61% of Organizations Experienced Insider Breaches
61% of organizations faced insider file breaches in the last two years.
How to Close the AI Governance Gap in Software Development
Widespread adoption of AI coding tools accelerates development—but also introduces critical vulnerabilities that demand stronger governance and oversight. The post How to Close the AI Governance Gap in Software Development appeared first on SecurityWeek.
TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations
The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan known as CastleRAT. “Available in both Python and C variants, CastleRAT’s core functionality consists of collecting system information, downloading and executing additional payloads, and executing commands via CMD and PowerShell,” RecordedRead More »TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations
Academics Build AI-Powered Android Vulnerability Discovery and Validation Tool
Called A2, the framework mimics human analysis to identify vulnerabilities in Android applications and then validates them. The post Academics Build AI-Powered Android Vulnerability Discovery and Validation Tool appeared first on SecurityWeek.
FireCompass Raises $20 Million for Offensive Security Platform
The AI-powered automated penetration testing firm will invest the new funds in R&D, team expansion, and global scale. The post FireCompass Raises $20 Million for Offensive Security Platform appeared first on SecurityWeek.
In Other News: Scammers Abuse Grok, US Manufacturing Attacks, Gmail Security Claims Debunked
Noteworthy stories that might have slipped under the radar: Google fined €325 million, City of Baltimore sent $1.5 million to scammer, Bridgestone targeted in cyberattack. The post In Other News: Scammers Abuse Grok, US Manufacturing Attacks, Gmail Security Claims Debunked appeared first on SecurityWeek.
WhatsApp Flaw Added to CISA’s Known Exploited Vulnerabilities Catalog
CISA has announced the addition of two vulnerabilities to its Known Exploited Vulnerabilities catalog.
GPT-4o-mini Falls for Psychological Manipulation
Interesting experiment: To design their experiment, the University of Pennsylvania researchers tested 2024’s GPT-4o-mini model on two requests that it should ideally refuse: calling the user a jerk and giving directions for how to synthesize lidocaine. The researchers created experimental prompts for both requests using each of seven different persuasionRead More »GPT-4o-mini Falls for Psychological Manipulation
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month. “SAP S/4HANA allows an attacker with userRead More »SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
North Korean Hackers Targeted Hundreds in Fake Job Interview Attacks
The hackers were seen actively monitoring cyber threat intelligence to discover and rebuild exposed infrastructure. The post North Korean Hackers Targeted Hundreds in Fake Job Interview Attacks appeared first on SecurityWeek.