Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Drivers core; - Ext4 file system; - JFS file system; - Network namespace; - CAIF protocol; - Networking core; - IPv6 networking; (CVE-2024-56658, CVE-2021-47119, CVE-2024-56600, CVE-2021-47122, CVE-2021-47483, CVE-2024-56595)  ( 4 min )

Harri K. Koskinen discovered that XZ Utils incorrectly handled the threaded xz decoder. If a user or automated system were tricked into processing an xz file, a remote attacker could use this issue to cause XZ Utils to crash, resulting in a denial of service, or possibly execute arbitrary code.  ( 4 min )

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-21400) Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CV…  ( 8 min )

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - SMB network file system; - Network namespace; - Networking core; (CVE-2024-26928, CVE-2024-56658, CVE-2024-35864, CVE-2024-57798)  ( 4 min )

It was discovered that GnuPG incorrectly handled importing keys with certain crafted subkey data. If a user or automated system were tricked into importing a specially crafted key, a remote attacker may prevent users from importing other keys in the future.  ( 4 min )

It was discovered that OpenVPN incorrectly handled certain malformed packets. A remote attacker could possibly use this issue to cause OpenVPN to crash, resulting in a denial of service.  ( 4 min )

Overview PyTorch Lightning versions 2.4.0 and earlier do not use any verification mechanisms to ensure that model files are safe to load before loading them. Users of PyTorch Lightning should use caution when loading models from unknown or unmanaged sources. Description PyTorch Lightning, a high-level framework built on top of PyTorch, is designed to streamline deep learning model training, scaling, and deployment. PyTorch Lightning is widely used in AI research and production environments, often integrating with various cloud and distributed computing platforms to manage large-scale machine learning workloads. PyTorch Lightning contains multiple vulnerabilities related to the deserialization of untrusted data (CWE-502). These vulnerabilities arise from the unsafe use of torch.load(), which is used to deserialize model checkpoints, configurations, and sometimes metadata. While torch.load() provides an optional weights_only=True parameter to mitigate the risks of loading arbitrary code, PyTorch Lightning does not require or enforce this safeguard as a principal security requirement for the product. Kasimir Schulz of HiddenLayer identified and reported the following five vulnerabilities: The DeepSpeed integration in PyTorch Lightning loads optimizer states and model checkpoints without enforcing safe deserialization practices. It does not validate the integrity or origin of serialized data before passing it to torch.load(), allowing deserialization of arbitrary objects. The PickleSerializer class directly utilizes Python’s pickle module to handle data serialization and deserialization. Since pickle inherently allows execution of embedded code during deserialization, any untrusted or manipulated input processed by this class can introduce security risks. The _load_distributed_checkpoint component is responsible for handling distributed training checkpoints. It processes model state data across multiple nodes, but it does not include safeguards to verify or restrict the content being deserialized. The _lazy_load function is designed to defer loading of model components for efficiency. However, it does not enforce security controls on the serialized input, allowing for the potential deserialization of unverified objects. The Cloud_IO module facilitates storage and retrieval of model files from local and remote sources. It provides multiple deserialization pathways, such as handling files from disk, from remote servers, and from in-memory byte streams, without applying constraints on how the serialized data is interpreted. Impact A user could unknowingly load a malicious file from local or remote locations containing embedded code that executes within the system’s context, potentially leading to full system compromise. Solution To reduce the risk of deserialization-based vulnerabilities in PyTorch Lightning, users and organizations can implement the following mitigations at the system and operational levels: Verify that files to be loaded are from trusted sources and with valid signatures; Use Sandbox environments to prevent abuse of arbitrary commands when untrusted models or files are being used or tested; Perform static and dynamic analysis of files to be loaded to verify that the ensuing operations will remain restricted to the data processing needs of the environment; Disable unnecessary deserialization features by ensuring that torch.load() is always used with weights_only = True when the files to be loaded are model weights. We have not received a statement from Lightning AI at this time. Please check the Vendor Information section for updates as they become available. Acknowledgements Thanks to the reporter, Kasimir Schulz [kschulz@hiddenlayer.com] from HiddenLayer. Thanks to Matt Churilla for verifying the vulnerabilities. This document was written by Renae Metcalf, Vijay Sarvepalli, and Eric Hatleback.  ( 3 min )

The vendor had originally assessed the flaw as low risk but now says it is a critical issue that enables remote code execution.

CrushFTP CEO Ben Spink slammed several cybersecurity companies for creating confusion around a critical authentication bypass flaw that's currently under attack.

The malware, first discovered in 2016, has been updated over the years, and the latest version is now hiding in the firmware of counterfeit mobile phones.

Co-founders Michael Sutton and David Endler raised $32 million to invest in early stage cybersecurity startups as well as to provide mentoring support.

Polices that forbid employees from divulging company details are worthless if the same information can be obtained from sources employees have no control over.

With an increase in cyber-physical attacks that can cause significant disruptions, financial fallout and safety concerns for victim organizations, IT and OT security teams cannot keep working in silos.

Google addresses patch bypasses for CVE-2024-38272 and CVE-2024-38271, part of the previously announced "QuickShell" silent RCE attack chain against Windows users.

While Israel and Iranian proxies fight it out IRL, their conflict in cyberspace has developed in parallel. These days attacks have decelerated, but advanced in sophistication.

Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. "These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection," Microsoft said in a report shared with The

The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems. The new activity, assessed to be a continuation of the campaign, has been codenamed ClickFake Interview by

The rules have changed. Again. Artificial intelligence is bringing powerful new tools to businesses. But it's also giving cybercriminals smarter ways to attack. They’re moving quicker, targeting more precisely, and slipping past old defenses without being noticed. And here's the harsh truth: If your security strategy hasn’t evolved with AI in mind, you’re already behind. But you’re not alone—and

AI holds the promise to revolutionize all sectors of enterpriseーfrom fraud detection and content personalization to customer service and security operations. Yet, despite its potential, implementation often stalls behind a wall of security, legal, and compliance hurdles. Imagine this all-too-familiar scenario: A CISO wants to deploy an AI-driven SOC to handle the overwhelming volume of security

Cybersecurity researchers have disclosed details of a new vulnerability impacting Google's Quick Share data transfer utility for Windows that could be exploited to achieve a denial-of-service (DoS) or send arbitrary files to a target's device without their approval. The flaw, tracked as CVE-2024-10668 (CVSS score: 5.9), is a bypass for two of the 10 shortcomings that were originally disclosed by

Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada. "More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia," Kaspersky said in a report. The infections were recorded between March 13 and 27, 2025.  Triada is the

Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface (API) from payment processor Stripe to validate stolen payment information prior to exfiltration. "This tactic ensures that only valid card data is sent to the attackers, making the operation more efficient and potentially harder to detect," Jscrambler researchers Pedro

In one of the largest coordinated law enforcement operations, authorities have dismantled Kidflix, a streaming platform that offered child sexual abuse material (CSAM). "A total of 1.8 million users worldwide logged on to the platform between April 2022 and March 2025," Europol said in a statement. "On March 11, 2025, the server, which contained around 72,000 videos at the time, was seized by

Ivanti misdiagnoses a remote code execution vulnerability and Mandiant reports that Chinese hackers are launching in-the-wild exploits. The post Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances  appeared first on SecurityWeek.

An unauthenticated SQL injection vulnerability in Halo ITSM could have been exploited to read, modify, or insert data. The post Halo ITSM Vulnerability Exposed Organizations to Remote Hacking appeared first on SecurityWeek.

The notorious cybercrime group Hunters International is dropping ransomware to focus on data theft and extortion. The post Hunters International Ransomware Gang Rebranding, Shifting Focus appeared first on SecurityWeek.

Less than two dozen cybersecurity merger and acquisition (M&A) deals were announced in March 2025. The post Cybersecurity M&A Roundup: 23 Deals Announced in March 2025 appeared first on SecurityWeek.

GitHub has announced new capabilities to help organizations and developers keep secrets in their code protected. The post 39 Million Secrets Leaked on GitHub in 2024 appeared first on SecurityWeek.

Two CVEs now exist for an actively exploited CrushFTP vulnerability and much of the security industry is using the ‘wrong one’. The post Two CVEs, One Critical Flaw: Inside the CrushFTP Vulnerability Controversy appeared first on SecurityWeek.

Cisco fixes two high-severity denial-of-service vulnerabilities in Meraki devices and Enterprise Chat and Email. The post Vulnerabilities Expose Cisco Meraki and ECE Products to DoS Attacks appeared first on SecurityWeek.

Google’s patches for Quick Share for Windows vulnerabilities leading to remote code execution were incomplete and could be easily bypassed. The post Google Released Second Fix for Quick Share Flaws After Patch Bypass appeared first on SecurityWeek.

CISA released five Industrial Control Systems (ICS) advisories on April 3, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-093-01 Hitachi Energy RTU500 Series ICSA-25-093-02 Hitachi Energy TRMTracker ICSA-25-093-03 ABB ACS880 Drives Containing CODESYS RTS ICSA-25-093-04 ABB Low Voltage DC Drives and Power Controllers CODESYS RTS ICSA-25-093-05 B&R APROL CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.  ( 2 min )

Today, CISA—in partnership with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), and New Zealand’s National Cyber Security Centre (NCSC-NZ)—released joint Cybersecurity Advisory Fast Flux: A National Security Threat (PDF, 841 KB). This advisory warns organizations, internet service providers (ISPs), and cybersecurity service providers of the ongoing threat of fast flux enabled malicious activities and provides guidance on detection and mitigations to safeguard critical infrastructure and national security. “Fast flux” is a technique used to obfuscate the locations of malicious servers through rapidly changing Domain Name System (DNS) records associated with a single domain name. This threat exploits a gap commonly found in network defenses, making the tracking and blocking of malicious fast flux activities difficult. The authoring agencies strongly recommend adopting a multi-layered approach to detection and mitigation to reduce risk of compromise by fast flux-enabled threats. Service providers, especially Protective DNS providers (PDNS), should track, share information about, and block fast flux as part of their provided cybersecurity services. Government and critical infrastructure organizations should close this ongoing gap in network defenses by using cybersecurity and PDNS services that block malicious fast flux activity. For more information on PDNS services, see Selecting a Protective DNS Service.  ( 2 min )

If you’ve ever taken a computer security class, you’ve probably learned about the three legs of computer security—confidentiality, integrity, and availability—known as the CIA triad. When we talk about a system being secure, that’s what we’re referring to. All are important, but to different degrees in different contexts. In a world populated by artificial intelligence (AI) systems and artificial intelligent agents, integrity will be paramount. What is data integrity? It’s ensuring that no one can modify data—that’s the security angle—but it’s much more than that. It encompasses accuracy, completeness, and quality of data—all over both time and space. It’s preventing accidental data loss; the “undo” button is a primitive integrity measure. It’s also making sure that data is accurate when it’s collected—that it comes from a trustworthy source, that nothing important is missing, and that it doesn’t change as it moves from format to format. The ability to restart your computer is another integrity measure...  ( 12 min )

By using fake references and building connections with recruiters, some North Korean nationals are landing six-figure jobs that replenish DPRK coffers.

The IT service management and observability tools company acquired Squadcast last month and is adding the automated incident response platform to the SolarWinds portfolio.

While the House Committee on Government Reform was looking for retaliatory options, cybersecurity experts pointed them toward building better defenses.

Merchants and retailers will now face penalties for not being compliant with PCI DSS 4.0.1, and the increased security standards make it clear they cannot transfer compliance responsibility to third-party service providers.

The US military and law enforcement learned to outthink insurgents. It's time for cybersecurity to learn to outsmart and outmaneuver threat actors with the same framework.

Attackers target a familiar industry, law professionals, by hiding the infostealer in ads delivered via Google-based malvertising.

Transportation facilities and networks slowly adapt to changes and threats, leaving them vulnerable to agile cyberattackers, as demonstrated by the $10 million ransomware attack.

It was discovered that ruby-saml did not correctly handle XML parsing. An attacker could possibly use this issue to perform a signature wrapping attack and bypass authentication. (CVE-2025-25291 and CVE-2025-25292) It was discovered that ruby-saml did not correctly handle decompressing SAML responses. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-25293)  ( 4 min )

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; - Network namespace; - Networking core; (CVE-2024-56658, CVE-2024-35864, CVE-2024-26928)  ( 4 min )

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; - Network namespace; - Networking core; (CVE-2024-56658, CVE-2024-35864, CVE-2024-26928)  ( 4 min )

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - SMB network file system; - Network namespace; - Networking core; (CVE-2024-26928, CVE-2024-56658, CVE-2024-35864, CVE-2024-57798)  ( 4 min )

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - SMB network file system; - Network namespace; - Networking core; (CVE-2024-26928, CVE-2024-56658, CVE-2024-35864, CVE-2024-57798)  ( 4 min )

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - SMB network file system; - Network namespace; - Networking core; (CVE-2024-26928, CVE-2024-56658, CVE-2024-35864, CVE-2024-57798)  ( 5 min )

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Drivers core; - RAM backed block device driver; - Virtio block driver; - Data acquisition framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - ARM SCPI message protocol; - GPIO subsystem; - GPU drivers; - HID subsystem; - Microsoft Hyper-V drivers; - I3C subsystem; - IIO ADC …  ( 7 min )

It was discovered that InspIRCd did not correctly handle certificate fingerprints, which could lead to spoofing. A remote attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7142) It was discovered that InspIRCd did not correctly handle certain memory operations, which could lead to a NULL pointer dereference. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-20917) It was discovered that InspIRCd did not correctly handle certain memory operations, which could lead to a use-after-free. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-25269)  ( 4 min )

It was discovered that phpseclib did not correctly handle RSA PKCS#1 v1.5 signature verification. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-30130) It was discovered that phpseclib did not correctly handle certain characters in certain TLS fields, which could lead to name confusion. An attacker could possibly use this issue to bypass authentication. (CVE-2023-52892) It was discovered that phpseclib incorrectly limited the size of prime numbers generated by isPrime. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-27354) It was discovered that phpseclib did not correctly handle processing the ASN.1 object identifier of a certificate. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-27355)  ( 4 min )

Adaptive is pitching a security platform designed to replicate real-world attack scenarios through AI-generated deepfake simulations.  The post Serial Entrepreneurs Raise $43M to Counter AI Deepfakes, Social Engineering appeared first on SecurityWeek.

Vulnerabilities in open source ChatGPT alternative Jan AI expose systems to remote, unauthenticated manipulation. The post Vulnerabilities Expose Jan AI Systems to Remote Manipulation appeared first on SecurityWeek.

Cyberhaven bags $100 million in funding at a billion-dollar valuation, a sign that investors remain bullish on data security startups. The post Cyberhaven Banks $100 Million in Series D, Valuation Hits $1 Billion appeared first on SecurityWeek.

The rise of zero-knowledge threat actors powered by AI marks a turning point in the business of cybercrime where sophisticated attacks are no longer confined to skilled attackers. The post AI Giving Rise of the ‘Zero-Knowledge’ Threat Actor appeared first on SecurityWeek.

DeepMind found that current AI frameworks are ad hoc, not systematic, and fail to provide defenders with useful insights. The post Google DeepMind Unveils Framework to Exploit AI’s Cyber Weaknesses appeared first on SecurityWeek.

The global rise of North Korean IT worker infiltration poses a serious cybersecurity risk—using fake identities, remote access, and extortion to compromise organizations. The post North Korea’s IT Operatives Are Exploiting Remote Work Globally appeared first on SecurityWeek.

Google has patched a Cloud Run vulnerability dubbed ImageRunner that could have been exploited to gain access to sensitive data. The post ImageRunner Flaw Exposed Sensitive Information in Google Cloud appeared first on SecurityWeek.

North Korea’s Lazarus hackers are using the ClickFix technique for malware deployment in fresh attacks targeting the cryptocurrency ecosystem. The post Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks appeared first on SecurityWeek.

DrayTek has shared some clarifications regarding the recent attacks causing router reboots, but some questions remain unanswered.  The post Questions Remain Over Attacks Causing DrayTek Router Reboots appeared first on SecurityWeek.

Gmail now allows enterprise users to send end-to-end encrypted emails to colleagues, and will soon allow sending to any inbox. The post Google Brings End-to-End Encrypted Emails to All Enterprise Gmail Users appeared first on SecurityWeek.

Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. "The vulnerability could have allowed such an identity to abuse its Google Cloud Run revision edit permissions in order to pull private Google Artifact

Introduction As the cybersecurity landscape evolves, service providers play an increasingly vital role in safeguarding sensitive data and maintaining compliance with industry regulations. The National Institute of Standards and Technology (NIST) offers a comprehensive set of frameworks that provide a clear path to achieving robust cybersecurity practices. For service providers, adhering to NIST

Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that's known for targeting SSH servers with weak credentials. "Outlaw is a Linux malware that relies on SSH brute-force attacks, cryptocurrency mining, and worm-like propagation to infect and maintain control over systems," Elastic Security Labs said in a new analysis

When assessing an organization’s external attack surface, encryption-related issues (especially SSL misconfigurations) receive special attention. Why? Their widespread use, configuration complexity, and visibility to attackers as well as users make them more likely to be exploited.  This highlights how important your SSL configurations are in maintaining your web application security and

The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant them remote access to compromised Windows systems. "This malware allows attackers to execute remote shell commands and other system operations, giving them full control over an infected machine," Swiss

Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised systems. "Hijack Loader released a new module that implements call stack spoofing to hide the origin of function calls (e.g., API and system calls)," Zscaler ThreatLabz researcher Muhammed Irfan V A said in

John Kelsey and I wrote a short paper for the Rossfest Festschrift: “Rational Astrologies and Security“: There is another non-security way that designers can spend their security budget: on making their own lives easier. Many of these fall into the category of what has been called rational astrology. First identified by Randy Steve Waldman [Wal12], the term refers to something people treat as though it works, generally for social or institutional reasons, even when there’s little evidence that it works—­and sometimes despite substantial evidence that it does not...  ( 9 min )

The new Google Workspace features will make it easier for enterprise customers to implement end-to-end encryption within Gmail.

