AI is everywhere now, transforming how businesses operate and how users engage with apps, devices, and services. A lot of applications now have some Artificial Intelligence inside, whether supporting a chat interface, intelligently analyzing data or matching user preferences. No question AI benefits users, but it also brings new security challenges, especially Identity-related security
Google Pays Out $55,000 Bug Bounty for Chrome Vulnerability
Google has released a Chrome 133 update to address four high-severity vulnerabilities reported by external researchers.
The post Google Pays Out $55,000 Bug Bounty for Chrome Vulnerability appeared first on SecurityWeek.
Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software
Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass.
The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box.
“An authentication bypass in the Palo Alto Networks PAN-OS software enables an
The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box.
“An authentication bypass in the Palo Alto Networks PAN-OS software enables an
FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux
Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts.
The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707. Some of the other targets include a telecommunications entity and a university,
The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707. Some of the other targets include a telecommunications entity and a university,
zkLend loses $9.5M in crypto heist, asks hacker to return 90%
Decentralized money lender zkLend suffered a breach where threat actors exploited a smart contract flaw to steal 3,600 Ethereum, worth $9.5 million at the time. […]
Surge in attacks exploiting old ThinkPHP and ownCloud flaws
Increased hacker activity has been observed in attempts to compromise poorly maintained devices that are vulnerable to older security issues from 2022 and 2023. […]
Italian Government Denies It spied on Journalists and Migrant Activists Using Paragon Spyware
The Italian government denied it hacked seven cellphones with military-grade surveillance technology from Paragon Solutions.
The post Italian Government Denies It spied on Journalists and Migrant Activists Using Paragon Spyware appeared first on SecurityWeek.
QuSecure Banks $28M Series A for Post-Quantum Cryptography Tech
QuSecure is pitching a software-based security architecture that overlays onto current networks to help businesses with PQC migration.
The post QuSecure Banks $28M Series A for Post-Quantum Cryptography Tech appeared first on SecurityWeek.
Sarcoma ransomware claims breach at giant PCB maker Unimicron
A relatively new ransomware operation named ‘Sarcoma’ has claimed responsibility for an attack against the Unimicron printed circuit boards (PCB) maker in Taiwan. […]
DPRK hackers dupe targets into typing PowerShell commands as admin
North Korean state actor ‘Kimsuky’ (aka ‘Emerald Sleet’ or ‘Velvet Chollima’) has been observed using a new tactic inspired from the now widespread ClickFix campaigns. […]