SecurityHungry.com - Cybersecurity News and Updates
Browser Security Firm SquareX Raises $20 Million
<p>SquareX offers what it has dubbed a “Browser Detection and Response (BDR)” solution.</p><p>The post <a href="https://www.securityweek.com/browser-security-firm-squarex-raises-20-million/">Browser Security Firm SquareX Raises $20 Million</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures
North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process."In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry—BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co)—to spread
Mobile Applications: A Cesspool of Security Issues
An analysis of more than a half-million mobile apps find encryption problems, privacy issues, and known vulnerabilities in third-party code. What can users and developers do?
Windows 11's Recall AI is now rolling out on Copilot+ PCs
Microsoft has confirmed that Windows Recall is rolling out to everyone with Windows 11 KB5055627 on Copilot+ PCs. [...]
Windows 11 KB5055627 update released with 30 new changes, fixes
Microsoft has released the KB5055627 preview cumulative update for Windows 11 24H2 with many new features gradually rolling out, and some new bug fixes for everyone. [...]
New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework
Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. "The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue," ReliaQuest said in a report published this week.The cybersecurity
Why NHIs Are Security's Most Dangerous Blind Spot
When we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt. But lurking beneath the surface is a growing threat that does not involve human credentials at all, as we witness the exponential growth of Non-Human Identities (NHIs). At the top of mind when NHIs are mentioned, most security teams immediately think of Service Accounts.
Craft CMS RCE exploit chain used in zero-day attacks to steal data
Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. [...]
Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers
Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions.The vulnerabilities, flagged by cybersecurity vendor OPSWAT, are listed below -CVE-2025-27610 (CVSS score: 7.5) - A path traversal
DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks
Cybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS).The malware, along with a web shell, were "installed by exploiting a zero-day vulnerability at that time, CVE-2025-0282, during attacks against organizations in Japan around December 2024," JPCERT/CC researcher Yuma
Former Google Cloud CISO Phil Venables Joins Ballistic Ventures
<p>Venables has served as CISO and security executive across several large organizations, including Google Cloud, Goldman Sachs, Deutsche Bank.</p><p>The post <a href="https://www.securityweek.com/former-google-cloud-ciso-phil-venables-joins-ballistic-ventures/">Former Google Cloud CISO Phil Venables Joins Ballistic Ventures</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
How Organizations Can Leverage Cyber Insurance Effectively
By focusing on prevention, education, and risk transfer through insurance, organizations — especially SMEs — can protect themselves from the rapidly escalating threats of cyberattacks.
Lattica Emerges From Stealth With FHE Platform for AI
<p>Lattica has raised $3.25 million in pre-seed funding for a platform that uses FHE to enable AI models to process encrypted data. </p><p>The post <a href="https://www.securityweek.com/lattica-emerges-from-stealth-with-fhe-platform-for-ai/">Lattica Emerges From Stealth With FHE Platform for AI</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat
<p>Mandiant’s latest threat report shows how attackers adapt faster than defenses, shifting strategies toward credential theft and insider threats.</p><p>The post <a href="https://www.securityweek.com/m-trends-2025-state-sponsored-it-workers-emerge-as-new-global-threat/">M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
Vehicles Face 45% More Attacks, 4 Times More Hackers
Two kinds of attacks are in high gear: ransomware attacks against OEMs and compromised electric vehicle chargers, according to data from Q1 2025.
Inside the Verizon 2025 DBIR: Five Trends That Signal a Shift in the Cyber Threat Economy
<p>With over 12,000 breaches analyzed, this year’s DBIR reveals a landscape shaped by not just individual threats, but by entire economies of compromise.</p><p>The post <a href="https://www.securityweek.com/inside-the-verizon-2025-dbir-five-trends-that-signal-a-shift-in-the-cyber-threat-economy/">Inside the Verizon 2025 DBIR: Five Trends That Signal a Shift in the Cyber Threat Economy</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
Phishing Kit Darcula Gets Lethal AI Upgrade
Recently added artificial intelligence capabilities on the Chinese-language Darcula phishing-as-a-service platform make phishing attacks easy for even the least technical hackers.
Scamnetic Raises $13 Million to Prevent Scams in Real Time
<p>AI-powered threat protection startup Scamnetic has raised $13 million in a Series A funding round led by Roo Capital.</p><p>The post <a href="https://www.securityweek.com/scamnetic-raises-13-million-to-prevent-scams-in-real-time/">Scamnetic Raises $13 Million to Prevent Scams in Real Time</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
Manifest Raises $15 Million for SBOM Management Platform
<p>Software and AI supply chain transparency firm Manifest has raised $15 million in a Series A funding round led by Ensemble VC.</p><p>The post <a href="https://www.securityweek.com/manifest-raises-15-million-for-sbom-management-platform/">Manifest Raises $15 Million for SBOM Management Platform</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>
In Other News: Prison for Disney Hacker, MITRE ATT&CK v17, Massive DDoS Botnet
<p>Noteworthy stories that might have slipped under the radar: former Disney employee sent to prison for hacking, MITRE releases ATT&CK v17, DDoS botnet powered by 1.3 million devices.</p><p>The post <a href="https://www.securityweek.com/in-other-news-prison-for-disney-hacker-mitre-attck-v17-massive-ddos-botnet/">In Other News: Prison for Disney Hacker, MITRE ATT&CK v17, Massive DDoS Botnet</a> appeared first on <a href="https://www.securityweek.com">SecurityWeek</a>.</p>