SecureWorld News

FEBRUARY 26, 2025

On February 21, 2025, the cryptocurrency world was rocked by the largest crypto heist in history. Dubai-based exchange Bybit was targeted in a malware-driven attack that resulted in the theft of approximately $1.46 billion in crypto assets. With investigators rapidly tracing the digital breadcrumbs, several experts have now pointed to North Korea's notorious Lazarus Group as the likely culprit behind the audacious breach.

Hacking 95

Hacking Cryptocurrency Cyber threats Malware 95

Security Affairs

FEBRUARY 26, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Partner Center and Synacor Zimbra Collaboration Suitevulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Authentication 101

Authentication Hacking Risk Cybersecurity 101

Krebs on Security

FEBRUARY 26, 2025

A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S. government officials searched online for non-extradition countries and for an answer to the question “can hacking be treason?” prosecutors in the case said Wednesday. The government disclosed the details in a court motion to keep the defendant in custody until he is discharged from the military.

Hacking 283

Hacking Government Identity Theft Accountability 283

Schneier on Security

FEBRUARY 26, 2025

Last month, the UK government demanded that Apple weaken the security of iCloud for users worldwide. On Friday, Apple took steps to comply for users in the United Kingdom. But the British law is written in a way that requires Apple to give its government access to anyone, anywhere in the world. If the government demands Apple weaken its security worldwide, it would increase everyone’s cyber-risk in an already dangerous world.

Computers and Electronics 274

Computers and Electronics Encryption Government Engineering 274

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. The research found a sharp rise in mobile phishing attacks, with cybercriminals moving away from traditional email scams in favor of SMS-based attacks.

Phishing 69

Phishing Mobile Social Engineering Data breaches 69

Security Affairs

FEBRUARY 26, 2025

Researchers found an updated LightSpy spyware with enhanced data collection features targeting social media platforms like Facebook and Instagram. Cybersecurity researchers at Hunt.io have found an updated version of the LightSpy spyware that supports an expanded set of data collection features to target social media platforms like Facebook and Instagram.

Data collection 103

Data collection Spyware Media Surveillance 103

Security Affairs

FEBRUARY 26, 2025

A Ghostwriter campaign using a new variant of PicassoLoader targets opposition activists in Belarus, and Ukrainian military and government organizations. SentinelLABS observed a new Ghostwriter campaign targeting Belarusian opposition activists and Ukrainian military and government entities with a new variant of PicassoLoader. The campaign has been active since late 2024, threat actors used weaponized Microsoft Excel documents as lures.

Government 67

Government Cyber threats Phishing Malware 67

SecureList

FEBRUARY 26, 2025

Q4 2024 saw fewer published exploits for Windows and Linux compared to the first three quarters. Although the number of registered vulnerabilities continued to rise, the total number of Proof of Concept (PoC) instances decreased compared to 2023. Among notable techniques in Q4, attackers leveraged undocumented RPC interfaces and targeted the Windows authentication mechanism.

Software 58

Software Authentication System Administration Malware 58

Malwarebytes

FEBRUARY 26, 2025

Last week it was reported that alawsuit has been initiated against gaming giant Roblox and leading messaging platform Discord. The court actioncharging them with thefacilitation of child predators and misleading parents into believing the platforms are safe to use for their childrencenters around a 13-year-old plaintiff who was targeted by a predator on these platforms.

Risk 136

Risk Cybersecurity 136

Penetration Testing

FEBRUARY 26, 2025

A new and highly sophisticated threat actor, LARVA-208, also known as EncryptHub, has been launching targeted spear-phishing attacks The post EncryptHub Exposed: 600+ Targets Hit by LARVA-208 appeared first on Cybersecurity News.

Phishing 67

Phishing Cybersecurity Ransomware 67

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Malwarebytes

FEBRUARY 26, 2025

Sometimes the updates we install to keep our devices safe do a little bit more than we might suspect at first glance. Take the October 2024 Android Security Bulletin. It included a new service called Android System SafetyCore. If you can find a mention of that in the security bulletin, youre a better reader then I am. It wasnt until a few weeks later, when a Google security blog titled 5 new protections on Google Messages to help keep you safe revealed that one of the new protections was designe

Artificial Intelligence 134

Artificial Intelligence Encryption Manufacturing Risk 134

eSecurity Planet

FEBRUARY 26, 2025

Our cybersecurity expert discusses why officials are warning that unencrypted messaging apps are vulnerable to hacking, surveillance and cyberattacks. Explore the risks of popular apps and why switching to encrypted alternatives is crucial. Take control of your data and protect your privacy before its too late! The post US Officials Recommend Using Encrypted Apps for Messaging appeared first on eSecurity Planet.

