Cyber Security News


  • U.K. orders Apple to let it spy on users’ encrypted accounts

    February 7, 2025

    Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post. The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not ...

  • Cisco Releases Security Advisories for Multiple Products

    February 6, 2025

    Cisco has released nine security advisories addressing multiple vulnerabilities, including one critical and two high severity advisories affecting Cisco Identity Services Engine (ISE), Cisco NX-OS, Cisco Expressway, Cisco IOS, Cisco IOS XE, Cisco IOS XR, Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance. The critical vulnerability affects Cisco ISE and Cisco ISE ...

  • Engineer IMI becomes latest British firm to be hit by cyber attack

    February 6, 2025

    Engineering group IMI confirmed it had been hit by a cyber attack just a week after rival Smiths Group said hackers had gained access to its global systems. Birmingham-headquartered IMI declined to disclose what data had been accessed in the attack, but systems in a number of its locations globally are understood to have been hit. IMI ...

  • Google Lifts Self-Imposed Ban on Using AI for Weapons and Surveillance

    February 5, 2025

    Google dropped a pledge not to use artificial intelligence for weapons and surveillance systems on Tuesday. And it’s just the latest sign that Big Tech is no longer concerned with the potential blowback that can come when consumer-facing tech companies get big, lucrative contracts to develop police surveillance tools and weapons of war. Google came under ...

  • Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers

    February 5, 2025

    Taiwanese hardware maker Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities affecting potentially thousands of customers. Threat intelligence startup GreyNoise warned late last month that a critical-rated zero-day vulnerability impacting Zyxel routers was being actively exploited. GreyNoise said the flaws allow attackers to execute arbitrary commands on affected devices, ...

  • Grubhub confirms data breach, both drivers and customers are affected

    February 4, 2025

    Grubhub, the food delivery service, has been hacked. On Monday, the company confirmed a data breach that affects both its drivers and customers. According to Grubhub, the malicious actor was able to gain entry into its systems via a third-party vendor that provides services for Grubhub’s support team. The hacker was able to access private information connected ...

  • Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst

    February 4, 2025

    ELF/Sshdinjector.A!tr is a collection of malware that can be injected into the SSH daemon. Samples of this malware collection surfaced around mid-November 2024. While Fortinet researchers have a good amount of threat intelligence on them (e.g., they are attributed to the DaggerFly espionage group and were used during the Lunar Peek campaign against network appliances), nobody ...

  • Spyware maker Paragon confirms US government is a customer

    February 4, 2025

    Israeli spyware maker Paragon Solutions confirmed to TechCrunch that it sells its products to the U.S. government and other unspecified allied countries. Paragon’s executive chairman John Fleming said in a statement to TechCrunch on Tuesday that “Paragon licenses its technology to a select group of global democracies — principally, the United States and its allies.” Fleming ...

  • Deloitte to provide Rhode Island $5 million toward data breach aftermath expense

    February 4, 2025

    Deloitte will provide Rhode Island with $5 million to go toward paying expenses related to the RIBridges data breach that took place in December of 2024. Separately, Deloitte will also cover the cost of the data breach call center, credit monitoring for affected Rhode Islanders and identity protection, according to a statement from Rhode Island Governor ...

  • CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks

    February 4, 2025

    In September, 2024 the Zero Day Initiative (ZDI) Threat Hunting team identified the exploitation of a 7-Zip zero-day vulnerability used in a SmokeLoader malware campaign targeting Ukrainian entities. The vulnerability, CVE-2025-0411, was disclosed to 7-Zip creator Igor Pavlov, leading to the release of a patch in version 24.09 on November 30, 2024. CVE-2025-0411 allows the bypassing ...