Sorted by date:
Another cutting-edge tool from 2024 is Nebula, an open-source AI-powered penetration testing assistant. If PentestGPT is like an AI advisor, Nebula attempts to automate parts of the pentest process itself
The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. [...]
A Windows NTLM vulnerability patched in March has been exploited in attacks targeting government and private institutions. The post Fresh Windows NTLM Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Your employees didn’t mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AI-enhanced tool. Integrated a chatbot into Salesforce. No big deal—until it is. If this sounds familiar, you're not alone. Most security teams are already behind in detecting how AI tools are quietly reshaping their SaaS environments. And
Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States. "From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence," Cisco Talos researcher Joey Chen said in a Thursday analysis.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure
Noteworthy stories that might have slipped under the radar: 4chan hacked, auto-reboot security feature coming to Android, Iranian administrator of Nemesis charged in US. The post In Other News: 4chan Hacked, Android Auto-Reboot, Nemesis Admin Charged appeared first on SecurityWeek.
Data protection firm Cy4Data Labs has raised $10 million in a Series A funding round led by Pelion Venture Partners. The post Cy4Data Labs Raises $10 Million to Secure Data in Use appeared first on SecurityWeek.
Legends International says the personal information of employees and customers was compromised as a result of a cyberattack. The post Events Giant Legends International Hacked appeared first on SecurityWeek.
Ahold Delhaize has confirmed that data was stolen from its systems in November 2024 after a ransomware group claimed the attack. The post Ahold Delhaize Confirms Data Stolen in Ransomware Attack appeared first on SecurityWeek.