DaVita has notified over 1 million individuals that their personal and health information was stolen in a ransomware attack. The post Over 1 Million Impacted by DaVita Data Breach appeared first on SecurityWeek.
On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizensRead More »Who Got Arrested in the Raid on the XSS Crime Forum?
ReVault vulnerabilities in the ControlVault3 firmware in Dell laptops could lead to firmware modifications or Windows login bypass. The post Flaws Expose 100 Dell Laptop Models to Implants, Windows Login Bypass appeared first on SecurityWeek.
As the volume and sophistication of cyber threats and risks grow, cybersecurity has become mission-critical for businesses of all sizes. To address this shift, SMBs have been urgently turning to vCISO services to keep up with escalating threats and compliance demands. A recent report by Cynomi has found that aRead More »AI Slashes Workloads for vCISOs by 68% as SMBs Demand More – New Report Reveals
Microsoft on Tuesday announced an autonomous artificial intelligence (AI) agent that can analyze and classify software without assistance in an effort to advance malware detection efforts. The large language model (LLM)-powered autonomous malware classification system, currently a prototype, has been codenamed Project Ire by the tech giant. The system “automatesRead More »Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools
Introduction In a recent incident response case in Brazil, we spotted intriguing new antivirus (AV) killer software that has been circulating in the wild since at least October 2024. This malicious artifact abuses the ThrottleStop.sys driver, delivered together with the malware, to terminate numerous antivirus processes and lower the system’sRead More »Driver of destruction: How a legitimate driver is being used to take down AV processes
Many companies are showcasing their products and services this week at the 2025 edition of the Black Hat conference in Las Vegas. The post Black Hat USA 2025 – Summary of Vendor Announcements (Part 2) appeared first on SecurityWeek.
Adobe has released urgent security updates to resolve two AEM Forms vulnerabilities for which proof-of-concept (PoC) code exists. The post Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC appeared first on SecurityWeek.
Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild. The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both rated 9.4 on the CVSS scoring system, have been described as management console command injection and remoteRead More »Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks carried out by a threat actor called UAC-0099 targeting government agencies, the defense forces, and enterprises of the defense-industrial complex in the country. The attacks, which leverage phishing emails as an initial compromise vector, are used toRead More »CERT-UA Warns of HTA-Delivered C# Malware Attacks Using Court Summons Lures
