PromptLock is only a prototype of LLM-orchestrated ransomware, but hackers already use AI in file encryption and extortion attacks. The post PromptLock Only PoC, but AI-Powered Ransomware Is Real appeared first on SecurityWeek.
A supply chain attack called GhostAction has enabled threat actors to steal secrets and exploit them. The post GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets appeared first on SecurityWeek.
The list of impacted cybersecurity firms has been expanded to include BeyondTrust, Bugcrowd, CyberArk, Cato Networks, JFrog, and Rubrik. The post Salesloft GitHub Account Compromised Months Before Salesforce Attack appeared first on SecurityWeek.
Researchers have discovered a sophisticated, convincing phishing campaign targeting PayPal users.
Just a few months after Elon Musk’s retreat from his unofficial role leading the Department of Government Efficiency (DOGE), we have a clearer picture of his vision of government powered by artificial intelligence, and it has a lot more to do with consolidating power than benefitting the public. Even so,Read More »AI in Government
The private repositories of hundreds of organizations were published publicly in the second phase of the Nx supply chain attack. The post Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack appeared first on SecurityWeek.
Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams, the challenge is not just keeping up with the news—it’s knowing which risks matter most right now. That’s what this digest is here for: a clear, simple briefing toRead More »⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More
When Attackers Get Hired: Today’s New Identity Crisis What if the star engineer you just hired isn’t actually an employee, but an attacker in disguise? This isn’t phishing; it’s infiltration by onboarding. Meet “Jordan from Colorado,” who has a strong resume, convincing references, a clean background check, even a digitalRead More »You Didn’t Get Phished — You Onboarded the Attacker
Canadian firm Wealthsimple says a data breach impacts the information of some customers, but accounts and funds remain secure. The post Fintech Firm Wealthsimple Says Supply Chain Attack Resulted in Data Breach appeared first on SecurityWeek.
Significant cybersecurity M&A deals announced by Accenture, CrowdStrike, F5, Okta, and SentinelOne. The post Cybersecurity M&A Roundup: 27 Deals Announced in August 2025 appeared first on SecurityWeek.
