Geolocation is the invisible attack vector. From Stuxnet to today’s APTs, malware now lies dormant until it hits the right place—turning location data into a weapon. Acronis’ TRU explains why defenses must evolve beyond VPNs and perimeter controls. […]
Cato Networks Acquires AI Security Firm Aim Security
Founded in 2022 to help organizations with the secure deployment of generative-AI utilities, Aim emerged from stealth in January 2024.
The post Cato Networks Acquires AI Security Firm Aim Security appeared first on SecurityWeek.
Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure
Threat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI to exploit recently disclosed security flaws.
HexStrike AI, according to its website, is pitched as an AI‑driven security platform to automate reconnaissance and vulnerability discovery with an aim to accelerate authorized red teaming operations, bug bounty hunting,
HexStrike AI, according to its website, is pitched as an AI‑driven security platform to automate reconnaissance and vulnerability discovery with an aim to accelerate authorized red teaming operations, bug bounty hunting,
Hacker Conversations: McKenzie Wark, Author of A Hacker Manifesto
Known for her seminal book, A Hacker Manifesto, Wark reframes hacking as a cultural force rooted in play, creativity, and human nature.
The post Hacker Conversations: McKenzie Wark, Author of A Hacker Manifesto appeared first on SecurityWeek.
CISA, NSA and 19 International Partners Release Shared Vision of Software Bill of Materials for Cybersecurity Guide
CISA, NSA, and 19 international partners release a shared vision of Software Bill of Materials (SBOM) highlighting the importance of SBOM in securing global supply chains & enhancing software resilience worldwide.
Detecting Data Leaks Before Disaster
In January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive log streams at risk.
According to the Wiz Research team, they identified a publicly accessible ClickHouse database belonging to DeepSeek. This allowed “full control over database operations, including the ability to access
According to the Wiz Research team, they identified a publicly accessible ClickHouse database belonging to DeepSeek. This allowed “full control over database operations, including the ability to access
Pennsylvania Attorney General Confirms Ransomware Behind Weeks-Long Outage
Attack disrupted email, phones, and websites for weeks, but officials say no ransom was paid.
The post Pennsylvania Attorney General Confirms Ransomware Behind Weeks-Long Outage appeared first on SecurityWeek.
Android Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under Attack
Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two issues that it said have been exploited in targeted attacks.
The vulnerabilities are listed below –
The vulnerabilities are listed below –
CVE-2025-38352 (CVSS score: 7.4) – A privilege escalation flaw in the Linux Kernel component
CVE-2025-48543 (CVSS score: N/A) – A
Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting Diplomats
An Iran-nexus group has been linked to a “coordinated” and “multi-wave” spear-phishing campaign targeting the embassies and consulates in Europe and other regions across the world.
The activity has been attributed by Israeli cybersecurity company Dream to Iranian-aligned operators connected to broader offensive cyber activity undertaken by a group known as Homeland Justice.
“Emails were sent to
The activity has been attributed by Israeli cybersecurity company Dream to Iranian-aligned operators connected to broader offensive cyber activity undertaken by a group known as Homeland Justice.
“Emails were sent to
Jaguar Land Rover Operations ‘Severely Disrupted’ by Cyberattack
British automobile manufacturer Jaguar Land Rover (JLR) is scrambling to restore applications and operations that were impacted by a cyberattack. In a brief notice on Tuesday, the company said it disconnected its systems, which severely impacted both retail and manufacturing operations. “JLR has been impacted by a cyber incident. We took immediate action to mitigate […]
The post Jaguar Land Rover Operations ‘Severely Disrupted’ by Cyberattack appeared first on SecurityWeek.