State websites and phone lines were taken offline, but officials say emergency services and personal data remain unaffected. The post Nevada State Offices Closed Following Disruptive Cyberattack appeared first on SecurityWeek.
Competition among malware-as-a-service developers has transformed infostealers into refined, accessible tools for cybercriminals worldwide. The post Infostealers: The Silent Smash-and-Grab Driving Modern Cybercrime appeared first on SecurityWeek.
Zero-day exploited in the wild forces Citrix and CISA to push emergency patch deadlines for federal agencies. The post Citrix Patches Exploited NetScaler Zero-Day appeared first on SecurityWeek.
Proof-of-concept ransomware uses AI models to generate attack scripts in real time. The post PromptLock: First AI-Powered Ransomware Emerges appeared first on SecurityWeek.
Employees are experimenting with AI at record speed. They are drafting emails, analyzing data, and transforming the workplace. The problem is not the pace of AI adoption, but the lack of control and safeguards in place. For CISOs and security leaders like you, the challenge is clear: you don’t wantRead More »The 5 Golden Rules of Safe AI Adoption
Nice indirect prompt injection attack: Bargury’s attack starts with a poisoned document, which is shared to a potential victim’s Google Drive. (Bargury says a victim could have also uploaded a compromised file to their own account.) It looks like an official document on company meeting policies. But inside the document,Read More »We Are Still Unable to Secure LLMs from Malicious Inputs
Vulnerability registrations in Q2 2025 proved to be quite dynamic. Vulnerabilities that were published impact the security of nearly every computer subsystem: UEFI, drivers, operating systems, browsers, as well as user and web applications. Based on our analysis, threat actors continue to leverage vulnerabilities in real-world attacks as a meansRead More »Exploits and vulnerabilities in Q2 2025
A widespread data theft campaign has allowed hackers to breach sales automation platform Salesloft to steal OAuth and refresh tokens associated with the Drift artificial intelligence (AI) chat agent. The activity, assessed to be opportunistic in nature, has been attributed to a threat actor tracked by Google Threat Intelligence GroupRead More »Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data
Cybersecurity researchers have discovered five distinct activity clusters linked to a persistent threat actor known as Blind Eagle between May 2024 and July 2025. These attacks, observed by Recorded Future Insikt Group, targeted various victims, but primarily within the Colombian government across local, municipal, and federal levels. The threat intelligenceRead More »Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra
Citrix has released fixes to address three security flaws in NetScaler ADC and NetScaler Gateway, including one that it said has been actively exploited in the wild. The vulnerabilities in question are listed below – CVE-2025-7775 (CVSS score: 9.2) – Memory overflow vulnerability leading to Remote Code Execution and/or Denial-of-ServiceRead More »Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775