A successful enterprise security defense requires a successful endpoint security effort. With options ranging from EDR, SIEM, SOAR, and more, how do security teams cut through the clutter and focus on what matters?

Over the past few weeks, bad actors from different regions have been scanning devices with the VPN for potential vulnerabilities.

In this roundtable, cybersecurity experts — including two former CISA executives — weigh in on alternate sources for threat intel, incident response, and other essential cybersecurity services.

The bill will allow Japan to implement safeguards and strategies that have been in use by other countries for some time.

The security vendor counters that none of the information came directly from its systems but rather was acquired over a period of time by targeting individuals.

The FDA's regulations and guidance aim to strike a balance between ensuring rigorous oversight and enabling manufacturers to act swiftly when vulnerabilities are discovered.

Tenable released details of a Google Cloud Run flaw that prior to remediation allowed a threat actor to escalate privileges.

A continuation of the North Korean nation-state threat's campaign against employment seekers uses the social engineering attack to target CeFi organizations with the GolangGhost backdoor.

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. (CVE-2024-8805) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - x86 architect…  ( 8 min )

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - GPU drivers; - HID subsystem; - Media drivers; - JFS file system; - Network namespace; - Networking core; - Netlink; (CVE-2024-57798, CVE-2024-53140, CVE-2024-56595, CVE-2024-56598, CVE-2024-50302, CVE-2024-56658, CVE-2024-56672, CVE-2024-53063)  ( 4 min )

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - GPU drivers; - HID subsystem; - Media drivers; - JFS file system; - Network namespace; - Networking core; - Netlink; (CVE-2024-57798, CVE-2024-53140, CVE-2024-56595, CVE-2024-56598, CVE-2024-50302, CVE-2024-56658, CVE-2024-56672, CVE-2024-53063)  ( 5 min )

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - S390 architectur…  ( 8 min )

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - SuperH RISC archi…  ( 6 min )

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - SuperH RISC archi…  ( 6 min )

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. (CVE-2024-8805) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. (CVE-2025-2312) Several secur…  ( 8 min )

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers; - Drivers core; - Ublk userspace block driver; - Virtio block driver; - Bluetooth drivers; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - EFI core; - GPIO subsystem; - GPU drivers; - HID subsystem; - Microsoft Hyper-V drivers; - Hardware monitoring drivers; - I3C subsystem; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - …  ( 7 min )

USN-7285-1 fixed vulnerabilities in nginx. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that nginx incorrectly handled when multiple server blocks are configured to share the same IP address and port. An attacker could use this issue to use session resumption to bypass client certificate authentication requirements on these servers.  ( 4 min )

Using the Security Copilot tool, Microsoft discovered 20 critical vulnerabilities in widely deployed open-source bootloaders. The post Microsoft Using AI to Uncover Critical Bootloader Vulnerabilities appeared first on SecurityWeek.

An undocumented remote access backdoor in the Unitree Go1 Robot Dog allows remote control over the tunnel network and use of the vision cameras to see through their eyes. The post Hackers Could Unleash Chaos Through Backdoor in China-Made Robot Dogs appeared first on SecurityWeek.

GreyNoise warns of a coordinated effort probing the internet for potentially vulnerable Palo Alto Networks GlobalProtect instances. The post Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals appeared first on SecurityWeek.

ReliaQuest has announced a new growth funding round that brings the total raised by the firm to over $830 million. The post Security Operations Firm ReliaQuest Raises $500M at $3.4B Valuation appeared first on SecurityWeek.

A ransomware group has claimed responsibility for a March cyberattack on National Presto Industries subsidiary National Defense Corporation. The post Ransomware Group Takes Credit for National Presto Industries Attack appeared first on SecurityWeek.

Microsoft’s offensive security team warned Canon about a critical code execution vulnerability in printer drivers.  The post Critical Vulnerability Found in Canon Printer Drivers appeared first on SecurityWeek.

Shadowserver has started seeing exploitation attempts aimed at a CrushFTP vulnerability tracked as CVE-2025-2825 and CVE-2025-31161. The post CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability appeared first on SecurityWeek.

Check Point has responded to a hacker’s claims of sensitive data theft, confirming an incident but saying that it had limited impact. The post Check Point Responds to Hacking Claims appeared first on SecurityWeek.

Apple has released a hefty round of security updates for its desktop and mobile products, patching two recent zero-days in older iPhone models. The post Apple Patches Recent Zero-Days in Older iPhones appeared first on SecurityWeek.

France’s antitrust watchdog fined Apple 150 million euros ($162 million) over a privacy feature protecting users from apps snooping on them. The post France’s Antitrust Watchdog Fines Apple for Problems With App Tracking Transparency appeared first on SecurityWeek.

Executive summary Many networks have a gap in their defenses for detecting and blocking a malicious technique known as “fast flux.” This technique poses a significant threat to national security, enabling malicious cyber actors to consistently evade detection. Malicious cyber actors, including cybercriminals and nation-state actors, use fast flux to obfuscate the locations of malicious servers by rapidly changing Domain Name System (DNS) records. Additionally, they can create resilient, highly available command and control (C2) infrastructure, concealing their subsequent malicious operations. This resilient and fast changing infrastructure makes tracking and blocking malicious activities that use fast flux more difficult.  The National Security Agency (NSA), Cybersecurity and Infrastructur…  ( 11 min )

Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners. Cloud security firm Wiz said the activity is a variant of an intrusion set that was first flagged by Aqua Security in August 2024 that involved the use of a malware strain dubbed PG_MEM. The campaign has been attributed to a threat actor Wiz tracks as

On the 21st birthday of Gmail, Google has announced a major update that allows enterprise users to send end-to-end encrypted (E2EE) to any user in any email inbox in a few clicks. The feature is rolling out starting today in beta, allowing users to send E2EE emails to Gmail users within an organization, with plans to send E2EE emails to any Gmail inbox in the coming weeks and to any email inbox

A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android. Lucid's unique selling point lies in its weaponizing of legitimate communication platforms to sidestep traditional SMS-based detection mechanisms. "Its scalable,

Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation in the wild to older models and previous versions of the operating systems. The vulnerabilities in question are listed below - CVE-2025-24085 (CVSS score: 7.3) - A use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate

Cybersecurity researchers are warning of a spike in suspicious login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect gateways, with nearly 24,000 unique IP addresses attempting to access these portals. "This pattern suggests a coordinated effort to probe network defenses and identify exposed or vulnerable systems, potentially as a precursor to targeted exploitation," threat

Cybersecurity researchers have shed light on a new China-linked threat actor called Earth Alux that has targeted various key sectors such as government, technology, logistics, manufacturing, telecommunications, IT services, and retail in the Asia-Pacific (APAC) and Latin American (LATAM) regions. "The first sighting of its activity was in the second quarter of 2023; back then, it was

Are your security tokens truly secure? Explore how Reflectiz helped a giant retailer to expose a Facebook pixel that was covertly tracking sensitive CSRF tokens due to human error misconfigurations. Learn about the detection process, response strategies, and steps taken to mitigate this critical issue. Download the full case study here.  By implementing Reflectiz's recommendations, the

Apple has been hit with a fine of €150 million ($162 million) by France's competition watchdog over the implementation of its App Tracking Transparency (ATT) privacy framework. The Autorité de la concurrence said it's imposing a financial penalty against Apple for abusing its dominant position as a distributor of mobile applications for iOS and iPadOS devices between April 26, 2021 and July 25,

CISA released two Industrial Control Systems (ICS) advisories on April 1, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-091-01 Rockwell Automation Lifecycle Services with Veeam Backup and Replication   ICSA-24-331-04 Hitachi Energy MicroSCADA Pro/X SYS600 (Update A)   CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.  ( 2 min )

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24813 Apache Tomcat Path Equivalence Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.  ( 2 min )

I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about securing phones. Are there easy ways to delete data—files, photos, etc.—on phones so it can’t be recovered? Does resetting a phone to factory defaults erase data, or is it still recoverable? That is, does the reset erase the old encryption key, or just sever the password that access that key? When the phone is rebooted, are deleted files still available? We need answers for both iPhones and Android phones. And it’s not just the US; the world is going to become a more dangerous place to oppose state power...  ( 16 min )

Although Oracle has denied its cloud infrastructure services were breached, security experts recommend Oracle customers independently verify if they were affected and take measures to reduce exposure to potential fallout.

Next-level malware represents a new era of malicious code developed specifically to get around modern security software like digital forensics tools and EDR, new research warns.

New research from Specops Software shows attackers successfully attack and gain access to RDP with the most basic passwords.

The department was able to trace the stolen funds to three main cryptocurrency accounts after being routed through a series of other platforms.

Threat actors are exploiting a vulnerability in Ivanti Connect Secure first disclosed by the vendor in January.

The cybersecurity artificial intelligence (AI) model and agent will help organizations improve threat detection and incident response.

Positioning security leaders as more than risk managers turns them into business enablers, trusted advisers, and, eventually, integral members of the C-suite.

Attackers post links to fake websites on LinkedIn to ask people to complete malicious CAPTCHA challenges that install malware.

It was discovered that PHP incorrectly handle certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2024-11235) It was discovered that PHP incorrectly handle certain folded headers. An attacker could possibly use this issue to cause a crash or execute arbritrary code. (CVE-2025-1217) It was discovered that PHP incorrectly handled certain headers. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS Ubuntu 24.10, and Ubuntu 24.04 LTS. (CVE-2025-1219) It was discovered that PHP incorrectly handle certain headers with invalid name and no colon. An attacker could possibly use this issue to confuse applications into accepting invalid headers causing code injection. (CVE-2025-1734) It was discovered that PHP incorrectly handled certain headers. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.10, and Ubuntu 24.04 LTS. (CVE-2025-1736) It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information. (CVE-2025-1861)  ( 4 min )

It was discovered that RabbitMQ Server's management UI did not sanitize certain input. An attacker could possibly use this issue to inject code by performing a cross-site scripting (XSS) attack.  ( 4 min )

It was discovered that libtar may perform out-of-bounds reads when processing specially crafted tar files. An attacker could possibly use this issue to cause libtar to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2021-33643, CVE-2021-33644) It was discovered that libtar contained a memory leak due to failing to free a variable, causing performance degradation. An attacker could possibly use this issue to cause libtar to crash, resulting in a denial of service. (CVE-2021-33645, CVE-2021-33646)  ( 4 min )

Xiantong Hou discovered that AOM did not properly handle certain malformed media files. If an application using AOM opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.  ( 4 min )

Marius Berntsberg, Trygve Vea, Tore Anderson, Rodolfo Alonso, Jay Faulkner, and Brian Haley discovered that OVN incorrectly handled certain crafted UDP packets. A remote attacker could possibly use this issue to bypass egress ACL rules.  ( 4 min )

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.  ( 4 min )

USN-7376-1 fixed vulnerabilities in MariaDB. This update provides the corresponding updates for Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. Original advisory details: A security issue was discovered in MariaDB and this update includes a new upstream MariaDB version to fix the issue. In addition to security fixes, the updated packages contain bug and regression fixes, new features, and possibly incompatible changes.  ( 4 min )

Jonathan Clem and Justin Bull discovered that Doorkeeper could allow arbitrary token revocation and replay attacks. An attacker could possibly use this issue to gain unauthorized access to a system. (CVE-2016-6582) It was discovered that Doorkeeper incorrectly handled storing client names. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. (CVE-2018-1000088)  ( 4 min )

The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208. "The threat actor deploys payloads primarily by means of

Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites. mu-plugins, short for must-use plugins, refers to plugins in a special directory ("wp-content/mu-plugins") that are automatically executed by WordPress without the need to enable them explicitly via the

Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind the curtain with us this week as we explore breaches born from routine oversights—and the unexpected

If you're using AWS, it's easy to assume your cloud security is handled - but that's a dangerous misconception. AWS secures its own infrastructure, but security within a cloud environment remains the customer’s responsibility. Think of AWS security like protecting a building: AWS provides strong walls and a solid roof, but it's up to the customer to handle the locks, install the alarm systems,

Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT. "The file names use Russian words related to the movement of troops in Ukraine as a lure," Cisco Talos researcher Guilherme Venere said in a report published last week. "The PowerShell downloader contacts geo-fenced servers located in Russia and Germany to

Sucuri has discovered multiple malware families deployed in the WordPress mu-plugins directory to evade routine security checks. The post Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory appeared first on SecurityWeek.

A strong security program will sometimes require substantial organizational and cultural changes around security practices, and inevitably, a higher cost. The post Zero to Hero – A “Measured” Approach to Building a World-Class Offensive Security Program appeared first on SecurityWeek.

Hacker leaks 270,000 customer tickets allegedly stolen from Samsung Germany using long-compromised credentials. The post Hacker Leaks Samsung Customer Data appeared first on SecurityWeek.

The European Commission plans on investing €1.3 billion ($1.4 billion) in cybersecurity, artificial intelligence and digital skills.  The post Part of EU’s New €1.3 Billion Investment Going to Cybersecurity appeared first on SecurityWeek.

The newly identified Android banking trojan Crocodilus takes over devices, enabling overlay attacks, remote control, and keylogging. The post ‘Crocodilus’ Android Banking Trojan Allows Device Takeover, Data Theft appeared first on SecurityWeek.

CISA has published its analysis of Resurge, a SpawnChimera malware variant used in attacks targeting a recent Ivanti Connect Secure zero-day. The post CISA Analyzes Malware Used in Ivanti Zero-Day Attacks appeared first on SecurityWeek.

An email security incident at Chord Specialty Dental Partners, a US dental service organization, has impacted more than 170,000 people.  The post 170,000 Impacted by Data Breach at Chord Specialty Dental Partners appeared first on SecurityWeek.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.  ( 2 min )

High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source Info n/a -- n/a   Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 136.0.4, Firefox ESR < 128.8.1, and Firefox ESR < 115.21.1. 2025-03-27 10 CVE-2025-2857 Fortinet--FortiSwitchManager   A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 throu…  ( 203 min )

US National Security Advisor Mike Waltz, who started the now-infamous group chat coordinating a US attack against the Yemen-based Houthis on March 15, is seemingly now suggesting that the secure messaging service Signal has security vulnerabilities. "I didn’t see this loser in the group," Waltz told Fox News about Atlantic editor in chief Jeffrey Goldberg, whom Waltz invited to the chat. "Whether he did it deliberately or it happened in some other technical mean, is something we’re trying to figure out." Waltz’s implication that Goldberg may have hacked his way in was followed by a ...  ( 17 min )

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched security flaw in Ivanti Connect Secure (ICS) appliances. "RESURGE contains capabilities of the SPAWNCHIMERA malware variant, including surviving reboots; however, RESURGE contains distinctive commands that

Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey. "Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging,"

In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. Resecurity said it identified a security vulnerability in the data leak site (DLS) operated by the e-crime group that made it possible to extract

The General Services Administration is planning to use automation to speed up the process to determine which cloud services federal agencies are allowed to buy.

Based on the open source NGINX Web server, the malicious tool allows threat actors to steal user credentials and session tokens.

Evidence suggests an attacker gained access to the company's cloud infrastructure environment, but Oracle insists that didn't happen.

No content preview

No content preview

No content preview

The attack hit the Kuala Lumpur airport over the weekend, and it remains unclear who the threat actors are and what kind of information they may have stolen.

No content preview

Digital transformation has revolutionized industries with critical infrastructure — but it has also introduced new vulnerabilities.

The Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors.

In another rare squid/cybersecurity intersection, APT37 is also known as “Squid Werewolf.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.  ( 4 min )

This is a truly fascinating paper: “Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography.” The basic idea is that AIs can act as trusted third parties: Abstract: We often interact with untrusted parties. Prioritization of privacy can limit the effectiveness of these interactions, as achieving certain goals necessitates sharing private data. Traditionally, addressing this challenge has involved either seeking trusted intermediaries or constructing cryptographic protocols that restrict how much data is revealed, such as multi-party computations or zero-knowledge proofs. While significant advances have been made in scaling cryptographic approaches, they remain limited in terms of the size and complexity of applications they can be used for. In this paper, we argue that capable machine learning models can fulfill the role of a trusted third party, thus enabling secure computations for applications that were previously infeasible. In particular, we describe Trusted Capable Model Environments (TCMEs) as an alternative approach for scaling secure computation, where capable machine learning model(s) interact under input/output constraints, with explicit information flow control and explicit statelessness. This approach aims to achieve a balance between privacy and computational efficiency, enabling private inference where classical cryptographic solutions are currently infeasible. We describe a number of use cases that are enabled by TCME, and show that even some simple classic cryptographic problems can already be solved with TCME. Finally, we outline current limitations and discuss the path forward in implementing them...  ( 7 min )

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - SuperH RISC archi…  ( 6 min )

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - S390 architectur…  ( 8 min )

USN-7346-1 fixed vulnerabilities in OpenSC. The update introduced a regression in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. The security fix has been removed pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that OpenSC did not correctly handle certain memory operations, which could lead to a use-after-free vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-42780) It was discovered that OpenSC did not correctly handle certain memory operations, which could lead to a stack buffer overflow. An attacker could possibly use this issue to cause a denial o…  ( 5 min )

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - SuperH RISC archi…  ( 7 min )

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86 architecture; - Cryptographic API; - Virtio block driver; - Data acquisition framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - ARM SCPI message protocol; - GPIO subsystem; - GPU drivers; - HID …  ( 6 min )

USN-7330-1 fixed vulnerabilities in Ansible. The update introduced a regression when attempting to install Ansible on Ubuntu 16.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Ansible did not properly verify certain fields of X.509 certificates. An attacker could possibly use this issue to spoof SSL servers if they were able to intercept network communications. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3908) Martin Carpenter discovered that certain connection plugins for Ansible did not properly restrict users. An attacker with local access could possibly use this issue to escape a restricted environment via symbolic links misuse. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-6240) …  ( 5 min )

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Drivers core; - RAM backed block device driver; - Virtio block driver; - Data acquisition framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - ARM SCPI message protocol; - GPIO subsystem; - GPU drivers; - HID subsystem; - Microsoft Hyper-V drivers; - I3C subsystem; - IIO ADC …  ( 7 min )

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Drivers core; - RAM backed block device driver; - Virtio block driver; - Data acquisition framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - ARM SCPI message protocol; - GPIO subsystem; - GPU drivers; - HID subsystem; - Microsoft Hyper-V drivers; - I3C subsystem; - IIO ADC …  ( 7 min )

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Drivers core; - RAM backed block device …  ( 8 min )

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Drivers core; - RAM backed block device …  ( 8 min )

Notification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise. This document is marked TLP:CLEAR--Recipients may share this information without restriction. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:CLEAR information may be shared without restriction. For more information on the Traffic Light Protocol (TLP), see http://www.cisa.gov/tlp. Summary Description CISA analyzed three files obtain…  ( 12 min )

Cybersecurity researchers have disclosed 46 new security flaws in products from three solar inverter vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids.  The vulnerabilities have been collectively codenamed SUN:DOWN by Forescout Vedere Labs. "The new vulnerabilities can be

Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that's designed to download and execute secondary payloads. The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader.  "The purpose of the malware is to download and execute second-stage payloads while evading

Long gone are the days when a simple backup in a data center was enough to keep a business secure. While backups store information, they do not guarantee business continuity during a crisis. With IT disasters far too common and downtime burning through budgets, modern IT environments require solutions that go beyond storage and enable instant recovery to minimize downtime and data loss. This is

An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps. "PJobRAT can steal SMS messages, phone contacts, device and app information, documents, and media files from infected Android devices," Sophos security researcher Pankaj Kohli said in a Thursday analysis. PJobRAT, first

Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems. "Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers," Sonatype researcher Ax Sharma said. "However, [...] the latest

Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape. "Following the recent Chrome sandbox escape (

Analysis found that 99% of healthcare organizations are vulnerable to publicly available exploits. The post Critical Condition: Legacy Medical Devices Remain Easy Targets for Ransomware appeared first on SecurityWeek.

