-a-Service and MFA Exploitation
January 08, 2025
Phishing-as-a-service (PhaaS) has turned phishing from a niche skill into a scalable, accessible business model. Rockstar 2FA, a new entrant in this market, takes things further by employing adversary-in-the-middle (AiTM) techniques to bypass multi-factor authentication…
Read More >
Geico Travelers insurance data breach fraud
Geico and Travelers Fined $11M for Data Breaches
January 08, 2025
In November, Geico and Travelers were fined a combined $11 million for data breaches that exposed the personal information of more than 120,000 individuals and contributed to COVID-19 fraud. The New York Office of the…
Read More >
CVE-2014-2120 Cisco ASA vulnerability
Cisco ASA Vulnerability Resurfaces as Active Threat
January 07, 2025
A security vulnerability from ten years ago has recently been exploited in the wild again: CVE-2014-2120, first recognized in March 2014, is a vulnerability in Cisco Adaptive Security Appliance’s (ASA) WebVPN login page. In November…
Read More >
DocuSign API security phishing scam
DocuSign Impersonation Attacks Exploit Trust in Government Communications
January 02, 2025
DocuSign is the centerpiece of an alarming new wave of phishing scams. These schemes mimic communications from government agencies, such as state licensing boards and municipal offices, preying on the trust businesses place in these…
Read More >
SLED cyber resilience
US SLED Leaders Struggle to Find Balance Between Innovation and Risk
December 30, 2024
Managed security service provider LevelBlue has released the 2024 LevelBlue Futures Report: Cyber Resilience in U.S. State and Local Government and Higher Education (SLED), exploring the state of cyber resilience in U.S. SLED institutions. The…
Read More >
needrestart Ubuntu Linux
Decade-Old Vulnerabilities in Ubuntu's 'needrestart' Utility Exposed
December 29, 2024
“How did I not see that?” is the refrain when something new is discovered after the fifth watching of a movie. Software security vulnerability researchers also have those moments. For over a decade, five critical…
Read More >
Subscribe for the Latest News
Webinars
Is Your Security Built for Today’s World?
Register Now
Cloud Ransomware Tabletop: Unpacking an Attack from Detection to Recovery
Register Now
The 4 Levels of Cloud Cyber Resilience: Where Does Your Organization Stand?
Register Now