The company has notified its customers of the incident roughly a week after a threat actor claimed the theft of 77GB of data from Iberia’s systems. The post Spanish Airline Iberia Notifies Customers of Data Breach appeared first on SecurityWeek.
The International Association of Cryptologic Research—the academic cryptography association that’s been putting conferences like Crypto (back when “crypto” meant “cryptography”) and Eurocrypt since the 1980s—had to nullify an online election when trustee Moti Yung lost his decryption key. For this election and in accordance with the bylaws of the IACR,Read More »IACR Nullifies Election Because of Lost Decryption Key
Names, Social Security numbers, ID numbers, and health information were stolen from a compromised email account. The post 146,000 Impacted by Delta Dental of Virginia Data Breach appeared first on SecurityWeek.
New research from CrowdStrike has revealed that DeepSeek’s artificial intelligence (AI) reasoning model DeepSeek-R1 produces more security vulnerabilities in response to prompts that contain topics deemed politically sensitive by China. “We found that when DeepSeek-R1 receives prompts containing topics the Chinese Communist Party (CCP) likely considers politically sensitive, the likelihoodRead More »Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs
More than 1.6 Tb of data allegedly stolen from Cox was made public by the hackers. The post Cox Confirms Oracle EBS Hack as Cybercriminals Name 100 Alleged Victims appeared first on SecurityWeek.
The FCC has chosen to end the telecommunications cyber rules enacted after the Salt Typhoon espionage campaign.
A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad. “The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access,” AhnLab Security Intelligence Center (ASEC) said in a report published last week. “TheyRead More »ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
The China-linked advanced persistent threat (APT) group known as APT31 has been attributed to cyber attacks targeting the Russian information technology (IT) sector between 2024 and 2025 while staying undetected for extended periods of time. “In the period from 2024 to 2025, the Russian IT sector, especially companies working asRead More »China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services
Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a new command-and-control (C2) platform called Matrix Push C2. “This browser-native, fileless framework leverages push notifications, fake alerts, and link redirects to target victims across operating systems,” Blackfog researcher Brenda RobbRead More »Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function thatRead More »CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