Nearly a dozen crypto packages on NPM, including one published 9 years ago, have been hijacked to deliver infostealers. The post 9-Year-Old NPM Crypto Package Hijacked for Information Theft appeared first on SecurityWeek.

Noteworthy stories that might have slipped under the radar: Key members of Hellcat ransomware group identified, controversy around CrushFTP flaw CVE, NYU website hacked and defaced. The post In Other News: Hellcat Hackers Unmasked, CrushFTP Bug Controversy, NYU Hacked appeared first on SecurityWeek.

HTTPS certificate issuance now requires Multi-Perspective Issuance Corroboration and linting to improve validation. The post New Issuance Requirements Improve HTTPS Certificate Validation appeared first on SecurityWeek.

A threat actor tracked as Morphing Meerkat abuses DNS mail exchange (MX) records to deliver spoofed login pages. The post Morphing Meerkat Phishing Kits Target Over 100 Brands appeared first on SecurityWeek.

The Grandoreiro banking trojan has reemerged in new campaigns targeting users in Latin America and Europe. The post Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe appeared first on SecurityWeek.

Firefox developers have determined that their browser is affected by a vulnerability similar to the recent Chrome sandbox escape zero-day. The post Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia appeared first on SecurityWeek.

CISA has published a Malware Analysis Report (MAR) with analysis and associated detection signatures on a new malware variant CISA has identified as RESURGE. RESURGE contains capabilities of the SPAWNCHIMERA[1] malware variant, including surviving reboots; however, RESURGE contains distinctive commands that alter its behavior. These commands:  Create a web shell, manipulate integrity checks, and modify files.  Enable the use of web shells for credential harvesting, account creation, password resets, and escalating permissions.  Copy the web shell to the Ivanti running boot disk and manipulate the running coreboot image.  RESURGE is associated with the exploitation of CVE-2025-0282 in Ivanti Connect Secure appliances. CVE-2025-0282 is a stack-based buffer overflow vulnerability in Ivanti Co…  ( 3 min )

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Drivers core; - RAM backed block device …  ( 8 min )

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - SuperH RISC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Drivers core; - RAM backed block device driver; - Virtio block driver; - Data acquisition framework and drivers; - Hardware crypto device drivers; - DMA engine subsystem; - EDAC drivers; - ARM SCPI message protocol; - GPIO subsystem; - GPU drivers; - HID subsystem; - Microsoft Hyper-V drivers; - I3C subsystem; - IIO ADC …  ( 7 min )

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - Drivers core; - Ublk userspace block driver; - Compressed RAM block device driver; - CPU frequency scaling framework; - DAX dirext access to differentiated memory framework; - GPU drivers; - HID subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand drivers; - IOMMU subsystem; - IRQ chip drivers; - Network drivers; - NTB driver; - Virtio pmem driver; - Parport drivers; - Pin controllers subsystem; - SCSI subsystem; - SuperH / SH-Mobile drivers; - Direct Digital Synthesis drivers; - Thermal drive…  ( 5 min )

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. (CVE-2024-8805) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - x86 architect…  ( 7 min )

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. (CVE-2024-8805) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - x86 architect…  ( 7 min )

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. (CVE-2024-8805) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. (CVE-2025-2312) Several secur…  ( 8 min )

It was discovered that Smarty did not properly sanitize template file names. An attacker could possibly use this issue to cause Smarty to crash, resulting in a denial of service, or possibly execute arbitrary code.  ( 4 min )

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - Drivers core; - Ublk userspace block driver; - Compressed RAM block device driver; - CPU frequency scaling framework; - DAX dirext access to differentiated memory framework; - GPU drivers; - HID subsystem; - I3C subsystem; - IIO subsystem; - InfiniBand drivers; - IOMMU subsystem; - IRQ chip drivers; - Network drivers; - NTB driver; - Virtio pmem driver; - Parport drivers; - Pin controllers subsystem; - SCSI subsystem; - SuperH / SH-Mobile drivers; - Direct Digital Synthesis drivers; - Thermal drive…  ( 6 min )

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers; - Drivers core; - Ublk userspace block driver; - Virtio block driver; - Bluetooth drivers; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - EFI core; - GPIO subsystem; - GPU drivers; - HID subsystem; - Microsoft Hyper-V drivers; - Hardware monitoring drivers; - I3C subsystem; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - …  ( 7 min )

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers; - Drivers core; - Ublk userspace block driver; - Virtio block driver; - Bluetooth …  ( 7 min )

Dark Reading Confidential Episode 5: Christofer Hoff, chief secure technology officer at LastPass, shares the human side of the story of how he led his team through a major cyber incident and built from the ground up a security team and security culture.

State and federal security experts weighed in on the impact that budgetary and personnel cuts to CISA will have on election security as a whole.

The artificial intelligence research company previously had its maximum payout set at $20,000 before exponentially raising the reward.

The union received a spoofed email that led to the loss of $6.4 million, much of it transferred to other accounts or to a cryptocurrency exchange.

University security operations centers that hire and train students are a boon to state and local governments while giving much-needed Tier 1 cybersecurity training to undergraduates.

Popularity of the generative AI platform makes it an obvious choice for cybercriminals abusing Google-sponsored search results, according to researchers.

Attackers aren't just spending more time targeting the cloud — they're ruthlessly stealing more sensitive data and accessing more critical systems than ever before.

Splunk patches high-severity remote code execution and information disclosure flaws in Splunk Enterprise and Secure Gateway App. The post Splunk Patches Dozens of Vulnerabilities appeared first on SecurityWeek.

Russian-speaking espionage group RedCurl has been deploying ransomware on victims’ networks in a recent campaign. The post Russian Espionage Group Using Ransomware in Attacks appeared first on SecurityWeek.

The UK ICO has fined Advanced Computer Software Group £3 million ($3.8 million) over a 2022 data breach resulting from a ransomware attack. The post UK Software Firm Fined £3 Million Over Ransomware-Caused Data Breach  appeared first on SecurityWeek.

Interview with Taylor Pyle, a Cybersecurity Engineer at Viasat on her experience with both cyber and mentorship. The post The Importance of Allyship for Women in Cyber appeared first on SecurityWeek.

GetReal Security has raised $17.5 million in series A funding to combat deepfakes, impersonation, and other AI-generated threats. The post GetReal Security Raises $17.5 Million to Tackle Gen-AI Threats appeared first on SecurityWeek.

US defense contractor MORSE Corp has agreed to pay $4.6 million to settle allegations over its cybersecurity failures.  The post Defense Contractor MORSE to Pay $4.6M to Settle Cybersecurity Failure Allegations appeared first on SecurityWeek.

ESET uncovers a link between RansomHub, Play, Medusa, and BianLian ransomware gangs as more groups adopt tools to disable EDR software. The post Ransomware Groups Increasingly Adopting EDR Killer Tools appeared first on SecurityWeek.

T-Mobile paid $33 million in a private arbitration process over a SIM swap attack leading to cryptocurrency theft. The post T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit appeared first on SecurityWeek.

Forescout has found dozens of vulnerabilities in solar power systems from Sungrow, Growatt and SMA. The post More Solar System Vulnerabilities Expose Power Grids to Hacking  appeared first on SecurityWeek.

Straiker has emerged from stealth mode with a solution designed to help enterprises secure AI agents and applications. The post AI Security Firm Straiker Emerges From Stealth With $21M in Funding appeared first on SecurityWeek.

Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat. "The threat actor behind

A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that's designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used by RansomHub actors in

An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which is also known as

Whether it’s CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more. A new report, Understanding SaaS Security Risks: Why

Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim’s system. Here are the top three Microsoft Office-based exploits still making the rounds this year and what you need to know to avoid them. 1.

An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date. "The threat actor has slightly revamped their interface but is still relying on an iframe injection to display a full-screen overlay in the visitor's browser," c/side security analyst Himanshu

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2019-9874 (CVSS score: 9.8) - A deserialization vulnerability in the Sitecore.Security.AntiCSRF

A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation. SnapCenter is an enterprise-focused software that's used to manage data protection across applications, databases, virtual machines, and file systems, offering the ability to backup, restore, and clone data resources. The vulnerability, tracked as

CISA released one Industrial Control Systems (ICS) advisory on March 27, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-037-01 Schneider Electric EcoStruxure Power Monitoring Expert (PME) (Update A) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.  ( 2 min )

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.  ( 2 min )

NIST just released a comprehensive taxonomy of adversarial machine learning attacks and countermeasures.  ( 5 min )

Hunt quickly took to his blog to notify the public of the breach and provide further details on how this could have happened.

Attackers don't always need to resort to sophisticated gambits to break and enter; organizations often make it easy for them to walk right in.

While industry experts continue to analyze, interpret, and act on threat data, the complexity of cyber threats necessitates solutions that can quickly convert expert knowledge into machine-readable formats.

Cybercriminals in China have figured out how to undermine the strengths of mobile messaging protocols.

The Anti-Malware Testing Standards Organization published a Sandbox Evaluation Framework to set a standard among various sandbox offerings that help protect organizations from rising threats.

Researchers at Kaspersky discovered cyber-espionage activity that used the vulnerability in a one-click phishing attack to deliver malware.

Three cybersecurity firms worked with Interpol and authorities in Nigeria, South Africa, Rwanda, and four other African nations to arrest more than 300 cybercriminals.

OpenAI has raised its maximum bug bounty payout to $100,000 (up from $20,000) for high-impact flaws in its infrastructure and products. The post OpenAI Offering $100K Bounties for Critical Vulnerabilities appeared first on SecurityWeek.

Exploitation of Windows MMC zero-day is being pinned on a ransomware gang known as EncryptHub (an affiliate of RansomHub) The post Russian Ransomware Gang Exploited Windows Zero-Day Before Patch appeared first on SecurityWeek.

AMTSO has developed a Sandbox Evaluation Framework to standardize the testing of malware analysis solutions.  The post AMTSO Releases Sandbox Evaluation Framework appeared first on SecurityWeek.

The late-stage startup said the round was led Coatue Management and brings Island’s total external funding to approximately $730 million. The post Island Banks $250M Series E for Enterprise Browser appeared first on SecurityWeek.

A new ransomware group called Arkana claims to have compromised the US telecommunications provider WideOpenWest. The post New Ransomware Group Claims Attack on US Telecom Firm WideOpenWest appeared first on SecurityWeek.

SplxAI has raised $7 million in a seed funding round led by LAUNCHub Ventures to secure agentic AI systems. The post SplxAI Raises $7 Million for AI Security Platform appeared first on SecurityWeek.

Production line monitoring cameras made by Inaba can be hacked for surveillance and sabotage, but they remain unpatched. The post Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras appeared first on SecurityWeek.

macOS users are targeted with multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages. The post macOS Users Warned of New Versions of ReaderUpdate Malware appeared first on SecurityWeek.

Threat actors have started probing servers impacted by a critical-severity vulnerability in the web application development framework Next.js. The post Critical Next.js Vulnerability in Hacker Crosshairs appeared first on SecurityWeek.

Despite Oracle categorically denying that its Cloud systems have been breached, sample data released by the hacker seems to prove otherwise. The post Security Firms Say Evidence Seems to Confirm Oracle Cloud Hack appeared first on SecurityWeek.

Benjamin Koltermann discovered that containerd incorrectly handled large user id values. This could result in containers possibly being run as root, contrary to expectations.  ( 4 min )

It was discovered that Exim incorrectly handled certain memory operations. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code.  ( 4 min )

In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Any unprivileged user can attach N_GSM0710 ldisc, but it requires CAP_NET_ADMIN to create a GSM network anyway. Require initial namespace CAP_NET_ADMIN to do that.)(CVE-2023-52880) In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary packet content. - OVS_PACKET_ATTR_ACTIONS - Actions to execute on the packet. OVS_PACKET_ATTR_KEY is parsed first to populate sw_flow_key structure with the metadata like conntrack state, input port, recirculation id, …  ( 8 min )

Martin van Kervel Smedshammer discovered that Varnish did not properly sanitize certain HTTP headers. A remote attacker could possibly use this issue to perform a cross-site request forgery (CSRF) attack.  ( 4 min )

The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad. The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad, a malware widely shared by Chinese state-sponsored actors. "FamousSparrow

The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC. "In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious payload,

The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor's tradecraft. The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt. RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating

Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring the continued evolution of software supply chain attacks targeting the open-source ecosystem. The packages in question are ethers-provider2 and ethers-providerz, with the former downloaded 73 times to date since it was published on

“A boxer derives the greatest advantage from his sparring partner…” — Epictetus, 50–135 AD Hands up. Chin tucked. Knees bent. The bell rings, and both boxers meet in the center and circle. Red throws out three jabs, feints a fourth, and—BANG—lands a right hand on Blue down the center. This wasn’t Blue’s first day and despite his solid defense in front of the mirror, he feels the pressure.

Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that has been exploited in the wild as part of attacks targeting organizations in Russia.  The vulnerability, tracked as CVE-2025-2783, has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo refers to a collection of

When people think of cybersecurity threats, they often picture external hackers breaking into networks. However, some of the most damaging breaches stem from within organizations. Whether through negligence or malicious intent, insiders can expose your organization to significant cybersecurity risks. According to Verizon's 2024 Data Breach Investigations Report, 57% of companies experience over

Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security. Atlantis AIO "has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen credentials in rapid succession," the cybersecurity company said in an analysis. Credential stuffing is a

Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System (CVSS). "VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control," Broadcom said in an

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.  ( 2 min )

Cloudflare has a new feature—available to free users as well—that uses AI to generate random pages to feed to AI web crawlers: Instead of simply blocking bots, Cloudflare’s new system lures them into a “maze” of realistic-looking but irrelevant pages, wasting the crawler’s computing resources. The approach is a notable shift from the standard block-and-defend strategy used by most website protection services. Cloudflare says blocking bots sometimes backfires because it alerts the crawler’s operators that they’ve been detected. “When we detect unauthorized crawling, rather than blocking the request, we will link to a series of AI-generated pages that are convincing enough to entice a crawler to traverse them,” writes Cloudflare. “But while real looking, this content is not actually the content of the site we are protecting, so the crawler wastes time and resources.”...  ( 6 min )

The vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks targeting organizations in Russia. The post Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky appeared first on SecurityWeek.

DrayTek routers around the world are rebooting and the vendor’s statement suggests that it may involve the exploitation of a vulnerability. The post Vulnerability Exploitation Possibly Behind Widespread DrayTek Router Reboots appeared first on SecurityWeek.

The authentication bypass vulnerability, tagged as CVE-2025-22230, carries a CVSS severity score of 7.8/10. The post VMware Patches Authentication Bypass Flaw in Windows Tools Suite appeared first on SecurityWeek.

Microsoft has expanded the capabilities of Security Copilot with AI agents tackling data security, phishing, and identity management. The post Microsoft Adds AI Agents to Security Copilot appeared first on SecurityWeek.

Charm Security has emerged from stealth mode with $8 million in funding for AI-powered scams and social engineering prevention. The post Charm Security Emerges From Stealth With $8 Million in Funding appeared first on SecurityWeek.

Email-related data breach suffered by wheelchair and other mobility equipment provider Numotion affects almost 500,000 individuals.  The post Numotion Data Breach Impacts Nearly 500,000 People appeared first on SecurityWeek.

Weaver Ant, a cyberespionage-focused APT operating out of China, is targeting telecom providers for persistent access. The post Chinese APT Weaver Ant Targeting Telecom Providers in Asia appeared first on SecurityWeek.

Threats themselves change very little, but the tactics used are continually revised to maximize the criminals’ return on investment and effort. The post Ransomware Shifts Tactics as Payouts Drop: Critical Infrastructure in the Crosshairs appeared first on SecurityWeek.

Frank Trezza is fairly typical of most hackers. Early pranks sometimes leading to something more serious. The post Hacker Conversations: Frank Trezza – From Phreaker to Pentester appeared first on SecurityWeek.

