Security

Third-party attacks emerged as a significant driver of material financial losses from cyber incidents in 2024, according to cyber risk management firm Resilience. Third-party risks made up 31% of all client insurance claims and 23% of material losses last year. This marks a significant change from 2023, when no third-party claims led to material losses

A new ransomware attack by DragonForce has targeted organizations in Saudi Arabia. The attack, which affected a prominent Riyadh-based real estate and construction firm, resulted in the exfiltration of over 6TB of sensitive data. According to a new advisory by Resecurity, threat actors first announced the breach on February 14, 2025, demanding ransom before publishing

A growing reliance on APIs has fueled security concerns, with nearly all organizations (99%) reporting API-related security issues in the past year. According to the Q1 2025 State of API Security Report by Salt Security, the rapid expansion of API ecosystems—driven by cloud migration, platform integration and data monetization—is outpacing security measures and exposing organizations

In 2024, cyber-criminals have launched attacks within 48 hours of discovering a vulnerability, with 61% of hackers using new exploit code in this short timeframe. Companies faced an average of 68 days of critical cyber-attacks, while ransomware remained the most significant threat. The healthcare industry was particularly affected, with ransomware responsible for 95% of all

A critical security vulnerability in Essential Addons for Elementor has been identified, potentially impacting over two million WordPress websites. The flaw, a reflected cross-site scripting (XSS) vulnerability, was discovered due to insufficient validation of the popup-selector query argument, allowing malicious scripts to be executed. The issue, tracked with CVE-2025-24752, was first uncovered by Patchstack Alliance researcher

Netherlands-based threat intelligence firm Prodaft revealed on February 20 that internal chatlogs from the BlackBasta ransomware gang have been leaked online. BlackBasta is a ransomware strain that was first detected in April 2022. Early on, cyber threat intelligence experts assessed that the members of the group behind the ransomware were associated with other top-tier ransomware

California-based Health Net Federal Services (HNFS), a subsidiary of St Louis-based Centene Corporation, has reached an agreement to pay $11,253,400 to resolve allegations of false cybersecurity compliance certifications. According to the US Department of Justice (DoJ), the false cybersecurity certifications were used to comply with requirements in a US Department of Defense (DoD) contract to

Chinese state-sponsored hackers, Salt Typhoon, used the JumbledPath utility in their attacks against US telecommunication providers to stealthily monitor network traffic and potentially steal sensitive data, a new Cisco report revealed. In the report published by Cisco Talos on February 20, the researchers confirmed Salt Typhoon gained access to core networking infrastructure through Cisco devices

A new malware campaign targeting freelance developers has been using deceptive job advertisements to trick them into downloading malicious software disguised as legitimate tools. The campaign primarily spreads through GitHub repositories and relies on freelancers’ eagerness to secure remote work opportunities. The attackers pose as reputable companies, offering freelance developers attractive job opportunities. To make

A critical vulnerability in the Jupiter X Core WordPress plugin, used on over 90,000 websites, has been identified by security researchers. The flaw, discovered on January 6, allows attackers with contributor privileges or higher to upload malicious SVG files and execute remote code on vulnerable servers. The issue (CVE-2025-0366) has been given a CVSS score

Two significant security vulnerabilities in networking utility OpenSSH have been uncovered by security researchers. These flaws, identified as CVE-2025-26465 and CVE-2025-26466, pose risks of man-in-the-middle (MitM) and denial-of-service (DoS) attacks. The vulnerabilities, reported by the Qualys Security Advisory team, have prompted the release of OpenSSH 9.9p2, which addresses these issues. Details of the Vulnerabilities CVE-2025-26465:

A pro-Russia hacker group, NoName057(16), has launched a wave of DDoS (distributed denial-of-service) attacks targeting key Italian organizations.  Early on Monday, the group disrupted the websites of major airports in Milan, including Linate and Malpensa, as well as the Transport Authority, the Intesa San Paolo bank and the ports of Taranto and Trieste. The attacks were

Chinese-linked espionage tools have been deployed in a ransomware attack, highlighting possible new links between China nation-state activity and cybercrime. Symantec researchers observed the connection while analyzing a ransomware attack against an Asian software and services company in November 2024. This attack resulted in the network’s machines being encrypted with the RA World ransomware, with

The UK’s AI Safety Institute has rebranded to the AI Security Institute as the government shifts its AI strategy to focus on serious AI risks with security implications, including malicious cyber-attacks, cyber fraud and other cybercrimes. The UK Technology Secretary Peter Kyle announced the pivot at the Munich Security Conference, three days after the AI Action Summit

Multiple Russian nation-state actors are targeting sensitive Microsoft 365 accounts via device code authentication phishing, a new analysis by Volexity has revealed. The firm first observed this activity towards the end of January 2025, when the M365 account of one of its customers was successfully compromised in a highly targeted attack. The technique is more