Encryption 101

Encryption Surveillance Hacking Risk 101

Security Boulevard

FEBRUARY 26, 2025

Lock Out Hackers: Why Every School Needs Strong Passwords We recently hosted a live webinar to help kick off 2025, encouraging you to strengthen your school districts cybersecurity and online safety systems. This webinar featured two expert K-12 guest panelists: Skip Cooley, Director of Technology at Clinton School District, and Tyler Derickson, Cybersecurity & Systems.

Passwords 57

Passwords Technology Cybersecurity Education 57

Tech Republic Security

FEBRUARY 26, 2025

Ransomware groups now steal, encrypt, and threaten to leak company data on the dark web, forcing victims to pay or risk exposing sensitive information.

Ransomware 197

Ransomware Encryption Risk Artificial Intelligence 197

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

The Hacker News

FEBRUARY 26, 2025

Universities and government organizations in North America and Asia have been targeted by a previously undocumented Linux malware called Auto-Color between November and December 2024, according to new findings from Palo Alto Networks Unit 42.

Malware 132

Malware Government 132

Tech Republic Security

FEBRUARY 26, 2025

SonicWalls 2025 Annual Threat Report noted the U.S. healthcare sector and Latin America were targeted by cybercriminals.

Healthcare 123

Healthcare Threat Reports Artificial Intelligence Ransomware 123

The Hacker News

FEBRUARY 26, 2025

More than a year's worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented visibility into their tactics and internal conflicts among its members.

Ransomware 117

Ransomware 117

Zero Day

FEBRUARY 26, 2025

Amazon's AI-powered Alexa Plus won't be available for all Echo devices when the enhanced virtual assistant begins rolling out in the coming weeks.

114

114

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

The Hacker News

FEBRUARY 26, 2025

The U.S. Federal Bureau of Investigation (FBI) formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company's CEO Ben Zhou declared a "war against Lazarus.

Hacking 114

Hacking Cryptocurrency 114

Zero Day

FEBRUARY 26, 2025

By leveraging the power of Rust, ExpressVPN is setting a new standard for speed, security, and adaptability in VPN protocols.

VPN 114

VPN 114

The Hacker News

FEBRUARY 26, 2025

Passwords are rarely appreciated until a security breach occurs; suffice to say, the importance of a strong password becomes clear only when faced with the consequences of a weak one. However, most end users are unaware of just how vulnerable their passwords are to the most common password-cracking methods.

Passwords 105

Passwords 105

Zero Day

FEBRUARY 26, 2025

Amazon held its Devices and Services event today, during which it made some major announcements. Here's what you can expect from the new Alexa+.

114

114

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

FEBRUARY 26, 2025

A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale.

104

104

Zero Day

FEBRUARY 26, 2025

The clock is ticking for Kindle users. After February 2025, a long-standing feature disappears. Here's why it matters.

111

111

The Hacker News

FEBRUARY 26, 2025

Organizations today face relentless cyber attacks, with high-profile breaches hitting the headlines almost daily. Reflecting on a long journey in the security field, its clear this isnt just a human problemits a math problem. There are simply too many threats and security tasks for any SOC to manually handle in a reasonable timeframe. Yet, there is a solution.

Cyber Attacks 101

Cyber Attacks 101

Zero Day

FEBRUARY 26, 2025

Thanks to Samsung's sweet trade-in offers, you can declutter your tech drawer and upgrade to the latest Samsung health wearable -- the Galaxy Ring.

111

111

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

FEBRUARY 26, 2025

The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday warned of renewed activity from an organized criminal group it tracks as UAC-0173 that involves infecting computers with a remote access trojan named DCRat (aka DarkCrystal RAT). The Ukrainian cybersecurity authority said it observed the latest attack wave starting in mid-January 2025.

Cybersecurity 95

Cybersecurity 95

Zero Day

FEBRUARY 26, 2025

Apple left MagSafe out of its latest budget handset, but you can still add it with these simple solutions.

111

111

GlobalSign

FEBRUARY 26, 2025

The GlobalSign blog is the top resource to see what's trending in public key infrastructure (PKI), SSL/TSL, digital signing solutions, cybersecurity & more!

Cybersecurity 95

Cybersecurity 95

Zero Day

FEBRUARY 26, 2025

It's one of the simplest ways to remove your personal information online.

104

104

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!