The recent report of how Volt Typhoon compromised systems at a water utility highlight security technologies and processes that helped detect the compromise and clean up the network.

Experts say the leakage of US military plans to a reporter this month reflects a severe operational security failure on the part of US leadership.

The company reports that no sensitive information was breached or stolen in the cyber intrusion and that its operations are running normally again.

Though there is no confirmation as to when this extradition will occur, Alexander Moucka agreed to be transferred in writing before a judge.

Strong DLP can be a game-changer — but it can also become a slow-moving, overcomplicated mess if not executed properly.

Raspberry Robin breaks into organizations and sells access to Russian threat actors, including the military cyber unit behind attempted coups, assassinations, and influence operations throughout Europe.

Security experts worry the company's Chapter 11 status and aim to sell its assets could allow threat actors to exploit and misuse the genetic information it collected.

Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service. (CVE-2024-32458) Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause FreeRDP clients and servers to crash, resulting in a denial of service. (CVE-2024-32459) It was discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service. (CVE-2024-32659, CVE-2024-32660)  ( 4 min )

It was discovered that SmartDNS did not correctly align certain objects in memory, leading to undefined behaviour. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2024-24198, CVE-2024-24199) It was discovered that SmartDNS did not correctly handle certain inputs, which could lead to an integer overflow. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-42643)  ( 4 min )

A new investigation has unearthed nearly 200 unique command-and-control (C2) domains associated with a malware called Raspberry Robin. "Raspberry Robin (also known as Roshtyak or Storm-0856) is a complex and evolving threat actor that provides initial access broker (IAB) services to numerous criminal groups, many of which have connections to Russia," Silent Push said in a report shared with The

A major telecommunications company located in Asia was allegedly breached by Chinese state-sponsored hackers who spent over four years inside its systems, according to a new report from incident response firm Sygnia. The cybersecurity company is tracking the activity under the name Weaver Ant, describing the threat actor as stealthy and highly persistent. The name of the telecom provider was not

Organizations now use an average of 112 SaaS applications—a number that keeps growing. In a 2024 study, 49% of 644 respondents who frequently used Microsoft 365 believed that they had less than 10 apps connected to the platform, despite the fact that aggregated data indicated over 1,000+ Microsoft 365 SaaS-to-SaaS connections on average per deployment. And that’s just one major SaaS provider.

Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft's .NET Multi-platform App UI (.NET MAUI) framework to create bogus banking and social media apps targeting Indian and Chinese-speaking users. "These threats disguise themselves as legitimate apps, targeting users to steal sensitive information," McAfee Labs researcher Dexter Shin said. .NET

Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation codenamed Red Card that took place between November 2024 and February 2025. The coordinated effort "aims to disrupt and dismantle cross-border criminal networks which cause significant harm to individuals and businesses," INTERPOL said, adding it

CISA released four Industrial Control Systems (ICS) advisories on March 25, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-084-01 ABB RMC-100 ICSA-25-084-02 Rockwell Automation Verve Asset Manager ICSA-25-084-03 Rockwell Automation 440G TLS-Z ICSA-25-084-04 Inaba Denki Sangyo CHOCO TEI WATCHER Mini    CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.  ( 2 min )

Citizen Lab has a new report on Paragon’s spyware: Key Findings: Introducing Paragon Solutions. Paragon Solutions was founded in Israel in 2019 and sells spyware called Graphite. The company differentiates itself by claiming it has safeguards to prevent the kinds of spyware abuses that NSO Group and other vendors are notorious for. Infrastructure Analysis of Paragon Spyware. Based on a tip from a collaborator, we mapped out server infrastructure that we attribute to Paragon’s Graphite spyware tool. We identified a subset of suspected Paragon deployments, including in Australia, Canada, Cyprus, Denmark, Israel, and Singapore. ...  ( 6 min )

Upgrading the organization's Windows 10 systems to Windows 11 could potentially introduce vulnerabilities into the environment through misconfigured hardware.

New agentic AI capabilities in Microsoft Security Copilot will allow agents to triage threats and provide recommendations.

The group, called FishMonger or Aquatic Panda, is working under contract for the Chinese government to steal data from governmental organizations, Catholic charities, NGOs, think tanks, and more.

The FBI's Denver field office says the tools will convert documents while also dropping malware and scraping users' systems for sensitive data.

More than 40% of all Internet-facing container orchestration clusters are at risk.

The persistent threat actor was caught using sophisticated Web shell techniques against an unnamed telecommunications company in Asia.

Russia and China spend billions of dollars on state media, propaganda, and disinformation, while the Trump administration has slashed funding for US agencies.

FCC chair warns these companies may still be operating in the US because they don't believe that being added to its "Covered List" poses any serious risk.

A threat actor posted data on BreachForums from an alleged supply chain attack that affected more than 140K tenants, claiming to have compromised the cloud via a zero-day flaw in WebLogic, researchers say.

As the region continues with its ambitious road map, cybersecurity must be woven into every step of the process.

It was discovered that readelf from elfutils could be made to read out of bounds. If a user or automated system were tricked into running readelf on a specially crafted file, an attacker could cause readelf to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-25260) It was discovered that readelf from elfutils could be made to write out of bounds. If a user or automated system were tricked into running readelf on a specially crafted file, an attacker could cause readelf to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-1365) It was discovered that readelf from elfutils could be made to dereference invalid memory. If a user or automated system were tricked into running readelf on a specially crafted file, an attacker could cause readelf to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-1371) It was discovered that readelf from elfutils could be made to dereference invalid memory. If a user or automated system were tricked into running readelf on a specially crafted file, an attacker could cause readelf to crash, resulting in a denial of service. (CVE-2025-1372) It was discovered that strip from elfutils could be made to dereference invalid memory. If a user or automated system were tricked into running strip on a specially crafted file, an attacker could cause strip to crash, resulting in a denial of service. (CVE-2025-1377)  ( 4 min )

USN-7348-1 fixed vulnerabilities in Python. The update introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered “private” or “globally reachable”. This could possibly result in applications applying incorrect security policies. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-4032) It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated. (CVE-2024-9287) It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery (SSRF) attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-11168) It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery (SSRF) attack. (CVE-2025-0938)  ( 4 min )

Nhật Thái Đỗ discovered that Rack incorrectly handled certain usernames. A remote attacker could possibly use this issue to perform CRLF injection. (CVE-2025-25184) Phạm Quang Minh discovered that Rack incorrectly handled certain headers. A remote attacker could possibly use this issue to perform log injection. (CVE-2025-27111) Phạm Quang Minh discovered that Rack did not properly handle relative file paths. A remote attacker could potentially exploit this to include local files that should have been inaccessible. (CVE-2025-27610)  ( 4 min )

It was discovered that zvbi incorrectly handled memory when processing user input. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.  ( 4 min )

It was discovered that NLTK contained a regex that is susceptible to catastrophic backtracking. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-3842, CVE-2021-43854)  ( 4 min )

A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974 ), assigned a CVSS score of

Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser. The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence (GenAI) apps like OpenAI ChatGPT, Google Gemini, and DeepSeek. The list will be expanded over time to

A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025. "The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit. Affiliates keep 80% of the ransom payments, while the core operators earn 20%," Check Point said in a report published over the weekend

A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad fraud at scale behind

Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs, incorporate code that's designed to invoke a

If given the choice, most users are likely to favor a seamless experience over complex security measures, as they don’t prioritize strong password security. However, balancing security and usability doesn’t have to be a zero-sum game. By implementing the right best practices and tools, you can strike a balance between robust password security and a frictionless user experience (UX). This article

A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0. "Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops," Next.js said in an

The effects of the backlog is already being felt in vulnerability management circles where NVD data promises an enriched source of truth. The post NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD appeared first on SecurityWeek.

Oracle has denied that Cloud systems have been breached after a hacker claimed to have stolen millions of records. The post Oracle Denies Cloud Breach After Hacker Offers to Sell Data  appeared first on SecurityWeek.

A Russian exploit acquisition firm is offering up to $4 million for a full-chain exploit targeting messaging service Telegram. The post Russian Firm Offers $4 Million for Telegram Exploits appeared first on SecurityWeek.

Understand whether BAS, Automated Penetration Testing, or the combined approach of Adversarial Exposure Validation (AEV) aligns best with your organization’s unique security needs. The post Webinar Tomorrow: Which Security Testing Approach is Right for You? appeared first on SecurityWeek.

The US Department of the Treasury has removed sanctions against the fully decentralized cryptocurrency mixer service Tornado Cash. The post US Lifts Sanctions Against Crypto Mixer Tornado Cash appeared first on SecurityWeek.

The FCC is investigating whether Chinese firms such as Huawei, ZTE and China Telecom are still operating in the US. The post Despite Rip-and-Replace Efforts, FCC Suspects Banned Chinese Telecom Providers Still Active in US appeared first on SecurityWeek.

The Medusa ransomware relies on a malicious Windows driver to disable the security tools running on the infected systems. The post Medusa Ransomware Uses Malicious Driver to Disable Security Tools appeared first on SecurityWeek.

NetSfere Integrates ML-KEM and AES into its text, voice and video messaging platform to meet 2027 NSA Quantum Security mandates. The post NetSfere Launches Quantum-Resilient Messaging Platform for Enterprise and Government Use appeared first on SecurityWeek.

New versions of the Albabat ransomware target Windows, Linux, and macOS, and retrieve configuration files from GitHub. The post Albabat Ransomware Expands Targets, Abuses GitHub appeared first on SecurityWeek.

Public officials and private citizens are consistently warned about hacking and data leaks, but technologies designed to increase privacy often decrease government transparency. The post Encrypted Messaging Apps Promise Privacy. Government Transparency Is Often the Price appeared first on SecurityWeek.

High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source Info Synology--Unified Controller (DSMUC)   Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors. 2025-03-19 10 CVE-2024-10442 IBM--AIX   IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls. 2025-03-18 10 CVE-2024-56346 Fortinet--FortiMail   An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authen…  ( 164 min )

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-30154 reviewdog action-setup GitHub Action Embedded Malicious Code Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.  ( 2 min )

Last month, I wrote about the UK forcing Apple to break its Advanced Data Protection encryption in iCloud. More recently, both Sweden and France are contemplating mandating backdoors. Both initiatives are attempting to scare people into supporting backdoors, which are—of course—are terrible idea. Also: “A Feminist Argument Against Weakening Encryption.”  ( 7 min )

The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects, before evolving into something more widespread in scope. "The payload was focused on exploiting the public CI/CD flow of one of their open source projects – agentkit, probably with the purpose of leveraging it for further compromises,"

The U.S. Treasury Department has announced that it's removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds. "Based on the Administration's review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring

DOGE is making wild moves at CISA, including bringing back fired probationary employees only to put them on paid leave, and reportedly gutting the agency's red teams.

The attackers are taking an indirect approach to targeting SEO professionals and their Google credentials, using a fake digital marketing website.

Law enforcement entities in democratic states have been deploying top-of-the-line messaging app spyware against journalists and aid workers.

The time to secure foundations, empower teams, and make cyber resilience the standard is now — because the cost of waiting is far greater than the investment in proactive security.

New research: An associate professor of chemistry and chemical biology at Northeastern University, Deravi’s recently published paper in the Journal of Materials Chemistry C sheds new light on how squid use organs that essentially function as organic solar cells to help power their camouflage abilities. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.  ( 4 min )

The Atlantic has a search tool that allows you to search for specific works in the “LibGen” database of copyrighted works that Meta used to train its AI models. (The rest of the article is behind a paywall, but not the search tool.) It’s impossible to know exactly which parts of LibGen Meta used to train its AI, and which parts it might have decided to exclude; this snapshot was taken in January 2025, after Meta is known to have accessed the database, so some titles here would not have been available to download. Still…interesting. Searching my name yields 199 results: all of my books in different versions, plus a bunch of shorter items...  ( 7 min )

The UK’s National Computer Security Center (part of GCHQ) released a timeline—also see their blog post—for migration to quantum-computer-resistant cryptography. It even made The Guardian.  ( 6 min )

Noteworthy stories that might have slipped under the radar: Capital One hacker’s sentence reversed, Google patches critical Chrome vulnerability, the story of an Expat flaw.  The post In Other News: Critical Chrome Bug, Capital One Hacker Resententencing, Story of Expat Flaw appeared first on SecurityWeek.

The Cloak ransomware group has claimed responsibility for a February cyberattack on Virginia Attorney General’s Office. The post Ransomware Group Claims Attack on Virginia Attorney General’s Office appeared first on SecurityWeek.

Cato Networks discovers a new LLM jailbreak technique that relies on creating a fictional world to bypass a model’s security controls. The post New Jailbreak Technique Uses Fictional World to Manipulate AI appeared first on SecurityWeek.

The FishMonger APT group, a subdivision of Chinese cybersecurity firm I-Soon, compromised seven organizations in a 2022 campaign. The post Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley appeared first on SecurityWeek.

Industry professionals comment on Google acquiring cloud security giant Wiz for $32 billion in cash. The post Industry Reactions to Google Buying Wiz: Feedback Friday appeared first on SecurityWeek.

The Hellcat ransomware group claims to have stolen tens of gigabytes of data from Ascom and Jaguar Land Rover. The post Ransomware Group Claims Attacks on Ascom, Jaguar Land Rover appeared first on SecurityWeek.

Former NFL and University of Michigan assistant football coach Matt Weiss hacked into the computer accounts of thousands of college athletes seeking intimate photos and videos. The post Former NFL, Michigan Assistant Coach Matt Weiss Charged With Hacking for Athletes’ Intimate Photos appeared first on SecurityWeek.

More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause. The post Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed appeared first on SecurityWeek.

Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. "UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim

The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed to disable anti-malware tools. Elastic Security Labs said it observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a packer-as-a-service (PaaS

After conducting over 10,000 automated internal network penetration tests last year, vPenTest has uncovered a troubling reality that many businesses still have critical security gaps that attackers can easily exploit. Organizations often assume that firewalls, endpoint protection, and SIEMs are enough to keep them secure. But how effective are these defenses when put to the test? That’s where

The China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to a "global espionage campaign" that took place in 2022 targeting seven organizations. These entities include governments, catholic charities, non-governmental organizations (NGOs), and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States. The activity, which took place

Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to target Russian entities, new findings from Kaspersky reveal. "Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control (C2) servers exclusively linked to Twelve prior to these incidents," the company said. "This suggests

Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center. The two critical-rated vulnerabilities in question are listed below -  CVE-2024-20439 (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to an

A massive cybercrime network known as "VexTrio" is using thousands of compromised WordPress sites to funnel traffic through a complex redirection scheme.

The Amazon Nova AI Challenge puts student research to the test and aims to bring a new perspective to challenges arising from the increase in AI-assisted software development.

Cybersecurity vendors say threat actors' abuse of traffic distribution systems (TDS) is becoming more complex and sophisticated — and much harder to detect and block.

The UNC-200 threat group, active since last summer, has been utilizing the Signal messaging app to social engineer targets into downloading an infostealing remote access Trojan.

Answer: Nope. But let's look at the trends — because they matter for security.

HP's 8000 Series enterprise and commercial printers, which include Color LaserJet Enterprise MFP 8801, Mono MFP 8601, and LaserJet Pro Mono SFP 8501, will feature new quantum ASICs and endpoint controllers to protect them from future quantum attacks.

Both Android devices and iPhones are 3.5 times more likely to be infected with malware once "broken" and 250 times more likely to be totally compromised, recent research shows.

Global politics and a growing economy draw the wrong kind of attention to India, with denial-of-service and application attacks both on the rise.

Marcus Rückert and Matthias Gerstner discovered that PAM-PKCS#11 did not properly handle certain return codes when authentication was not possible. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-24531) It was discovered that PAM-PKCS#11 did not require a private key signature for authentication by default. An attacker could possibly use this issue to bypass authentication. (CVE-2025-24032)  ( 4 min )

It was discovered that go-gh incorrectly handled authentication tokens. An attacker could possibly use this issue to leak authentication tokens to the wrong host. (CVE-2024-53859)  ( 4 min )

Ivan Fratric discovered that Libxslt incorrectly handled certain memory operations when handling documents. A remote attacker could use this issue to cause Libxslt to crash, resulting in a denial of service, or possibly execute arbitrary code.  ( 4 min )

It was discovered that Alpine did not use a secure connection under certain circumstances. A remote attacker could possibly use this issue to leak sensitive information. (CVE-2020-14929) It was discovered that Alpine could allow untagged responses from an IMAP server before upgrading to a TLS connection. A remote attacker could possibly use this issue to leak sensitive information. (CVE-2021-38370) It was discovered that Alpine could crash when receiving certain SMTP commands. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-46853)  ( 4 min )

Analysis reveals a 140% increase in browser phishing, including a 130% increase in zero-hour phishing attacks. The post Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing appeared first on SecurityWeek.

Real-time event and risk detection firm Dataminr has raised $85 million from NightDragon and HSBC to accelerate AI development. The post Dataminr Raises $85 Million for AI-Powered Information Platform appeared first on SecurityWeek.

CISA has added an absolute path traversal bug in Nakivo Backup and Replication to its Known Exploited Vulnerabilities list. The post CISA Warns of Exploited Nakivo Vulnerability appeared first on SecurityWeek.

A Joni Mitchell song from the 1960s can teach us a lot about securing hybrid and multi-cloud environments. The post Through the Lens of Music: What Cybersecurity Can Learn From Joni Mitchell appeared first on SecurityWeek.

Veeam has released patches for a critical-severity remote code execution vulnerability in Backup & Replication. The post Veeam Patches Critical Vulnerability in Backup & Replication appeared first on SecurityWeek.

Pennsylvania State Education Association says the personal information of over 500,000 individuals was stolen in a data breach. The post 500,000 Impacted by Pennsylvania Teachers Union Data Breach appeared first on SecurityWeek.