A new alert from the US Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) has outlined strategies to eliminate buffer overflow vulnerabilities in software. Part of the Secure by Design Alert series, the report published on Wednesday emphasizes using memory-safe programming languages and other secure development practices to prevent these defects, which are

The UK government-backed Digital Security by Design (DSbD) initiative must succeed to systematically address rising cyber risks to the nation, according to the National Cyber Security Centre’s (NCSC) CTO, Ollie Whitehouse. Whitehouse made the remarks during an event showcasing the technological advances from the ambitious program, which aims to secure the underlying computer hardware used

A 25-year-old Alabama man has pleaded guilty to charges related to the January 2024 hacking of the US Securities and Exchange Commission’s (SEC) X (formerly Twitter) account. This incident briefly caused a spike in the value of Bitcoin. Eric Council Jr., of Athens, Alabama, admitted in court to conspiring with others to gain unauthorized access

A newly uncovered cyber campaign has been observed exploiting Internet Information Services (IIS) vulnerabilities to distribute malware known as BadIIS. The attack, affecting several Asian countries, manipulates search engine optimization (SEO) results to redirect users to illegal gambling sites or malicious servers. Widespread Impact and Financial Motivation According to Trend Micro’s findings, the attack is financially

Over half (58%) of large UK financial services firms suffered at least one third-party supply chain attack in 2024, according to a study by Orange Cyberdefense. Nearly a quarter (23%) of these companies were hit three or more times by third-party attacks. The research identified significant gaps in financial services third-party risk management strategies. Close

Researchers at Reversing Labs have discovered two malicious machine learning (ML) models available on Hugging Face, the leading hub for sharing AI models and applications. While these models contain malicious code, they were not flagged as “unsafe” by Hugging Face’s security scanning mechanisms. The Reversing Labs researchers saw that these malicious models exploit a novel

Most GDPR enforcement actions by the UK’s Information Commissioner’s Office (ICO) were against public sector organizations in 2024, an analysis by URM Consulting has revealed. A total of 27 UK public sector entities faced actions under the GDPR, compared to just four private companies. The actions took a range of forms, including fines, reprimands and

A global law enforcement effort has led to the arrest of two suspected leaders of an extremist online group accused of grooming and coercing minors into acts of violence and sexual exploitation. Authorities in the US arrested the individuals on January 30 as part of a broader Europol-coordinated crackdown on “The Com” organization, an international

A new phishing campaign orchestrated by the financially motivated threat group UAC-0006 has been discovered targeting customers of PrivatBank, Ukraine’s largest state-owned financial institution. Cybersecurity analysts from CloudSEK identified an ongoing attack that employs password-protected archives containing malicious JavaScript, VBScript or LNK files to evade detection. Attack Methods and Payloads UAC-0006 has been observed deploying

A new malware strain, ELF/Sshdinjector.A!tr, has been linked to the DaggerFly espionage group and used in the Lunar Peek campaign to target Linux-based network appliances. Its primary function is data exfiltration. How the Malware Works Uncovered by cybersecurity researchers at FortiGuard Labs, the malware operates using multiple binaries that work together to infect a system: Dropper: Checks if

A hidden backdoor function embedded in the firmware of the Contec CMS8000 patient monitor has been identified by the US Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability, which includes a hard-coded IP address and the potential for unauthorized access to patient data, exists in all analyzed versions of the device’s firmware. The Contec CMS8000

R1, the latest large language model (LLM) from Chinese startup DeepSeek, is under fire for multiple security weaknesses. The company’s spotlight on the performance of its reasoning LLM has also brought scrutiny. A handful of security research reports released in late January have highlighted flaws in the model. Additionally, the LLM critically underperforms in a

Tata Technologies Limited, a subsidiary of the Indian conglomerate Tata Group, has been the victim of a ransomware attack affecting some of its IT assets. The publicly traded company informed the Bombay Stock Exchange (BSE) of the attack in a January 31 letter. The tech giant temporarily suspended some IT services as a precaution, but

Threat actors are increasing their focus on exploiting public-facing applications to achieve initial access, according to Cisco Talos’ Incident Response Trends in Q4 2024 report. The exploitation of public-facing applications was the most common method of gaining initial access in Q4 2024, making up 40% of incidents. The researchers said this marked a “notable shift”

Google Play has blocked 2.36 million policy-violating apps from being published and banned 158,000 developer accounts associated with harmful activities in 2024. More than 92% of Google’s human reviews for harmful apps are now AI-assisted, the tech giant said in a new report released on Wednesday. This allows faster and more accurate detection, helping prevent malicious apps from reaching