SecurityWeek

Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York for $2 million, trojanized RAT builder targets script kiddies.  

The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to North Korea.

CISA has added the JQuery flaw CVE-2020-11023, previously linked to APT1, to its Known Exploited Vulnerabilities (KEV) catalog.  

Four decades of student and educator information was stolen from PowerSchool – tens of millions are potentially affected.

Business resilience must be the ultimate purpose of all the security controls and processes we employ, because we will never conclusively defeat or protect ourselves from social engineering.

Pwn2Own Automotive 2025 has come to an end and participants have earned a total of $886,000 for exploits targeting EV chargers and infotainment systems.

Eclypsium warns that Palo Alto Networks firewalls are impacted by BIOS and bootloader flaws, but the vendor says users should not be concerned.

Conduent has confirmed suffering disruptions due to a cyberattack after government agencies reported service outages.

The continuing advance of AI brings the likelihood of effective, specific vulnerability-targeted new malware automatically produced in hours rather than days or weeks ever closer.

Security data pipeline management startup Axoflow has raised $7 million in a seed funding round led by EBRD Venture Capital.

A malicious campaign has been redirecting macOS users to a fake Homebrew website, infecting them with information stealer malware.

Hackers earned more than $700,000 on the first two days of Pwn2Own Automotive 2025 for EV charger and infotainment exploits.

Cisco has released patches for three vulnerabilities, including a critical privilege escalation bug and a DoS flaw for which exploit code exists.

SonicWall has credited Microsoft for reporting CVE-2025-23006, a critical remote command execution vulnerability possibly exploited in the wild.

NCC Group saw over 570 ransomware attacks in December 2024, the highest number since it started monitoring them in 2021. 

The US government shared exploit chains, IOCs and post-incident forensics data to help network defenders hunt for signs of Chinese hacking gangs.

The Trump administration has disbanded the Cyber Safety Review Board (CSRB), ending one of the few bright spots at CISA.

DryRun Security has raised $8.7 million in a seed funding round for its AI-powered application security solutions. 

Doti's platform uses AI to improve, automate, and streamline standard office and business processes across distributed and hybrid environments. 

Join Us in Shaping the Future of Supply Chain Security - Don’t miss this chance to be part of the conversation addressing one of the most pressing cybersecurity challenges .