SANS is seeing attempts to exploit two critical Cisco Smart Licensing Utility vulnerabilities tracked as CVE-2024-20439 and CVE-2024-20440. The post Hackers Target Cisco Smart Licensing Utility Vulnerabilities appeared first on SecurityWeek.

Amazon is ending a little-used privacy feature that let some users of its Echo smart speaker prevent their voice commands from going to the company’s cloud. The post Amazon Ends Little-Used Privacy Feature That Let Echo Users Opt Out of Sending Recordings to Company appeared first on SecurityWeek.

Over 300 malicious applications displaying intrusive full-screen interstitial video ads amassed more than 60 million downloads on Google Play. The post 300 Malicious ‘Vapor’ Apps Hosted on Google Play Had 60 Million Downloads appeared first on SecurityWeek.

Attacks involving Paragon’s Graphite spyware involved a WhatsApp zero-day that could be exploited without any user interaction. The post Paragon Spyware Attacks Exploited WhatsApp Zero-Day  appeared first on SecurityWeek.

YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users. "What's intriguing about this malware is how much it collects," Kaspersky said in an analysis. "It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla, and

Veeam has released security updates to address a critical security flaw impacting its Backup & Replication software that could lead to remote code execution. The vulnerability, tracked as CVE-2025-23120, carries a CVSS score of 9.9 out of 10.0. It affects 12.3.0.310 and all earlier version 12 builds. "A vulnerability allowing remote code execution (RCE) by authenticated domain users," the

Cybersecurity isn't just another checkbox on your business agenda. It's a fundamental pillar of survival. As organizations increasingly migrate their operations to the cloud, understanding how to protect your digital assets becomes crucial. The shared responsibility model, exemplified through Microsoft 365's approach, offers a framework for comprehending and implementing effective cybersecurity

The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are likely customers of spyware developed by Israeli company Paragon Solutions, according to a new report from The Citizen Lab. Paragon, founded in 2019 by Ehud Barak and Ehud Schneorson, is the maker of a surveillance tool called Graphite that's capable of harvesting sensitive data from instant messaging applications

Regulatory compliance is no longer just a concern for large enterprises. Small and mid-sized businesses (SMBs) are increasingly subject to strict data protection and security regulations, such as HIPAA, PCI-DSS, CMMC, GDPR, and the FTC Safeguards Rule. However, many SMBs struggle to maintain compliance due to limited IT resources, evolving regulatory requirements, and complex security challenges

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to

The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a new campaign that targets the defense sectors with Dark Crystal RAT (aka DCRat). The campaign, detected earlier this month, has been found to target both employees of enterprises of the defense-industrial complex and individual representatives of the Defense Forces of Ukraine. The activity involves

This is serious: A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used “tj-actions/changed-files” utility, is now believed to have originated from an earlier breach of the “reviewdog/action-setup@v1” GitHub Action, according to a report. […] CISA confirmed the vulnerability has been patched in version 46.0.1. Given that the utility is used by more than 23,000 GitHub repositories, the scale of potential impact has raised significant alarm throughout the developer community...  ( 6 min )

CISA released five Industrial Control Systems (ICS) advisories on March 20, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-079-01 Schneider Electric EcoStruxure™ ICSA-25-079-02 Schneider Electric Enerlin’X IFE and eIFE ICSA-25-079-03 Siemens Simcenter Femap ICSA-25-079-04 SMA Sunny Portal   ICSMA-25-079-01 Santesoft Sante DICOM Viewer Pro  CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.  ( 2 min )

CISA this week added CVE-2025-24472 to its catalog of known exploited vulnerabilities, citing ransomware activity targeting the authentication bypass flaw.

Trend Micro uncovered a method that nation-state threat actors are using to target victims via the Windows .Ink shortcut file extension.

No content preview

No content preview

Several major companies in the finance sector were impacted by the third-party breach, prompting them to notify thousands of customers of their compromised data.

No content preview

Research finds that organizations are granting root access by default and making other big missteps, including a Jenga-like building concept, in deploying and configuring AI services in cloud deployments.

A Europol report says nation-state actors are increasingly working with organized crime networks to achieve geopolitical goals, including the destabilization of the EU.

The question is no longer "Are we compliant?" but "Are we truly resilient?"

Orion protects against data exfiltration by using AI to compare actual data flows against permitted and expected data flows. The post Orion Security Raises $6 Million to Tackle Insider Threats and Data Leaks with AI-Driven DLP appeared first on SecurityWeek.

Defending high profile sporting events from adversarial attacks requires a mix of experienced capabilities and a solid threat intelligence program. The post March Madness Requires Vigilance on Both an Individual and Corporate Level appeared first on SecurityWeek.

Infosys McCamish System has agreed to pay $17.5 million to settle six class action lawsuits filed over a 2023 data breach. The post Infosys to Pay $17.5 Million in Settlement Over 2023 Data Breach appeared first on SecurityWeek.

News analysis: Google positions itself to compete with Microsoft for enterprise security dollars. How does this deal affect startup ecosystem? The post What’s Behind Google’s $32 Billion Wiz Acquisition? appeared first on SecurityWeek.

Join the virtual event as we explore of the critical nature of software and vendor supply chain security issues. The post Virtual Event Today: Supply Chain & Third-Party Risk Security Summit appeared first on SecurityWeek.

Chinese hacking group MirrorFace has targeted a Central European diplomatic institute with the Anel backdoor and AsyncRAT. The post Chinese Hacking Group MirrorFace Targeting Europe appeared first on SecurityWeek.

A long-running campaign phishing for credentials through scareware recently switched to targeting macOS users. The post Scareware Combined With Phishing in Attacks Targeting macOS Users appeared first on SecurityWeek.

Microsoft has shared details on StilachiRAT, an evasive and persistent piece of malware that facilitates sensitive data theft. The post Microsoft Warns of New StilachiRAT Malware appeared first on SecurityWeek.

Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT. The vulnerability, assigned the CVE identifier CVE-2024-4577, refers to an argument injection vulnerability in PHP affecting Windows-based systems running in CGI mode that could allow remote attackers to run arbitrary code. Cybersecurity company

The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities. The leak, containing over 200,000 messages from September 2023 to September 2024, was published by a Telegram user @ExploitWhispers last month. According to an analysis of the messages by cybersecurity company

In today’s digital world, security breaches are all too common. Despite the many security tools and training programs available, identity-based attacks—like phishing, adversary-in-the-middle, and MFA bypass—remain a major challenge. Instead of accepting these risks and pouring resources into fixing problems after they occur, why not prevent attacks from happening in the first place? Our upcoming

The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer. ClearFake, first highlighted in July 2023, is the name given to a threat activity cluster that employs fake web browser update baits on compromised WordPress as a malware distribution vector. The

Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS identity ecosystems. This blind spot is wreaking havoc on heavily SaaS-reliant organizations big and small

Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious actors to take control of susceptible systems. "These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog. The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote

It was discovered that Valkey did not properly handle memory cleanup. An attacker could possibly use this issue to execute arbitrary code. (CVE-2024-46981) It was discovered that Valkey did not properly handle resource access permissions. An authenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-51741)  ( 4 min )

Wolfgang Walther discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this issue to perform forbidden reads and modifications. (CVE-2024-10976) Jacob Champion discovered that PostgreSQL clients used untrusted server error messages. An attacker that is able to intercept network communications could possibly use this issue to inject error messages that could be interpreted as valid query results. (CVE-2024-10977) Tom Lane discovered that PostgreSQL incorrectly handled certain privilege assignments. A remote attacker could possibly use this issue to view or change different rows from those intended. (CVE-2024-10978) Coby Abrams discovered that PostgreSQL incorrectly handled environment variables. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2024-10979)  ( 4 min )

Ivan Fratric discovered that Libxslt incorrectly handled certain memory operations when handling documents. A remote attacker could use this issue to cause Libxslt to crash, resulting in a denial of service, or possibly execute arbitrary code.  ( 4 min )

It was discovered that uriparser did not correctly handle certain inputs, which could lead to an integer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-34402, CVE-2024-34403)  ( 4 min )

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.  ( 2 min )

Nakul Choudhary and Robert Xiao discovered that RestrictedPython did not properly sanitize certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-37271) Abhishek Govindarasu, Ankush Menat and Ward Theunisse discovered that RestrictedPython did not correctly handle certain format strings. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-41039) It was discovered that RestrictedPython did not correctly restrict access to certain fields. An attacker could possibly use this issue to leak sensitive information. (CVE-2024-47532) It was discovered that RestrictedPython contained a type confusion vulnerability. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-22153)  ( 4 min )

No content preview

No content preview

No content preview

No content preview

No content preview

The all-cash deal offers a path for Google to better support cloud customers who have assets spread across public environments, including Azure and others.

The sneaky malware packs capabilities for system reconnaissance as well as credential and cryptocurrency theft.

Though the chat logs were leaked a month ago, analysts are now seeing that Russian officials may have assisted Black Basta members according, to the shared messages.

Though the group initially stuck to classic ransomware TTPs before demanding the ransom, it went off script when it began threatening the group and detailing potential consequences the victim would face.

A server-side request forgery vulnerability in OpenAI's chatbot infrastructure can allow attackers to direct users to malicious URLs, leading to a range of threat activity.

The data loss prevention company emerges from stealth with an AI-powered platform to help organizations distinguish between legitimate and risky activity.

For candidates with a cybersecurity background who want to stay competitive, now is the time to invest in obtaining AI skills.

Printers can sit in the corner for ten years or more, while quantum decryption is thought by many to be less than 10 years away. The post HP Launches Printers with Quantum Resilient Cryptography  appeared first on SecurityWeek.

AI and other technologies “are a catalyst for crime, and drive criminal operations’ efficiency by amplifying their speed, reach, and sophistication,” the report said. The post AI Is Turbocharging Organized Crime, EU Police Agency Warns appeared first on SecurityWeek.

A critical vulnerability affecting baseboard management controller (BMC) firmware made by AMI could expose many devices to remote attacks. The post Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover  appeared first on SecurityWeek.

Google has integrated OSV-SCALIBR features into OSV-Scanner, its free vulnerability scanner for open source developers. The post Google Releases Major Update for Open Source Vulnerability Scanner appeared first on SecurityWeek.

ZDI has uncovered 1,000 malicious .lnk files used by state-sponsored and cybercrime threat actors to execute malicious commands. The post 11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft appeared first on SecurityWeek.

Google has confirmed reports that it’s buying cloud security giant Wiz and says it’s prepared to pay $32 billion in cash. The post Google to Acquire Cloud Security Giant Wiz for $32 Billion in Cash appeared first on SecurityWeek.

Cloudflare launches Cloudforce Threat Events Feed, a service designed to provide security teams with real-time threat intelligence. The post New Cloudflare Service Provides Real-Time Threat Intelligence appeared first on SecurityWeek.

Exploit and vulnerability intelligence provider VulnCheck has raised $12 million in a Series A funding round. The post VulnCheck Raises $12 Million for Vulnerability Intelligence Platform appeared first on SecurityWeek.

The personal information of 22,000 Western Alliance Bank customers was stolen in a data breach linked to Cl0p’s hacking of the Cleo file transfer tool. The post Western Alliance Bank Discloses Data Breach Linked to Cleo Hack appeared first on SecurityWeek.

US representatives and senators have reintroduced a bipartisan bill to support the cybersecurity of small water and wastewater utilities. The post US Lawmakers Reintroduce Bill to Boost Rural Water Cybersecurity appeared first on SecurityWeek.

Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. "This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent

An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017. The zero-day vulnerability, tracked by Trend Micro's Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden

Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion. "This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to use multiple clouds (multicloud)," the tech giant said today. It added the acquisition, which is

A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. "A local or remote attacker can exploit the vulnerability by accessing the

While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts. Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this

Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store to serve full-screen ads and conduct phishing attacks. "The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks," Bitdefender said in a report shared with

Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL. The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo, which is scheduled to kick off in

At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem. This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV, according to new findings from the HUMAN Satori Threat Intelligence and Research team, published in

Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data. The malware contains capabilities to "steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored

A popular third-party GitHub Action, tj-actions/changed-files (tracked as CVE-2025-30066), was compromised. tj-actions/changed-files is designed to detect which files have changed in a pull request or commit. The supply chain compromise allows for information disclosure of secrets including, but not limited to, valid access keys, GitHub Personal Access Tokens (PATs), npm tokens, and private RSA keys. This has been patched in v46.0.1.  (Updated March 19, 2025) The compromise of tj-actions/changed-files was potentially enabled by a compromise of another GitHub Action, reviewdog/action-setup@v1 (tracked as CVE-2025-30154), which occurred around the same time. The following Actions may also be affected:   reviewdog/action-shellcheck  reviewdog/action-composite-template  reviewdog/action-static…  ( 3 min )

A popular third-party GitHub Action, tj-actions/changed-files (tracked as CVE-2025-30066), was compromised. This GitHub Action is designed to detect which files have changed in a pull request or commit. The supply chain compromise allows for information disclosure of secrets including, but not limited to, valid access keys, GitHub Personal Access Tokens (PATs), npm tokens, and private RSA keys. This has been patched in v46.0.1.  CISA added CVE-2025-30066 to its Known Exploited Vulnerabilities Catalog.  CISA strongly urges users to implement the recommendations to mitigate this compromise and strengthen security when using third-party actions.   See the following resources for more guidance:  GitHub: tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs   GitHub: Security hardening for GitHub Actions - GitHub Docs  GitHub: tj-actions/changed-files: :octocat: Github action to retrieve all (added, copied, modified, deleted, renamed, type changed, unmerged, unknown) files and directories  StepSecurity: Harden-Runner detection: tj-actions/changed-files action is compromised  Wiz: GitHub Action tj-actions/changed-files supply chain attack  Organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at Report@cisa.gov or (888) 282-0870.   This alert is provided “as is” for informational purposes only. CISA does not provide any warranties of any kind regarding any information within. CISA does not endorse any commercial product, entity, or service referenced in this alert or otherwise.  ( 2 min )

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability CVE-2025-30066 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.  ( 2 min )

CISA released seven Industrial Control Systems (ICS) advisories on March 18, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-077-01 Schneider Electric EcoStruxure Power Automation System User Interface (EPAS-UI) ICSA-25-077-02 Rockwell Automation Lifecycle Services with VMware ICSA-25-077-03 Schneider Electric EcoStruxure Power Automation System ICSA-25-077-04 Schneider Electric EcoStruxure Panel Server ICSA-25-077-05 Schneider Electric ASCO 5310/5350 Remote Annunciator   ICSA-24-352-04 Schneider Electric Modicon (Update A) ICSA-24-291-03 Mitsubishi Electric CNC Series (Update B) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.  ( 2 min )

Really interesting research: “How WEIRD is Usable Privacy and Security Research?” by Ayako A. Hasegawa Daisuke Inoue, and Mitsuaki Akiyama: Abstract: In human factor fields such as human-computer interaction (HCI) and psychology, researchers have been concerned that participants mostly come from WEIRD (Western, Educated, Industrialized, Rich, and Democratic) countries. This WEIRD skew may hinder understanding of diverse populations and their cultural differences. The usable privacy and security (UPS) field has inherited many research methodologies from research on human factor fields. We conducted a literature review to understand the extent to which participant samples in UPS papers were from WEIRD countries and the characteristics of the methodologies and research topics in each user study recruiting Western or non-Western participants. We found that the skew toward WEIRD countries in UPS is greater than that in HCI. Geographic and linguistic barriers in the study methods and recruitment methods may cause researchers to conduct user studies locally. In addition, many papers did not report participant demographics, which could hinder the replication of the reported studies, leading to low reproducibility. To improve geographic diversity, we provide the suggestions including facilitate replication studies, address geographic and linguistic issues of study/recruitment methods, and facilitate research on the topics for non-WEIRD populations...  ( 6 min )

In a cyber twist, attackers behind two of the campaigns are using the apps to redirect users to phishing and malware distribution sites.

The ClickFix attack tactic seems to be gaining traction among threat actors.

No content preview

No content preview

A new threat assessment from the Danish Civil Protection Authority (SAMSIK) warned of cyberattacks targeting the telecommunications sector after citing a wave of incidents hitting European organizations the past few years.

The researchers who discovered the initial assault warned that the simple, staged attack is just the beginning for advanced exploit sequences that will test cyber defenses in new and more difficult ways.

A ransomware activity wave using the SocGholish MaaS framework for initial access also has affected banking and consulting firms in the US, Taiwan, and Japan since the beginning of the year.

Cybersecurity is not just a technical challenge but also a very human one. The more humans that organizations can get involved, the more diverse perspectives and experiences that can be tapped into.

Inflation, cryptocurrency market volatility, and the ability to invest in defenses all influence the impact and severity of a ransomware attack, according to incident response efforts and ransomware negotiators.

Diego Cebrián discovered that djoser did not properly handle user authentication. An attacker with valid credentials could possibly use this to bypass authentication checks, such as two-factor authentication, to gain unintended access.  ( 4 min )

USN-7352-1 fixed a vulnerability in FreeType. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update also fixes an additional vulnerability in Ubuntu 14.04 LTS. Original advisory details: It was discovered that FreeType incorrectly handled certain memory operations when parsing font subglyph structures. A remote attacker could use this issue to cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2025-27363) Additional advisory details: It was discovered that FreeType incorrectly handled certain memory operations during typical execution. An attacker could possibly use this issue to cause FreeType to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2022-27406)  ( 4 min )

Tobias S. Fink discovered that PlantUML was susceptible to cross-site scripting attacks (XSS) in instances where SVG images were rendered. An attacker could possibly use this issue to cause PlantUML to crash, resulting in a denial of service, or the execution of arbitrary code.  ( 4 min )

It was discovered that FreeType incorrectly handled certain memory operations when parsing font subglyph structures. A remote attacker could use this issue to cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code.  ( 4 min )

USN-7299-2 fix vulnerabilities in X.Org X Server. This fix caused a regression in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update fix the regression and re-apply the fix for the CVE listed. We apologize for the inconvenience. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could use these issues to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.  ( 4 min )

Exploits swirling for remote code execution vulnerability (CVE-2025-24813) in open-source Apache Tomcat web server. The post Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum appeared first on SecurityWeek.

