<p>Co-founded by former MITRE experts, the startup will use the funding to accelerate product innovation and fuel company growth.</p><p>The post <a href="https://www.securityweek.com/tidal-cyber-raises-10-million-for-cti-and-adversary-behavior-platform/">Tidal Cyber Raises $10 Million for CTI and Adversary Behavior Platform</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, signaling the trend of threat actors constantly on the lookout for new ways to distribute malware and fly under the radar."The two npm packages abused smart contracts to conceal malicious
With the continued success of North Korea's IT worker scams, Asia-Pacific nations are working with private firms to blunt the scheme's effectiveness.
The notorious Russian state-sponsored hacking unit, also known as Fancy Bear, is abusing Microsoft Outlook for covert data exfiltration.
It's the equivalent of watching more than 9,350 full-length HD movies or streaming 7,480 hours of high-def video nonstop in less than a minute.
<p>Flaw allows attackers to reset and hijack TP-Link TL-WA855RE devices; CISA urges users to retire discontinued extenders.</p><p>The post <a href="https://www.securityweek.com/us-cybersecurity-agency-flags-wi-fi-range-extender-vulnerability-under-active-attack/">US Cybersecurity Agency Flags Wi-Fi Range Extender Vulnerability Under Active Attack</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
Threat actors are using Grok, X's built-in AI assistant, to bypass link posting restrictions that the platform introduced to reduce malicious advertising. [...]
Threat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI to exploit recently disclosed security flaws.HexStrike AI, according to its website, is pitched as an AI‑driven security platform to automate reconnaissance and vulnerability discovery with an aim to accelerate authorized red teaming operations, bug bounty hunting,
In January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive log streams at risk. According to the Wiz Research team, they identified a publicly accessible ClickHouse database belonging to DeepSeek. This allowed “full control over database operations, including the ability to access
While trawling Internet scan data for signs of compromised infrastructure, researchers found that asset owners may not know for years their devices had been hacked.
Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two issues that it said have been exploited in targeted attacks.The vulnerabilities are listed below -CVE-2025-38352 (CVSS score: 7.4) - A privilege escalation flaw in the Linux Kernel component CVE-2025-48543 (CVSS score: N/A) - A
An Iran-nexus group has been linked to a "coordinated" and "multi-wave" spear-phishing campaign targeting the embassies and consulates in Europe and other regions across the world.The activity has been attributed by Israeli cybersecurity company Dream to Iranian-aligned operators connected to broader offensive cyber activity undertaken by a group known as Homeland Justice."Emails were sent to
The U.S. Department of State is offering a reward of up to $10 million for information on three Russian Federal Security Service (FSB) officers involved in cyberattacks targeting U.S. critical infrastructure organizations on behalf of the Russian government. [...]
<p>Chrome's latest release addresses a high-severity use-after-free vulnerability in the V8 JavaScript engine that could be exploited for remote code execution.</p><p>The post <a href="https://www.securityweek.com/google-patches-high-severity-chrome-vulnerability-in-latest-update/">Google Patches High-Severity Chrome Vulnerability in Latest Update</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
Hackers are increasingly using a new AI-powered offensive security framework called HexStrike-AI in real attacks to exploit newly disclosed n-day flaws. [...]
The U.S. Department of Justice has sued toy maker Apitor Technology for allegedly allowing a Chinese third party to collect children's geolocation data without their knowledge and parental consent. [...]
<p>Founded in 2022 to help organizations with the secure deployment of generative-AI utilities, Aim emerged from stealth in January 2024.</p><p>The post <a href="https://www.securityweek.com/cato-networks-acquires-ai-security-firm-aim-security/">Cato Networks Acquires AI Security Firm Aim Security</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
A "sophisticated" attack that also exploits an Apple zero-day flaw is targeting a specific group of iPhone users, potentially with spyware.
Cloudflare on Tuesday said it automatically mitigated a record-setting volumetric distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps)."Over the past few weeks, we've autonomously blocked hundreds of hyper-volumetric DDoS attacks, with the largest reaching peaks of 5.1 Bpps and 11.5 Tbps," the web infrastructure and security company said in a post on X. "
The Alliance for Creativity and Entertainment (ACE) and Egyptian authorities have shut down Streameast, the world's largest illegal live sports streaming network, and arrested two people allegedly associated with the operation. [...]