Aggregator

You must login to view this content

Intel has filed a federal lawsuit against a former employee accused of downloading thousands of classified documents shortly after being terminated, raising serious concerns about corporate data security and insider threats. Jinfeng Luo, a software developer who has worked at Intel since 2014, was based in Seattle when the company notified him of his pending […]

The post Fired Intel Engineer Stolen 18,000 Files, Many of which Were Classified as “Top Secret” appeared first on Cyber Security News.

The Cybersecurity and Information Sharing Act of 2015 would go from expired to extended through Jan. 30.

The post Cyber information sharing law would get extension under shutdown deal bill appeared first on CyberScoop.

Encryption can protect data at rest and data in transit, but does nothing for data in use. What we have are secure enclaves. I’ve written about this before:

Almost all cloud services have to perform some computation on our data. Even the simplest storage provider has code to copy bytes from an internal storage system and deliver them to the user. End-to-end encryption is sufficient in such a narrow context. But often we want our cloud providers to be able to perform computation on our raw data: search, analysis, AI model training or fine-tuning, and more. Without expensive, esoteric techniques, such as secure multiparty computation protocols or homomorphic encryption techniques that can perform calculations on encrypted data, cloud servers require access to the unencrypted data to do anything useful...

The post New Attacks Against Secure Enclaves appeared first on Security Boulevard.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2025-21042 Samsung Mobile Devices Out-of-Bounds Write Vulnerability  

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Each day without reauthorization erodes the trust, coordination, and shared visibility that have underpinned the resilience of America’s most critical systems.

The post CISA’s expiration leaves a dangerous void in US cyber collaboration appeared first on CyberScoop.

Threat actors are systematically compromising Outlook and Google mailboxes with alarming success, leveraging sophisticated techniques that sidestep traditional email defenses entirely. According to VIPRE’s Q3 2025 Email Threat Report, over 90% of phishing attacks specifically target these two dominant email ecosystems, representing a calculated strategic shift by attackers seeking to maximize impact while minimizing operational […]

The post Threat Actors Attacking Outlook and Google Bypassing Traditional Email Defenses appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The manufacturing sector faces an escalating threat landscape as cybercriminals increasingly exploit cloud-based platforms and artificial intelligence services to conduct sophisticated attacks. A comprehensive analysis by Netskope Threat Labs reveals that approximately 22 out of every 10,000 manufacturing users encounter malicious content monthly, marking a significant rise in targeted campaigns specifically designed to compromise industrial […]

The post New Report Warns of Threat Actors Actively Adopting AI Platforms to Attack Manufacturing Companies appeared first on Cyber Security News.