First choices for both KEMs and DSAs are already standardized, and organizations should not wait for the backups to be available before migrating to PQC.  The post NIST Announces HQC as Fifth Standardized Post Quantum Algorithm appeared first on SecurityWeek.

Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes. The post 8,000 New WordPress Vulnerabilities Reported in 2024 appeared first on SecurityWeek.

Threat actors are abusing Microsoft 365 infrastructure in a BEC campaign, and target its users in two brand impersonation campaigns. The post Microsoft 365 Targeted in New Phishing, Account Takeover Attacks appeared first on SecurityWeek.

The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise. The post 100 Car Dealerships Hit by Supply Chain Attack appeared first on SecurityWeek.

Vulnerabilities in Nvidia Riva could allow hackers to abuse speech and translation AI services that are typically expensive.  The post Nvidia Patches Vulnerabilities That Could Let Hackers Exploit AI Services appeared first on SecurityWeek.

The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack. The post Popular GitHub Action Targeted in Supply Chain Attack appeared first on SecurityWeek.

A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure. The vulnerability, tracked as CVE-2025-24813, affects the below versions - Apache Tomcat 11.0.0-M1 to 11.0.2 Apache Tomcat 10.1.0-M1 to 10.1.34 Apache Tomcat 9.0.0-M1 to 9.0.98 It concerns a

An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on susceptible devices by means of a

Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users' actions. That's according to new findings from Cisco Talos, which said such malicious activities can compromise a victim's security and privacy. "The features available in CSS allow attackers and spammers to track users' actions and

From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week’s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source

The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider’s storage security controls and default settings. “In just the past few months, I have witnessed two different methods for

Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow. The incident involved the tj-actions/changed-files GitHub Action, which is used in over 23,000 repositories. It's used to track and retrieve all

New paper: “GPU Assisted Brute Force Cryptanalysis of GPRS, GSM, RFID, and TETRA: Brute Force Cryptanalysis of KASUMI, SPECK, and TEA3.” Abstract: Key lengths in symmetric cryptography are determined with respect to the brute force attacks with current technology. While nowadays at least 128-bit keys are recommended, there are many standards and real-world applications that use shorter keys. In order to estimate the actual threat imposed by using those short keys, precise estimates for attacks are crucial. In this work we provide optimized implementations of several widely used algorithms on GPUs, leading to interesting insights on the cost of brute force attacks on several real-word applications...  ( 5 min )

High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source Info 1E--1E Client   Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a Windows system to delete arbitrary files on the device by exploiting symbolic links. 2025-03-12 7.8 CVE-2025-1683 274056675--springboot-openai-chatgpt   A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit of the file /api/blade-user/submit of the component User Handler. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be…  ( 146 min )

The chip maker's Tiber Secure Federated AI service creates a secure tunnel between AI models on remote servers and data sources on origin systems.

Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as "time" related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain security firm ReversingLabs said it discovered two sets of packages totaling 20 of them. The packages

A bagpipe and drum band: SQUID transforms traditional Bagpipe and Drum Band entertainment into a multi-sensory rush of excitement, featuring high energy bagpipes, pop music influences and visually stunning percussion! As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.  ( 5 min )

This is a current list of where and when I am scheduled to speak: I’m speaking at the Rossfest Symposium in Cambridge, UK, on March 25, 2025. I’m speaking at the University of Toronto’s Rotman School of Management in Toronto, Canada, on April 3, 2025. The list is maintained on this page.  ( 3 min )

There is a new botnet that is infecting TP-Link routers: The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity security flaw (tracked as CVE-2023-1389) has also been used to spread other malware families as far back as April 2023 when it was used in the Mirai botnet malware attacks. The flaw also linked to the Condi and AndroxGh0st malware attacks. […] Of the thousands of infected devices, the majority of them are concentrated in Brazil, Poland, the United Kingdom, Bulgaria and Turkey; with the botnet targeting manufacturing, medical/healthcare, services and technology organizations in the United States, Australia, China and Mexico...  ( 8 min )

Microsoft detailed a sophisticated campaign that relies on a social engineering technique, "ClickFix," in which a phisher uses security verification like captcha to give the target a false sense of safety.

A pair of researchers plan on detailing effective tools to dig into the effectiveness of vehicle cybersecurity without breaking the bank.

Law enforcement discovered admin credentials on the suspect's computer for an online repository hosted on the Dark Web that stored source code for multiple versions of the LockBit builder.

The Mora_001 group uses similar post-exploitation patterns and ransomware customization originated by LockBit.

President Trump has long complained about perceived threats to election security. Now his DHS has kneecapped the agencies designed to support it. Experts are worried about what comes next.

Healthcare organizations must enhance their cybersecurity arsenal. Doing so can help them prevent financial, compliance, and reputational damage.

Exposed login panels for VPNs and remote access systems leave companies open to attack, sometimes tripling the risk of ransomware and making it harder to get cyber insurance.

A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months after he was formally charged in connection with the e-crime scheme. Rostislav Panev was previously arrested in Israel in August 2024. He is said to have been working as a developer for the ransomware gang from 2019

The GSM Association (GSMA) has formally announced support for end-to-end encryption (E2EE) for securing messages sent via the Rich Communications Services (RCS) protocol, bringing much-needed security protections to cross-platform messages shared between Android and iOS platforms. To that end, the new GSMA specifications for RCS include E2EE based on the Messaging Layer Security (MLS) protocol

Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfold—from the initial breach to the moment hackers demand payment. Join Joseph Carson, Delinea’s Chief Security Scientist and Advisory CISO, who brings 25 years of enterprise security expertise. Through a live demonstration, he will break down every technical step of a ransomware attack, showing you how

Most microsegmentation projects fail before they even get off the ground—too complex, too slow, too disruptive. But Andelyn Biosciences proved it doesn’t have to be that way.  Microsegmentation: The Missing Piece in Zero Trust Security  Security teams today are under constant pressure to defend against increasingly sophisticated cyber threats. Perimeter-based defenses alone can no

Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, according to findings from CyberArk. Clipper malware is a type of cryware (as coined by Microsoft) that's designed to monitor a victim's clipboard content and facilitate cryptocurrency theft by substituting copied cryptocurrency wallet addresses

A new malware campaign has been observed leveraging social engineering tactics to deliver an open-source rootkit called r77. The activity, condemned OBSCURE#BAT by Securonix, enables threat actors to establish persistence and evade detection on compromised systems. It's currently not known who is behind the campaign. The rootkit "has the ability to cloak or mask any file, registry key or task

Noteworthy stories that might have slipped under the radar: Switzerland requires disclosure of critical infrastructure attacks, ESP32 chips don’t contain a backdoor, MassJacker cryptojacking malware. The post In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor Disputed, MassJacker appeared first on SecurityWeek.

The ClickFix technique has been employed by cybercrime and APT groups for information stealer and other malware deployment. The post ClickFix Widely Adopted by Cybercriminals, APT Groups appeared first on SecurityWeek.

Russian-Israeli LockBit ransomware developer Rostislav Panev has been extradited from Israel to the United States. The post LockBit Ransomware Developer Extradited to US appeared first on SecurityWeek.

Measure the different level of risk inherent to all gen-AI foundational models and use that to fine-tune the operation of in-house AI deployments. The post New AI Security Tool Helps Organizations Set Trust Zones for Gen-AI Models appeared first on SecurityWeek.

Your guide on how to get through the conference with your sanity, energy, and key performance indicators (KPIs) intact. The post RSA Conference Playbook: Smart Strategies from Seasoned Attendees appeared first on SecurityWeek.

Two Microsoft researchers have devised a new jailbreak method that bypasses the safety mechanisms of most AI systems. The post New CCA Jailbreak Method Works Against Most AI Models appeared first on SecurityWeek.

The newly discovered SuperBlack ransomware has been exploiting two vulnerabilities in Fortinet firewalls. The post Recent Fortinet Vulnerabilities Exploited in ‘SuperBlack’ Ransomware Attacks appeared first on SecurityWeek.

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; (CVE-2024-56672)  ( 4 min )

We are excited to announce the winners of LLMail-Inject, our first Adaptive Prompt Injection Challenge! The challenge ran from December 2024 until February 2025 and was featured as one of the four official competitions of the 3rd IEEE Conference on Secure and Trustworthy Machine Learning (IEEE SaTML). The overall aims of this challenge were to advance the state-of-the-art defenses against indirect prompt injection attacks and to broaden awareness of these new techniques.  ( 10 min )

Researchers discovered an attack chain that uses several layers of obfuscated batch files and PowerShell scripts to deliver an advanced and persistent rootkit.

Medusa developers have been targeting a wide variety of critical infrastructure sectors, from healthcare and technology to manufacturing and insurance, racking up its victim count as it seemingly adds to its numbers of affiliates.

Consumer Reports, Secure Resilient Future Foundation (SRFF), and US Public Interest Research Group (PIRG) have introduced a model bill to increase transparency around when Internet of Things devices no longer have manufacturer support.

Just like with any regular computer, researchers figured out how to crack into, force restart, and upload malware to an aftermarket in-vehicle infotainment system.

The Salt Typhoon attacks underscored the need for unity, innovation, and resilience in the face of an increasingly sophisticated cyber-threat landscape.

The new The F5 Application Delivery Controller and Security Platform combines BIG-IP, NGNIX and Distributed Cloud Services and new AI Gateway and AI Assistants.

Researchers from Symantec showed how OpenAI's Operator agent, currently in research preview, can be used to construct a basic phishing attack from start to finish.

Following increasing attacks on healthcare organizations, the United Arab Emirates has refined its regulatory strategy for improving cybersecurity in healthcare.

A recently disclosed Edimax zero-day vulnerability has been exploited in the wild by Mirai botnets for nearly a year. The post Unpatched Edimax Camera Flaw Exploited Since at Least May 2024 appeared first on SecurityWeek.

Meta’s Facebook security team warns of live exploitation of a zero-day vulnerability in the open-source FreeType library.  The post FreeType Zero-Day Being Exploited in the Wild appeared first on SecurityWeek.

Cisco has released patches for 10 vulnerabilities in IOS XR, including five denial-of-service (DoS) bugs. The post Cisco Patches 10 Vulnerabilities in IOS XR appeared first on SecurityWeek.

Threat actors are likely targeting Grafana path traversal bugs for reconnaissance in a SSRF exploitation campaign targeting popular platforms. The post Grafana Flaws Likely Targeted in Broad SSRF Exploitation Campaign appeared first on SecurityWeek.

A cybercrime group named Storm-1865 has targeted hospitality organizations via fake Booking.com emails and the use of social engineering. The post Microsoft Warns of Hospitality Sector Attacks Involving ClickFix appeared first on SecurityWeek.

Researchers have analyzed the ability of the Chinese gen-AI DeepSeek to create malware such as ransomware and keyloggers. The post DeepSeek’s Malware-Generation Capabilities Put to Test appeared first on SecurityWeek.

The North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play. The post North Korean Hackers Distributed Android Spyware via Google Play appeared first on SecurityWeek.

CISA, FBI, and MS-ISAC warn of Medusa ransomware attacks targeting critical infrastructure organizations. The post Medusa Ransomware Made 300 Critical Infrastructure Victims appeared first on SecurityWeek.

Organizations can align their processes with one of two global industry standards for self-assessment and security maturity—BSIMM and OWASP SAMM. The post Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution appeared first on SecurityWeek.

2006 AT&T whistleblower Mark Klein has died.  ( 4 min )

Microsoft has shed light on an ongoing phishing campaign that targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware. The activity, the tech giant said, started in December 2024 and operates with the end goal of conducting financial fraud and theft. It's

The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It's not clear how successful these efforts were. "

Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections. SAML is an XML-based markup language and open-standard used for exchanging authentication and authorization data between parties, enabling features like single sign-on (SSO), which allows

As IT environments grow more complex, IT professionals are facing unprecedented pressure to secure business-critical data. With hybrid work the new standard and cloud adoption on the rise, data is increasingly distributed across different environments, providers and locations, expanding the attack surface for emerging cyberthreats. While the need for a strong data protection strategy has become

Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has been assigned the CVE identifier CVE-2025-27363, and carries a CVSS score of 8.1, indicating high severity. Described as an out-of-bounds write flaw, it could be exploited to achieve remote code execution when parsing certain font

Browser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending expiration of a root certificate. "On March 14, 2025, a root certificate used to verify signed content and add-ons for various Mozilla projects, including Firefox, will expire," Mozilla said. "Without updating to Firefox

Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding when certain errors occur. An attacker could possibly use this issue to modify the app's behavior for other users through the network. (CVE-2020-10688) Mirko Selber discovered that RESTEasy improperly validated user input during HTTP response construction. This issue could possibly allow an attacker to cause a denial of service or execute arbitrary code. (CVE-2020-1695) It was discovered that RESTEasy unintentionally disclosed potentially sensitive server information to users during the handling of certain errors. (CVE-2020-25633) It was discovered that RESTEasy unintentionally disclosed parts of its code to users during the handling of certain errors. (CVE-2021-20289) It was discovered that RESTEasy used improper permissions when creating temporary files. An attacker could possibly use this issue to get access to sensitive data. (CVE-2023-0482) It was discovered that RESTEasy improperly handled certain HTTP requests and could be forced into a state in which it can no longer accept incoming connections. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-9622)  ( 4 min )

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - GPIO subsystem; - GPU drivers; - Media drivers; - Network drivers; - SCSI subsystem; - Direct Digital Synthesis drivers; - TTY drivers; - 9P distributed file system; - JFS file system; - NILFS2 file system; - File systems infrastructure; - BPF subsystem; - Netfilter; - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - IPv4 networking; - IPv6 networking; - Open vSwitch; - Network traffic control; - TIPC protocol; - Wireless networking; (CVE-2024-50171, CVE-2023-52880, CVE-2023-52522, CVE-2024-53104, CVE-2024-41064, CVE-2024-43892, CVE-2024-43900, CVE-2022-48772, CVE-2024-50148, CVE-2024-41063, CVE-2024-44938, CVE-2023-52799, CVE-2023-52818, CVE-2024-50134, CVE-2024-40943, CVE-2024-50117, CVE-2024-26685, CVE-2024-36964, CVE-2024-36952, CVE-2024-53164, CVE-2024-43893, CVE-2024-50229, CVE-2024-42070, CVE-2024-38567, CVE-2024-38558, CVE-2024-40910, CVE-2024-44931, CVE-2024-36886, CVE-2024-35896, CVE-2024-43863, CVE-2024-40911, CVE-2023-52488, CVE-2024-42068, CVE-2024-50233, CVE-2024-49902, CVE-2024-53156, CVE-2024-40981)  ( 5 min )

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; (CVE-2024-56672)  ( 4 min )

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; (CVE-2024-53104)  ( 4 min )

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - Block layer subsystem; - GPIO subsystem; - GPU drivers; - Media drivers; - Network drivers; - SCSI subsystem; - Direct Digital Synthesis drivers; - TTY drivers; - 9P distributed file system; - JFS file system; - NILFS2 file system; - File systems infrastructure; - BPF subsystem; - Netfilter; - Network sockets; - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - IPv4 networking; - IPv6 networking; - Netlink; - TIPC protocol; - Wireless networking; - ALSA framework; (CVE-2024-53156, CVE-2024-40943, CVE-2024-49902, CVE-2023-52488, CVE-2024-50233, CVE-2024-40911, CVE-2022-48994, CVE-2024-40981, CVE-2024-53104, CVE-2024-43900, CVE-2024-44938, CVE-2024-36952, CVE-2023-52799, CVE-2021-47103, CVE-2024-43863, CVE-2024-50171, CVE-2024-43892, CVE-2023-52522, CVE-2021-47606, CVE-2024-50148, CVE-2024-50117, CVE-2024-43893, CVE-2024-38567, CVE-2024-36886, CVE-2024-41064, CVE-2023-52818, CVE-2024-26685, CVE-2024-41063, CVE-2024-43854, CVE-2024-44931, CVE-2024-42068, CVE-2024-40910, CVE-2023-52880, CVE-2024-42070, CVE-2024-36964, CVE-2024-35896)  ( 5 min )

CISA released thirteen Industrial Control Systems (ICS) advisories on March 13, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-072-01 Siemens Teamcenter Visualization and Tecnomatrix Plant Simulation ICSA-25-072-02 Siemens SINEMA Remote Connect Server ICSA-25-072-03 Siemens SIMATIC S7-1500 TM MFP ICSA-25-072-04 Siemens SiPass integrated AC5102/ACC-G2 and ACC-AP ICSA-25-072-05 Siemens SINAMICS S200 ICSA-25-072-06 Siemens SCALANCE LPE9403 ICSA-25-072-07 Siemens SCALANCE M-800 and SC-600 Families ICSA-25-072-08 Siemens Tecnomatix Plant Simulation ICSA-25-072-09 Siemens OPC UA ICSA-25-072-10 Siemens SINEMA Remote Connect Client ICSA-25-072-11 Siemens SIMATIC IPC Family, ITP1000, and Field PGs ICSA-25-072-12 Sungrow iSolarCloud Android App and WiNet Firmware   ICSMA-25-072-01 Philips Intellispace Cardiovascular (ISCV) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.  ( 2 min )

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24201 Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability CVE-2025-21590 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.  ( 2 min )

Content warning: This blog post contains discussions of sensitive topics. These subjects may be distressing or triggering for some readers. Reader discretion is advised. Today, we are sharing insights on a simple, optimization-free jailbreak method called Context Compliance Attack (CCA), that has proven effective against most leading AI systems. We are disseminating this research to promote awareness and encourage system designers to implement appropriate safeguards.  ( 10 min )

Mandiant researchers found the routers of several unnamed organizations (likely telcos and ISPs) were hacked by UNC3886, and contained a custom backdoor called "TinyShell."

