Vehicles Face 45% More Attacks, 4 Times More Hackers

Two kinds of attacks are in high gear: ransomware attacks against OEMs and compromised electric vehicle chargers, according to data from Q1 2025.

darkreading – ​Read More

Inside the Verizon 2025 DBIR: Five Trends That Signal a Shift in the Cyber Threat Economy

With over 12,000 breaches analyzed, this year’s DBIR reveals a landscape shaped by not just individual threats, but by entire economies of compromise.

The post Inside the Verizon 2025 DBIR: Five Trends That Signal a Shift in the Cyber Threat Economy appeared first on SecurityWeek.

SecurityWeek – ​Read More

Data breach at Connecticut’s Yale New Haven Health affects over 5 million

Yale New Haven Health is Connecticut’s largest healthcare provider.

Security News | TechCrunch – ​Read More

South Korean Companies Targeted by Lazarus via Watering Hole Attacks, Zero-Days

Multiple South Korean organizations across industries have been targeted in a recent Lazarus campaign dubbed Operation SyncHole.

The post South Korean Companies Targeted by Lazarus via Watering Hole Attacks, Zero-Days appeared first on SecurityWeek.

SecurityWeek – ​Read More

In Other News: Prison for Disney Hacker, MITRE ATT&CK v17, Massive DDoS Botnet

Noteworthy stories that might have slipped under the radar: former Disney employee sent to prison for hacking, MITRE releases ATT&CK v17, DDoS botnet powered by 1.3 million devices.

The post In Other News: Prison for Disney Hacker, MITRE ATT&CK v17, Massive DDoS Botnet appeared first on SecurityWeek.

SecurityWeek – ​Read More

How to prevent your streaming device from tracking your viewing habits (and why it makes a difference)

Your Fire Stick, Roku, and other streaming devices collect your personal data for various reasons. If you’re uncomfortable with that, here’s how to get peace of mind.

Latest stories for ZDNET in Security – ​Read More

SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers

Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. 
“The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue,” ReliaQuest said in a report published this week.
The cybersecurity

The Hacker News – ​Read More

Why NHIs Are Security’s Most Dangerous Blind Spot

When we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt. But lurking beneath the surface is a growing threat that does not involve human credentials at all, as we witness the exponential growth of Non-Human Identities (NHIs). 
At the top of mind when NHIs are mentioned, most security teams immediately think of Service Accounts.

The Hacker News – ​Read More

RSA Conference 2025 – Pre-Event Announcements Summary (Part 2) 

Hundreds of companies are showcasing their products and services next week at the 2025 edition of the RSA Conference in San Francisco.

The post RSA Conference 2025 – Pre-Event Announcements Summary (Part 2)  appeared first on SecurityWeek.

SecurityWeek – ​Read More

Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers

Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions.
The vulnerabilities, flagged by cybersecurity vendor OPSWAT, are listed below –

CVE-2025-27610 (CVSS score: 7.5) – A path traversal

The Hacker News – ​Read More