⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains…
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog with four new…
Microsoft rolls out revamped Windows Insider Program
Microsoft says it's rolling out a revamped Windows Insider Program experience as part of the broader plans to address reliability concerns in…
Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts
Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence…
The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks
Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out…
⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware
Another week in cybersecurity. Another week of "you've got to be kidding me." Attackers were busy. Defenders were busy. And somewhere in the…
Expert Recommends: Prepare for PQC Right Now
Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall into…
Identity Prioritization isn't a Backlog Problem – It's a Risk Math Problem
Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control…
⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More
Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the…
From Exposure to Exploitation: How AI Collapses Your Response Window
We’ve all seen this before: a developer deploys a new cloud workload and grants overly broad permissions just to keep the sprint moving.…
Helpful Skills or Hidden Payloads? Bitdefender Labs Dives Deep into the OpenClaw Malicious Skill Trap
With hundreds of malicious OpenClaw skills blending in among legitimate ones, manually reviewing every script or command isn’t realistic…
U.S. Treasury Lifts Sanctions on Three Individuals Linked to Intellexa and Predator Spyware
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the Intellexa…
⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More
Last week's cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust…
Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code
Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a "security incident"…
⚡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More
Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They're going after the everyday tools we trust…
Gainsight Expands Impacted Customer List Following Salesforce Security Alert
Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously thought.…
⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More
This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS…
ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising
The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact…
ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More
Criminals don’t need to be clever all the time; they just follow the easiest path in: trick users, exploit stale components, or abuse…
Windows BitLocker Vulnerabilities Let Attackers Bypass Security Feature
Microsoft has disclosed two critical vulnerabilities in its Windows BitLocker encryption feature, allowing attackers with physical access to…
Weekly Recap: WhatsApp Worm, Critical CVEs, Oracle 0-Day, Ransomware Cartel & More
Every week, the cyber world reminds us that silence doesn't mean safety. Attacks often begin quietly — one unpatched flaw, one…
In Defense of Good Bots: Good Bots Exist, But Only When We Build Them That Way
The word “bot” doesn’t have the best reputation right now. You hear it and think of election manipulation, fake social media…
Windows 11 23H2 Home and Pro reach end of support in 30 days
Microsoft has reminded customers again today that systems running Home and Pro editions of Windows 11 23H2 will stop receiving security…
Copilot on Windows can now connect to email, create Office docs
Microsoft has upgraded its AI-powered Copilot digital assistant to generate Office documents and to connect to Outlook and Gmail email…
How Chief Technology Officers Can Stay Ahead of Complex Threat Actor Tactics
Cyberattacks are becoming increasingly complex because organizations are more interconnected than ever before while threat actors are better…
Met Police Arrest Two Teens in Connection with Kido Attack
Two teenaged boys have been arrested following a cyber-attack and attempted extortion of a London nursery group, the Metropolitan Police has…
Microsoft kills more Microsoft Account bypasses in Windows 11
Microsoft is removing more methods that help users create local Windows accounts and bypass the Microsoft account requirement when installing…
Google's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch Them
Google’s DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically…
CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief
Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity's agentic AI browser Comet by…
AI on the Frontlines: How Agentic AI is Revolutionizing Cyber Defense
Quick Summary: AI agents enable security teams to surge ahead of the most advanced threats using automated decision-making, real…
$50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections
A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the…
Learning from the Inevitable
The talent shortage in cybersecurity continues to persist. Just last year, research showed a cybersecurity market gap of 85 workers…
Ransomware gang sought BBC reporter’s help in hacking media giant
Threat actors claiming to represent the Medusa ransomware gang tempted a BBC correspondent to become an insider threat by offering a…
DLL Hijacking Flaw (CVE-2025-56383) Found in Notepad++, Allowing Arbitrary Code Execution, PoC Available
A newly disclosed in Notepad++ v8.8.3 has been assigned CVE-2025-56383. The , rated CVSS 6.5, allows attackers to hijack Notepad++’s DLL…
Microsoft’s new AI feature will organize your photos automatically
Microsoft has begun testing a new AI-powered feature in Microsoft Photos, designed to categorize photos automatically on Windows 11 systems.…
New LockBit Ransomware Variant Emerges as Most Dangerous Yet
Trend Micro has identified a new LockBit ransomware variant that is “significantly more dangerous” than previous versions and is being…
Living Security Unveils HRMCon 2025 Speakers as Report Finds Firms Detect Just 19% of Human Risk
Austin / TX, United States, September 25th, 2025, CyberNewsWire Living Security, a global leader in Human Risk Management (HRM), today…
The Threat of Privilege Abuse in Active Directory
In early 2024, the BlackCat ransomware attack against Change Healthcare caused massive disruption across the U.S. healthcare sector. It later…
SpyCloud Report: 2/3 Orgs Extremely Concerned About Identity Attacks Yet Major Blind Spots Persist
Austin, Texas, USA, September 23rd, 2025, CyberNewsWire New SpyCloud 2025 Identity Threat Report reveals dangerous disconnect between…
Microsoft lifts Windows 11 update block after face detection fix
Microsoft has removed a compatibility hold that prevented devices with integrated cameras from installing Windows 11 24H2 due to a face…
How the U.S. Can Strengthen Its Cyber Defenses Against Nation-State Threats
The American power grid is not just the backbone of modern life. It’s a high-value target in our new era of geopolitical conflict. As…
Palo Alto Networks Acknowledges SquareX Research on Limitations of SWGs Against Last Mile Reassembly Attacks
Palo Alto, California, September 18th, 2025, CyberNewsWire SquareX first discovered and disclosed Last Mile Reassembly attacks at DEF CON 32…