The National Institute of Standards and Technology (NIST) has released updated differential privacy guidelines for organizations to follow to protect personally identifiable information when sharing data.

A threat actor leveraged the vulnerability in an "extremely sophisticated" attack on targeted iOS users, the company says.

The prolonged attack, which lasted 300+ days, is the first known compromise of the US electric grid by the Voltzite subgroup of the Chinese APT; during it, the APT attempted to exfiltrate critical OT infrastructure data.

In the past, the vulnerability was exploited to drop Mirai botnet malware. Today, it's being used once more for another botnet campaign with its own malware.

To truly become indispensable in the boardroom, CISOs need to meet the dual demands of defending against sophisticated adversaries while leading resilience strategies.

USN-7343-1 fixed vulnerabilities in Jinja2. The update introduced a regression when attempting to import Jinja2 on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Rafal Krupinski discovered that Jinja2 did not properly restrict the execution of code in situations where templates are used maliciously. An attacker with control over a template's filename and content could potentially use this issue to enable the execution of arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-56201) It was discovered that Jinja2 sandboxed environments could be escaped through a call to a string format method. An attacker could possibly use this issue to enable the execution of arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-56326) It was discovered that Jinja2 sandboxed environments could be escaped through the malicious use of certain filters. An attacker could possibly use this issue to enable the execution of arbitrary code. (CVE-2025-27516)  ( 4 min )

It was discovered that UnRAR incorrectly handled certain paths. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to write arbitrary files outside of the targeted directory. (CVE-2022-30333, CVE-2022-48579) It was discovered that UnRAR incorrectly handled certain recovery volumes. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2023-40477) Siddharth Dushantha discovered that UnRAR incorrectly handled ANSI escape sequences when writing screen output. If a user or automated system were tricked into processing a specially crafted RAR archive, a remote attacker could possibly use this issue to spoof screen output or cause a denial of service. (CVE-2024-33899)  ( 4 min )

It was discovered that RAR incorrectly handled certain paths. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to write arbitrary files outside of the targeted directory. (CVE-2022-30333) It was discovered that RAR incorrectly handled certain recovery volumes. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2023-40477)  ( 4 min )

It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered “private” or “globally reachable”. This could possibly result in applications applying incorrect security policies. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-4032) It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated. (CVE-2024-9287) It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery (SSRF) attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-11168) It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery (SSRF) attack. (CVE-2025-0938)  ( 4 min )

USN-7299-2 fix vulnerabilities in X.Org X Server. This fix caused regression in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update reverts it pending further investigation. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could use these issues to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.  ( 4 min )

It was discovered that Netatalk did not properly manage memory under certain circumstances. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2024-38439, CVE-2024-38440, CVE-2024-38441)  ( 4 min )

It was discovered that OpenSC did not correctly handle certain memory operations, which could lead to a use-after-free vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-42780) It was discovered that OpenSC did not correctly handle certain memory operations, which could lead to a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-42782) It was discovered that OpenSC did not correctly handle the length of certain buffers, which could lead to a out-of-bounds access vulnerability. An attacker could possibly use this is…  ( 6 min )

Israeli startup in the automated security validation space secures a $60 million round led by Evolution Equity Partners. The post Security Validation Firm Pentera Banks $60M Series D   appeared first on SecurityWeek.

China-nexus cyberespionage group caught planting custom backdoors on end-of-life Juniper Networks Junos OS routers. The post Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers appeared first on SecurityWeek.

How hyper agenda-driven threat actors, cybercriminals, and nation-states integrate digital, narrative, and physical attacks to target organizations through their executives. The post Webinar Today: Protecting Executives and Enterprises from Digital, Narrative and Physical Attacks appeared first on SecurityWeek.

360 Privacy has raised $36 million in equity investment to scour the surface and dark web for leaked PII and remove it. The post 360 Privacy Raises $36 Million for Digital Executive Protection Platform appeared first on SecurityWeek.

Organizations must recognize that security is not about the number of tools deployed, it is about ensuring those tools effectively disrupt the attack chain at every stage. The post A Guide to Security Investments: The Anatomy of a Cyberattack appeared first on SecurityWeek.

Zoom has patched five vulnerabilities in its applications, including four high-severity flaws. The post Zoom Patches 4 High-Severity Vulnerabilities appeared first on SecurityWeek.

FTC says reported losses to fraud exceeded $12.5 billion in 2024, with $5.7 billion lost to investment scams. The post Fraud Losses Reached $12.5 Billion in 2024: FTC  appeared first on SecurityWeek.

Exploiting trust in the DeepSeek brand, scammers attempt to harvest personal information or steal user credentials. The post Beware of DeepSeek Hype: It’s a Breeding Ground for Scammers appeared first on SecurityWeek.

Dragos case study reveals that Volt Typhoon hacked the US electric grid and stole information on OT systems. The post China’s Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days appeared first on SecurityWeek.

Fortinet has published 17 new advisories to inform customers about 18 vulnerabilities patched in its products. The post Fortinet Patches 18 Vulnerabilities  appeared first on SecurityWeek.

The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX routers from Juniper Networks as part of a campaign designed to deploy custom backdoors, highlighting their ability to focus on internal networking infrastructure. "The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script that

Threat intelligence firm GreyNoise is warning of a "coordinated surge" in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning multiple platforms. "At least 400 IPs have been seen actively exploiting multiple SSRF CVEs simultaneously, with notable overlap between attack attempts," the company said, adding it observed the activity on March 9, 2025. The countries which

We’ve been hearing the same story for years: AI is coming for your job. In fact, in 2017, McKinsey printed a report, Jobs Lost, Jobs Gained: Workforce Transitions in a Time of Automation, predicting that by 2030, 375 million workers would need to find new jobs or risk being displaced by AI and automation. Queue the anxiety.  There have been ongoing whispers about what roles would be

Microsoft on Tuesday released security updates to address 57 security vulnerabilities in its software, including a whopping six zero-days that it said have been actively exploited in the wild. Of the 56 flaws, six are rated Critical, 50 are rated Important, and one is rated Low in severity. Twenty-three of the addressed vulnerabilities are remote code execution bugs and 22 relate to privilege

Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in "extremely sophisticated" attacks. The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is rooted in the WebKit web browser engine component. It has been described as an out-of-bounds write issue that could allow an attacker to craft malicious web content such that it

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)—released joint Cybersecurity Advisory, #StopRansomware: Medusa Ransomware. This advisory provides tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and detection methods associated with known Medusa ransomware activity. Medusa is a ransomware-as-a-service variant used to conduct ransomware attacks; as of December 2024, over 300 victims from critical infrastructure sectors have been impacted. Medusa actors use common techniques like phishing campaigns and exploiting unpatched software vulnerabilities. Immediate actions organizations can take to mitigate Medusa ransomware activity:  Ensure operating systems, software, and firmware are patched and up to date. Segment networks to restrict lateral movement. Filter network traffic by preventing unknown or untrusted origins from accessing remote services. CISA encourages network defenders to review the advisory and implement the recommended mitigations to reduce the likelihood and impact of Medusa ransomware incidents. See #StopRansomware and the #StopRansomware Guide for additional guidance on ransomware protection, detection, and response.  ( 2 min )

Former CISA Director Jen Easterly writes about a new international intelligence sharing co-op: Historically, China, Russia, Iran & North Korea have cooperated to some extent on military and intelligence matters, but differences in language, culture, politics & technological sophistication have hindered deeper collaboration, including in cyber. Shifting geopolitical dynamics, however, could drive these states toward a more formalized intell-sharing partnership. Such a “Four Eyes” alliance would be motivated by common adversaries and strategic interests, including an enhanced capacity to resist economic sanctions and support proxy conflicts...  ( 5 min )

The number of zero-day vulnerabilities getting patched in Microsoft's March update is the company's second-largest ever.

Plankey has served in numerous cybersecurity positions in the past, including during the first Trump presidency from 2018-2020.

A Libya-linked threat actor has resurfaced attacking the Middle East and North Africa, using the same old political phishing tricks to deliver AsyncRAT that have worked for years.

While deregulation may open opportunities for growth and innovation, it also creates new risks that demand a proactive, accountable approach to security.

Analysts weigh in on how democratizing cybersecurity could benefit organizations, particularly SMBs, as threats increase across the landscape.

An email campaign luring users with offers of free President Trump meme coins can lead to computer takeover via the ConnectWise RAT, in less than 2 minutes.

Zahid TOKAT discovered that .NET suffered from a weak authentication vulnerability. An attacker could possibly use this issue to elevate privileges.  ( 4 min )

Rafal Krupinski discovered that Jinja2 did not properly restrict the execution of code in situations where templates are used maliciously. An attacker with control over a template's filename and content could potentially use this issue to enable the execution of arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-56201) It was discovered that Jinja2 sandboxed environments could be escaped through a call to a string format method. An attacker could possibly use this issue to enable the execution of arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-56326) It was discovered that Jinja2 sandboxed environments could be escaped through the malicious use of certain filters. An attacker could possibly use this issue to enable the execution of arbitrary code. (CVE-2025-27516)  ( 4 min )

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - Block layer subsystem; - GPIO subsystem; - GPU drivers; - Media drivers; - Network drivers; - SCSI subsystem; - Direct Digital Synthesis drivers; - TTY drivers; - 9P distributed file system; - JFS file system; - NILFS2 file system; - File systems infrastructure; - BPF subsystem; - Netfilter; - Network sockets; - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - IPv4 networking; - IPv6 networking; - Netlink; - TIPC protocol; - Wireless networking; - ALSA framework; (CVE-2024-26685, CVE-2024-50233, CVE-2024-41063, CVE-2024-42070, CVE-2024-40910, CVE-2024-40911, CVE-2024-36886, CVE-2024-35896, CVE-2024-43863, CVE-2023-52522, CVE-2024-53156, CVE-2023-52488, CVE-2024-43854, CVE-2024-44938, CVE-2024-53104, CVE-2024-44931, CVE-2024-50171, CVE-2024-43892, CVE-2024-50148, CVE-2024-38567, CVE-2024-36964, CVE-2024-43893, CVE-2024-36952, CVE-2022-48994, CVE-2021-47606, CVE-2023-52818, CVE-2024-41064, CVE-2024-40981, CVE-2024-40943, CVE-2024-42068, CVE-2023-52880, CVE-2021-47103, CVE-2024-43900, CVE-2024-50117, CVE-2023-52799, CVE-2024-49902)  ( 5 min )

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - GPIO subsystem; - GPU drivers; - Media drivers; - Network drivers; - SCSI subsystem; - Direct Digital Synthesis drivers; - TTY drivers; - 9P distributed file system; - JFS file system; - NILFS2 file system; - File systems infrastructure; - BPF subsystem; - Netfilter; - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - IPv4 networking; - IPv6 networking; - Open vSwitch; - Network traffic control; - TIPC protocol; - Wireless networking; (CVE-2024-50134, CVE-2024-40981, CVE-2022-48772, CVE-2024-43900, CVE-2023-52488, CVE-2024-49902, CVE-2023-52880, CVE-2024-50229, CVE-2024-43892, CVE-2024-42068, CVE-2024-40910, CVE-2024-26685, CVE-2024-43863, CVE-2024-53104, CVE-2024-41064, CVE-2023-52799, CVE-2024-42070, CVE-2024-35896, CVE-2024-44931, CVE-2024-40943, CVE-2024-36952, CVE-2024-38558, CVE-2024-50171, CVE-2023-52522, CVE-2024-36964, CVE-2024-53156, CVE-2024-41063, CVE-2024-50117, CVE-2023-52818, CVE-2024-43893, CVE-2024-50233, CVE-2024-44938, CVE-2024-36886, CVE-2024-38567, CVE-2024-53164, CVE-2024-50148, CVE-2024-40911)  ( 6 min )

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - GPIO subsystem; - GPU drivers; - Media drivers; - Network drivers; - SCSI subsystem; - Direct Digital Synthesis drivers; - TTY drivers; - 9P distributed file system; - JFS file system; - NILFS2 file system; - File systems infrastructure; - BPF subsystem; - Netfilter; - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - IPv4 networking; - IPv6 networking; - Open vSwitch; - Network traffic control; - TIPC protocol; - Wireless networking; (CVE-2024-36886, CVE-2024-44931, CVE-2024-50117, CVE-2024-35896, CVE-2024-50229, CVE-2024-40981, CVE-2022-48772, CVE-2024-49902, CVE-2024-53164, CVE-2024-41063, CVE-2024-50233, CVE-2024-36952, CVE-2024-43892, CVE-2024-36964, CVE-2024-43900, CVE-2023-52799, CVE-2024-44938, CVE-2024-40910, CVE-2024-26685, CVE-2024-41064, CVE-2024-43863, CVE-2023-52818, CVE-2024-38567, CVE-2024-53156, CVE-2023-52522, CVE-2024-50134, CVE-2024-40911, CVE-2024-40943, CVE-2024-50148, CVE-2024-42068, CVE-2024-53104, CVE-2023-52880, CVE-2024-42070, CVE-2024-38558, CVE-2023-52488, CVE-2024-43893, CVE-2024-50171)  ( 5 min )

Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041) Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service. (CVE-2024-32458, CVE-2024-32460) It was discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service. (CVE-2024-32661)  ( 4 min )

It was discovered that OpenVPN did not perform proper input validation when generating a TLS key under certain configuration, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS. (CVE-2017-12166) Reynir Björnsson discovered that OpenVPN incorrectly handled certain control channel messages with nonprintable characters. A remote attacker could possibly use this issue to cause OpenVPN to consume resources, or fill up log files with garbage, leading to a denial of service. (CVE-2024-5594)  ( 4 min )

Andy Boothe discovered that the Networking component of CRaC JDK 17 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21208) It was discovered that the Hotspot component of CRaC JDK 17 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2024-21210, CVE-2024-21235) It was discovered that the Serialization component of CRaC JDK 17 did not properly handle deserialization under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21217) It was discovered that the Hotspot component of CRaC JDK 17 did not properly handle API access under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2025-21502) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2024-10-15 https://openjdk.org/groups/vulnerability/advisories/2025-01-21  ( 4 min )

Andy Boothe discovered that the Networking component of CRaC JDK 21 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21208) It was discovered that the Hotspot component of CRaC JDK 21 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2024-21210, CVE-2024-21235) It was discovered that the Serialization component of CRaC JDK 21 did not properly handle deserialization under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21217) It was discovered that the Hotspot component of CRaC JDK 21 did not properly handle API access under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2025-21502) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2024-10-15 https://openjdk.org/groups/vulnerability/advisories/2025-01-21  ( 4 min )

Apple warns that the WebKIt bug "may have been exploited in an extremely sophisticated attack against specific targeted individuals.” The post Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw appeared first on SecurityWeek.

Redmond ships major security updates with warnings that a half-dozen Windows vulnerabilities have already been exploited in the wild. The post Microsoft Flags Six Active Zero-Days, Patches 57 Flaws: Patch Tuesday appeared first on SecurityWeek.

Adobe documents 35 security flaws in a wide range of products, including code-execution issues in the Acrobat and Reader applications. The post Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader appeared first on SecurityWeek.

Report from the Department for Science, Innovation & Technology (DSIT) finds weaknesses in current practices. The post UK Government Report Calls for Stronger Open Source Supply Chain Security Practices appeared first on SecurityWeek.

Cato Networks has analyzed a new IoT botnet named Ballista, which targets TP-Link Archer routers.   The post New Ballista IoT Botnet Linked to Italian Threat Actor appeared first on SecurityWeek.

The New York Attorney General sued National General and its parent company Allstate over two data breaches. The post New York Sues Insurance Giant Over Data Breaches appeared first on SecurityWeek.

SAP released 21 new security notes and updated three security notes on March 2025 security patch day. The post SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver appeared first on SecurityWeek.

Edimax is aware that CVE-2025-1316 has been exploited in the wild, but the impacted devices were discontinued over a decade ago. The post Edimax Says No Patches Coming for Zero-Day Exploited by Botnets appeared first on SecurityWeek.

The financing was provided by S Capital and investor Mike Moritz, S32, Glilot Capital Partners, and several angel investors. The post Sola Security Deposits Hefty $30M Seed Funding appeared first on SecurityWeek.

South American cyberespionage group Blind Eagle has infected over 1,600 organizations in Colombia in a recent campaign. The post 1,600 Victims Hit by South American APT’s Malware appeared first on SecurityWeek.

Lots of interesting details in the story: The US Department of Justice on Wednesday announced the indictment of 12 Chinese individuals accused of more than a decade of hacker intrusions around the world, including eight staffers for the contractor i-Soon, two officials at China’s Ministry of Public Security who allegedly worked with them, and two other alleged hackers who are said to be part of the Chinese hacker group APT27, or Silk Typhoon, which prosecutors say was involved in the US Treasury breach late last year. […] According to prosecutors, the group as a whole has targeted US state and federal agencies, foreign ministries of countries across Asia, Chinese dissidents, US-based media outlets that have criticized the Chinese government, and most recently the US Treasury, which was breached between September and December of last year. An internal Treasury report ...  ( 4 min )

Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources. The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint advisory to disseminate known Medusa ransomware TTPs and IOC…  ( 15 min )

The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. "The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates," Check Point said in a new analysis. "More than 1,600 victims were affected during one of

Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet," security researchers Ofek Vardi and Matan Mittelman said in a technical report shared with

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security, believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn’t equal being secure. As Sun Tzu warned, “Strategy without tactics is

Inside the most innocent-looking image, a breathtaking landscape, or a funny meme, something dangerous could be hiding, waiting for its moment to strike. No strange file names. No antivirus warnings. Just a harmless picture, secretly concealing a payload that can steal data, execute malware, and take over your system without a trace. This is steganography, a cybercriminal’s secret weapon for

Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder. The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear energy

Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees. The vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0. "Multiple Moxa PT switches are vulnerable to an authentication bypass because of flaws in their

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-57968 - An unrestricted file upload vulnerability in Advantive VeraCore

CISA released two Industrial Control Systems (ICS) advisories on March 11, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-070-01 Schneider Electric Uni-Telway Driver ICSA-25-070-02 Optigo Networks Visual BACnet Capture Tool/Optigo Visual Networks Capture Tool CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.  ( 2 min )

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability CVE-2025-24984 Microsoft Windows NTFS Information Disclosure Vulnerability CVE-2025-24985 Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability CVE-2025-24991 Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability CVE-2025-24993 Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability CVE-2025-26633 Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.  ( 2 min )

Elon Musk claimed that the social media platform X was being targeted in a “massive cyberattack" that impacted availability. The post Elon Musk Claims X Being Targeted in ‘Massive Cyberattack’ as Service Goes Down appeared first on SecurityWeek.

