Hill ASC Inc.’s $14.75 million settlement with the U.S. Department of Justice closes a five-year saga in which the Rockville-based contractor allegedly billed agencies for “highly adaptive” cybersecurity support it was never qualified to deliver. Investigators say Hill’s pitch hinged…
Tag: EN
Security shop Adarma ceases trading, confirms it will enter administration
Former staffers of struggling UK biz say they don’t expect to be paid for July UK cybersecurity shop Adarma has confirmed it has entered administration.… This article has been indexed from The Register – Security Read the original article: Security…
Former US Soldier Who Hacked AT&T and Verizon Pleads Guilty
Cameron John Wagenius pleaded guilty to charges related to hacking into US telecommunications companies. The post Former US Soldier Who Hacked AT&T and Verizon Pleads Guilty appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Co-op Aims to Divert More Young Hackers into Cyber Careers
The Co-op is teaming up with The Hacking Games to inspire pathways into ethical cybersecurity careers This article has been indexed from www.infosecurity-magazine.com Read the original article: Co-op Aims to Divert More Young Hackers into Cyber Careers
IoT Security Firm Exein Raises $81 Million
Italian company Exein has raised €70 million (~$81 million) in a Series C funding round led by Balderton. The post IoT Security Firm Exein Raises $81 Million appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Google AI “Big Sleep” Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act
Google on Tuesday revealed that its large language model (LLM)-assisted vulnerability discovery framework discovered a security flaw in the SQLite open-source database engine before it could have been exploited in the wild. The vulnerability, tracked as CVE-2025-6965 (CVSS score: 7.2),…
Chinese engineers at Pentagon, HazyBeacon malware, MITRE framework: AADAPT
Pentagon welcomes Chinese engineers into its environment HazyBeacon: It’s not a beer, but it leaves a bitter aftertaste What the world needs now is another framework Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust…
Former U.S. Army Member Pleads Guilty in Telecom Hacking Case
A 21-year-old former U.S. Army soldier has pleaded guilty to participating in a sophisticated cybercrime operation that targeted telecommunications companies through hacking, data theft, and extortion schemes. Cameron John Wagenius, who was stationed in Texas during his military service, admitted…
Octalyn Stealer Steals VPN Configurations, Passwords and Cookies in Structured Folders
A sophisticated new credential stealer disguised as a legitimate forensic toolkit has emerged on GitHub, targeting sensitive user data including VPN configurations, browser credentials, and cryptocurrency wallet information. The Octalyn Stealer, first identified in July 2025, presents itself as an…
VMware ESXi and Workstation Vulnerabilities Let Attackers Execute Malicious Code on Host
Multiple severe vulnerabilities have been addressed affecting VMware ESXi, Workstation, Fusion, and Tools that could allow attackers to execute malicious code on host systems. The vulnerabilities, identified as CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, and CVE-2025-41239, carry CVSS scores ranging from 6.2 to…
Iranian Threat Actors Attacking U.S. Critical Infrastructure Including Water Systems
Iranian cyber operatives have intensified their assault on American critical infrastructure, with Intelligence Group 13 emerging as a primary threat actor targeting water treatment facilities, electrical grids, and industrial control systems across the United States. The group, operating under the…
Chrome Update Patches Fifth Zero-Day of 2025
Google has released a Chrome 138 security update that patches a zero-day, the fifth resolved in the browser this year. The post Chrome Update Patches Fifth Zero-Day of 2025 appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Cybersecurity Today: GPU Vulnerabilities, Microsoft’s Security Overhaul, and Major Flaws in Automotive Bluetooth
In this episode hosted by Jim Love, ‘Cybersecurity Today’ celebrates its recognition as number 10 on the Feed Spot list of Canadian News Podcasts and approaches a milestone of 10 million downloads. Key topics include new research identifying Nvidia GPUs…
Meme Crimes – Can You Conspire By Meme?
Can a person be convicted of a federal conspiracy solely by posting misleading political memes online, without ever having communicated or knowingly coordinated with their alleged co-conspirators? The post Meme Crimes – Can You Conspire By Meme? appeared first on…
Node.js Vulnerabilities Leave Windows Apps Vulnerable to Path Traversal and HashDoS
The Node.js project has released critical security updates across multiple release lines to address two high-severity vulnerabilities that pose significant risks to Windows applications and could enable denial-of-service attacks. The vulnerabilities, identified as CVE-2025-27210 and CVE-2025-27209, affect active Node.js release…
Google Chrome 0-Day Vulnerability Under Active Exploitation
Google has released an emergency security update for Chrome 138 to address a critical zero-day vulnerability that is actively being exploited in the wild. The vulnerability, tracked as CVE-2025-6558, affects the browser’s ANGLE and GPU components and has prompted immediate…
VMware ESXi and Workstation Vulnerabilities Allow Host-Level Code Execution
Broadcom disclosed four critical vulnerabilities in VMware’s virtualization suite on July 15, 2025, enabling attackers to escape virtual machines and execute code directly on host systems. The flaws, discovered through the Pwn2Own competition, affect ESXi, Workstation, Fusion, and VMware Tools…
BaitTrap – 17,000+ Fake News Websites Caught Promoting Investment Frauds
A massive network of fraudulent news websites has been uncovered, with cybersecurity researchers identifying over 17,000 Baiting News Sites (BNS) across 50 countries orchestrating sophisticated investment fraud schemes. These malicious platforms masquerade as legitimate news outlets, publishing fabricated stories featuring…
North Korean Hackers Weaponized 67 Malicious npm Packages to Deliver XORIndex Malware
North Korean threat actors have escalated their software supply chain attacks with the deployment of 67 malicious npm packages that collectively garnered over 17,000 downloads before detection. This latest campaign represents a significant expansion of the ongoing “Contagious Interview” operation,…
Real-world numbers for estimating security audit costs
At the end of Star Wars: A New Hope, Luke Skywalker races through the Death Star trench, hearing the ghostly voice of Obi-Wan Kenobi telling him to trust him. Luke places blind trust in an intangible energy that surrounds him,…