PCA Cyber Security has discovered critical vulnerabilities in the BlueSDK Bluetooth stack that could have allowed remote code execution on car systems. The post Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack appeared first on SecurityWeek.
Attacks that leverage malicious open-source packages are becoming a major and growing threat. This type of attacks currently seems commonplace, with reports of infected packages in repositories like PyPI or npm appearing almost daily. It would seem that increased scrutiny from researchers on these repositories should have long ago minimizedRead More »Code highlighting with Cursor AI for $500,000
Generative AI is not arriving with a bang, it’s slowly creeping into the software that companies already use on a daily basis. Whether it is video conferencing or CRM, vendors are scrambling to integrate AI copilots and assistants into their SaaS applications. Slack can now provide AI summaries of chatRead More »What Security Leaders Need to Know About AI Governance for SaaS
AI-made decisions are in many ways shaping and governing human lives. Companies have a moral, social, and fiduciary duty to responsibly lead its take-up. The post What Can Businesses Do About Ethical Dilemmas Posed by AI? appeared first on SecurityWeek.
Cybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via trojanized versions of legitimate software. SentinelOne, in a new report shared with The Hacker News, said the malware has been observed masquerading as the cross‑platform SSH client and server‑management toolRead More »New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App
Semiconductor company AMD is warning of a new set of vulnerabilities affecting a broad range of chipsets that could lead to information disclosure. The flaws, collectively called Transient Scheduler Attacks (TSA), manifest in the form of a speculative side channel in its CPUs that leverage execution timing of instructions underRead More »AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs
AI-powered MDR provider AirMDR has raised $15.5 million in funding (seed and infusion investment) to support its R&D efforts. The post AirMDR Raises $15.5 Million for MDR Solution appeared first on SecurityWeek.
A high-severity security flaw has been disclosed in ServiceNow’s platform that, if successfully exploited, could result in data exposure and exfiltration. The vulnerability, tracked as CVE-2025-3648 (CVSS score: 8.2), has been described as a case of data inference in Now Platform through conditional access control list (ACL) rules. It hasRead More »ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs
The Initial Access Broker (IAB) known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized access to organizations and peddle that access to other threat actors. The activity is being tracked by Palo Alto Networks Unit 42 under the moniker TGR-CRI-0045,Read More »Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets
A threat actor based in Pakistan (APT36) has engaged in a sophisticated cyber-espionage campaign.