Binance is being spoofed in an email campaign using free TRUMP Coins as a lure leading to the installation of the ConnectWise RAT. The post Trump Coins Used as Lure in Malware Campaign appeared first on SecurityWeek.

Palo Alto Networks has shared details on several high-severity Mitsubishi Electric and Iconics SCADA vulnerabilities. The post Details Disclosed for SCADA Flaws That Could Facilitate Industrial Attacks appeared first on SecurityWeek.

Fortra has shared an update on the effects of actions taken to reduce the abuse of Cobalt Strike by threat actors. The post Cobalt Strike Abuse Dropped 80% in Two Years appeared first on SecurityWeek.

Davis Lu was convicted of sabotaging his employer’s systems through malicious code, and deleting encrypted data. The post Developer Convicted for Hacking Former Employer’s Systems appeared first on SecurityWeek.

In 2024, Google paid out nearly $12 million in bug bounties through its revamped vulnerability reward programs. The post Google Paid Out $12 Million via Bug Bounty Programs in 2024 appeared first on SecurityWeek.

GreyNoise warns of mass exploitation of a critical vulnerability in PHP leading to remote code execution on vulnerable servers. The post Critical PHP Vulnerability Under Mass Exploitation appeared first on SecurityWeek.

Several healthcare organizations in different US states have disclosed data breaches affecting 100,000-200,000 individuals.  The post 560,000 People Impacted Across Four Healthcare Data Breaches appeared first on SecurityWeek.

The likely India-based threat group is also targeting logistics companies in a continued expansion of its activities.

The program underwent a series of changes in the past year, including richer maximum rewards in a variety of bug categories.

The South American-based advanced persistent threat group is using an exploit with a "high infection rate," according to research from Check Point.

Clandestine kill switch was designed to lock out other users if the developer's account in the company's Windows Active Directory was ever disabled.

In the battle against two-minute micro-attacks that can knock out critical communication services, the difference between success and failure can literally come down to seconds.

Microsoft has identified a complex, malvertising-based attack chain that delivered Lumma and other infostealers to enterprise and consumer PC users; the campaign is unlikely the last of its kind.

Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on. "The polymorphic extensions create a pixel perfect replica of the target's icon, HTML popup, workflows and even temporarily disables the legitimate extension, making it extremely convincing for victims to believe that they are providing credentials to

The Middle East and North Africa have become the target of a new campaign that delivers a modified version of a known malware called AsyncRAT since September 2024. "The campaign, which leverages social media to distribute malware, is tied to the region's current geopolitical climate," Positive Technologies researchers Klimentiy Galkin and Stanislav Pyzhov said in an analysis published last week.

The Need For Unified Security Google Workspace is where teams collaborate, share ideas, and get work done. But while it makes work easier, it also creates new security challenges. Cybercriminals are constantly evolving, finding ways to exploit misconfigurations, steal sensitive data, and hijack user accounts. Many organizations try to secure their environment by piecing together different

Cyber threats today don't just evolve—they mutate rapidly, testing the resilience of everything from global financial systems to critical infrastructure. As cybersecurity confronts new battlegrounds—ranging from nation-state espionage and ransomware to manipulated AI chatbots—the landscape becomes increasingly complex, prompting vital questions: How secure are our cloud environments? Can our

A new mass malware campaign is infecting users with a cryptocurrency miner named SilentCryptoMiner by masquerading it as a tool designed to circumvent internet blocks and restrictions around online services. Russian cybersecurity company Kaspersky said the activity is part of a larger trend where cybercriminals are increasingly leveraging Windows Packet Divert (WPD) tools to distribute malware

High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source Info n/a--n/a   Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request. 2025-03-04 10 CVE-2024-50704 n/a--n/a   Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request. 2025-03-04 10 CVE-2024-50707 NotFound--Ark Theme Core   Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ark Theme Core allows Code Injection. This issue affects Ark Theme Core: from n/a through 1.70.0. 2025-03-03 10 CVE-2025-26970 luce…  ( 163 min )

It was discovered that LibreOffice incorrectly handled Office URI Schemes. If a user or automated system were tricked into opening a specially crafted LibreOffice file, a remote attacker could possibly use this issue to call internal macros.  ( 4 min )

USN-7299-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could use these issues to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.  ( 4 min )

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-25181 Advantive VeraCore SQL Injection Vulnerability CVE-2024-57968 Advantive VeraCore Unrestricted File Upload Vulnerability CVE-2024-13159 Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability CVE-2024-13160 Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability CVE-2024-13161 Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.  ( 2 min )

The malware includes four separate backdoors: Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed. A unique case we haven’t seen before. Which introduces another type of attack made possibly by abusing websites that don’t monitor 3rd party dependencies in the browser of their users. The four backdoors: The functions of the four backdoors are explained below: Backdoor 1, which uploads and installs a fake plugin named “Ultra SEO Processor,” which is then used to execute attacker-issued commands ...  ( 9 min )

Squid is a loyalty card platform in Ireland. Blog moderation policy.  ( 3 min )

The EFF has created an open-source hardware tool to detect IMSI catchers: fake cell phone towers that are used for mass surveillance of an area. It runs on a $20 mobile hotspot.  ( 7 min )

The group is using the Medusa malware and taking up space once held by other notable ransomware groups like LockBot, increasing its victim list to 400 and demanding astoundingly high ransoms.

Manufacturers and infrastructure providers are gaining options to satisfy regulations and boost cyber safety for embedded and industrial control systems, as EMB3D, STRIDE, and ATT&CK for ICS gain traction.

With hundreds of artificial intelligence models found harboring malicious code, cybersecurity firms are releasing technology to help companies manage their AI development and deployment efforts.

Fortra, Microsoft, and Health-ISAC have combined forces to claw back one of hackers' most prized attack tools, with massive takedowns.

More than 41,000 ESXi instances remain vulnerable to a critical VMware vulnerability, one of three that Broadcom disclosed earlier this week.

The pair found a loophole through StubHub's services, allowing them to steal tickets and resell them for personal profit, amassing hundreds of thousands of dollars.

Businesses have a responsibility to safeguard their workforce, which is best achieved by preparing and equipping the whole organization to better face these worst-case cyber scenarios.

The PC Security Stack Mappings project improves the security posture of corporate PCs by aligning each of the security features found in vPro PC and Core Ultra chips with the techniques described in MITRE's ATT&CK.

Armis will integrate Otorio's Titan platform with its cloud-based Centrix, bringing an on-premises option to the cloud-only offering.

Two men linked to Garantex are accused of facilitating multi-billion dollar money laundering and sanctions violations. The post US Seize Garantex in Cryptocurrency Money Laundering Bust appeared first on SecurityWeek.

Noteworthy stories that might have slipped under the radar: Google discloses AMD CPU flaw named EntrySign, ISPs in the US and China targeted in massive attack, ENISA report on NIS2 Directive. The post In Other News: EntrySign AMD Flaw, Massive Attack Targets ISPs, ENISA Report appeared first on SecurityWeek.

Multiple Mirai-based botnets are exploiting CVE-2025-1316, an Edimax IP camera vulnerability that allows remote command execution. The post Edimax Camera Zero-Day Disclosed by CISA Exploited by Botnets appeared first on SecurityWeek.

An extortion group has been sending physical mail to corporate executives, threatening to leak their data unless a ransom is paid. The post FBI: Fake Ransomware Attack Claims Sent to US Executives via Snail Mail  appeared first on SecurityWeek.

Microsoft has uncovered a malvertising campaign that redirected users to information stealers hosted on GitHub. The post Microsoft Says One Million Devices Impacted by Infostealer Campaign  appeared first on SecurityWeek.

National Presto Industries says a cyberattack has resulted in a system outage and operational disruptions. The post Cyberattack Disrupts National Presto Industries Operations appeared first on SecurityWeek.

NTT Communications Corporation has disclosed a data breach impacting the information of nearly 18,000 customer organizations. The post 18,000 Organizations Impacted by NTT Com Data Breach appeared first on SecurityWeek.

Dozens of schools and thousands of individuals are impacted by a data breach resulting from a ransomware attack on Carruth Compliance Consulting. The post Many Schools Report Data Breach After Retirement Services Firm Hit by Ransomware appeared first on SecurityWeek.

Google Cloud’s AI Protection helps discover AI inventory, secure AI assets, and manage threats with detect, investigate, and respond capabilities. The post New AI Protection from Google Cloud Tackles AI Risks, Threats, and Compliance appeared first on SecurityWeek.

The number of Medusa ransomware attacks observed in the first two months of 2025 doubled compared to the same period last year. The post Medusa Ransomware Attacks Increase appeared first on SecurityWeek.

The transaction is valued in the range of $120 million and gives Armis an on-premises CPS solution The post Armis Acquires Otorio to Expand OT and CPS Security Suite appeared first on SecurityWeek.

Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that's used by various cybercrime and ransomware groups like Ragnar Locker (aka Monstrous Mantis), FIN7, FIN8, and Ruthless Mantis (ex-REvil). "Ragnar Loader plays a key role in keeping access to compromised systems, helping attackers stay in networks for long-term operations," Swiss

Microsoft has disclosed details of a large-scale malvertising campaign that's estimated to have impacted over one million devices globally as part of what it said is an opportunistic attack designed to steal sensitive information. The tech giant, which detected the activity in early December 2024, is tracking it under the broader umbrella Storm-0408, a moniker used for a set of threat actors

Are you tired of dealing with outdated security tools that never seem to give you the full picture? You’re not alone. Many organizations struggle with piecing together scattered information, leaving your apps vulnerable to modern threats. That’s why we’re excited to introduce a smarter, unified approach: Application Security Posture Management (ASPM). ASPM brings together the best of both

Access on-demand webinar here Avoid a $100,000/month Compliance Disaster March 31, 2025: The Clock is Ticking. What if a single overlooked script could cost your business $100,000 per month in non-compliance fines? PCI DSS v4 is coming, and businesses handling payment card data must be prepared. Beyond fines, non-compliance exposes businesses to web skimming, third-party script attacks, and

Cybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI) repository that's equipped to steal a victim's Ethereum private keys by impersonating popular libraries. The package in question is set-utils, which has received 1,077 downloads to date. It's no longer available for download from the official registry. "Disguised as a simple utility for Python

A coalition of international law enforcement agencies has seized the website associated with the cryptocurrency exchange Garantex ("garantex[.]org"), nearly three years after the service was sanctioned by the U.S. Treasury Department in April 2022. "The domain for Garantex has been seized by the United States Secret Service pursuant to a seizure warrant obtained by the United States Attorney's

Safe{Wallet} has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a "highly sophisticated, state-sponsored attack," stating the North Korean threat actors behind the hack took steps to erase traces of the malicious activity in an effort to hamper investigation efforts. The multi-signature (multisig) platform, which has roped in Google Cloud Mandiant to

Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025. "The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines," Cisco Talos researcher Chetan Raghuprasad said in a technical

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; (CVE-2024-53104)  ( 4 min )

Is EncryptHub the most prolific cybercriminal in recent history? Or, as new information suggests, a bumbling amateur?

The US Justice Department on Wednesday announced charges against members of the Chinese-backed i-Soon "secret" APT and APT27, the latter implicated in January's Treasury breach.

Many women are finding that they are unhappy in their cybersecurity roles, largely due to the layoffs their companies are experiencing, cutbacks, and return to in-office work policies.

Recently, 57 countries signed an agreement pledging an "open" and "inclusive" approach to AI's development. The US and UK were not among them, with the US vice president implying productivity should be the priority over safety. Should the opportunity for AI to drive innovation and productivity be prioritized over safety and security?

The Cybersecurity and Infrastructure Security Agency's role in risk management needs to expand, not shrink.

YouTube creators are being targeted by scammers seeking out their credentials, using deepfake tactics to lure them in with a false sense of legitimacy.

Cybercriminals are ramping up their efforts in the Kingdom and targeting more than just petroleum firms; now, they're aiming for Middle East organizations in the IT, government, construction, and real estate sectors too.

As CISOs take a seat at the boardroom table, the focus shifts from stacking security tools to driving accountability, efficiency, and strategic risk management.

The threat actor, of unknown origin, is deploying a proprietary backdoor malware known as "Sagerunex" against critical infrastructure in Hong Kong, Philippines, Taiwan, and Vietnam.

The $1.4 billion ByBit cryptocurrency heist combined social engineering, stolen AWS session tokens, MFA bypasses and a rigged JavaScript file. The post How Social Engineering Sparked a Billion-Dollar Supply Chain Cryptocurrency Heist appeared first on SecurityWeek.

The House of Representatives has passed a bill aimed at requiring federal contractors to have a Vulnerability Disclosure Policy (VDP). The post House Passes Bill Requiring Federal Contractors to Implement Vulnerability Disclosure Policies appeared first on SecurityWeek.

Matthew Akande was extradited to the US to face charges for his role in hacking into Massachusetts tax preparation firms’ networks. The post Nigerian Accused of Hacking Tax Preparation Firms Extradited to US appeared first on SecurityWeek.

A group of financial organizations is asking CISA to rescind and reissue its proposed implementation of CIRCIA. The post Financial Organizations Urge CISA to Revise Proposed CIRCIA Implementation appeared first on SecurityWeek.

A second iteration of the BadBox botnet that affected over one million Android devices has been partially disrupted. The post BadBox Botnet Powered by 1 Million Android Devices Disrupted appeared first on SecurityWeek.

AIceberg has launched a solution that helps governments and enterprises with the safe, secure and compliant adoption of AI.  The post AIceberg Gets $10 Million in Seed Funding for AI Security Platform appeared first on SecurityWeek.

Scans show that tens of thousands of VMware ESXi instances are affected by CVE-2025-22224 and other vulnerabilities disclosed recently as zero-days. The post Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks appeared first on SecurityWeek.

Michael Vaughan discovered an overflow vulnerability in GNU Chess that occurs when reading a specially crafted Portable Game Notation (PGN) file. An attacker could possibly use this issue to cause GNU Chess to crash, resulting in a denial of service, or the execution of arbitrary code.  ( 4 min )

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - Networking core; (CVE-2024-56672, CVE-2024-56658)  ( 4 min )

It was discovered that Django incorrectly handled text wrapping. An attacker could possibly use this issue to cause a denial of service.  ( 4 min )

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2025-1933, CVE-2025-1934, CVE-2025-1935, CVE-2025-1936, CVE-2025-1937, CVE-2025-1942) It was discovered that Firefox did not properly handle WebTransport connection, leading to a use-after-free vulnerability. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2025-1931) Ivan Fratric discovered that Firefox did not properly handle XSLT sorting, leading to a out-of-bounds access vulnerability. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2025-1932)  ( 4 min )

Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been described as a case of prototype pollution. "Prototype pollution in Kibana leads to

The financially motivated threat actor known as EncryptHub has been observed orchestrating sophisticated phishing campaigns to deploy information stealers and ransomware, while also working on a new product called EncryptRAT. "EncryptHub has been observed targeting users of popular applications, by distributing trojanized versions," Outpost24 KrakenLabs said in a new report shared with The

Cyber threats are growing more sophisticated, and traditional security approaches struggle to keep up. Organizations can no longer rely on periodic assessments or static vulnerability lists to stay secure. Instead, they need a dynamic approach that provides real-time insights into how attackers move through their environment. This is where attack graphs come in. By mapping potential attack paths

The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024. In the first two months of 2025 alone, the group has claimed over 40 attacks, according to data from the Symantec Threat Hunter Team said in a report shared with The Hacker News. The

Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. "Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed," c/side researcher Himanshu Anand said in a Wednesday analysis. The malicious JavaScript code has been found to be served via cdn.csyndication[

The U.S. Department of Justice (DoJ) has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally. The individuals include two officers of the People's Republic of China's (PRC) Ministry of Public Security (MPS), eight employees of an ostensibly private PRC company, Anxun

Interesting article—with photos!—of the US/UK “Combined Cipher Machine” from WWII.  ( 6 min )

The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) has released an alert warning of a scam involving criminal actors masquerading as the “BianLian Group.” The cyber criminals target corporate executives by sending extortion letters threatening to release victims’ sensitive information unless payment is received.  CISA encourages organizations to review the following FBI Public Service Announcement for more information: Mail Scam Targeting Corporate Executives Claims Ties to Ransomware Organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at Report@cisa.gov or (888) 282-0870.  ( 2 min )

CISA released three Industrial Control Systems (ICS) advisories on March 6, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-065-01 Hitachi Energy PCU400 ICSA-25-065-02 Hitachi Energy Relion 670/650/SAM600-IO   ICSA-25-037-02 Schneider Electric EcoStruxure (Update A)   CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.  ( 2 min )

The nation-state threat group has been breaching providers of remote management tools, identity management providers, and other IT companies to access networks of targeted entities, according to Microsoft.

The new cloud security startup uses AI to scan cloud applications and systems for issues before they are deployed.

The chipmakers patched bugs, mostly critical and high severity, that affect everything from smartphones to TVs to artificial intelligence platforms.

The Iran-linked nation-state group made its debut with a stealthy, sophisticated, and laser-focused cyber-espionage attack on targets in UAE.

The letters mimic typical ransom notes and threaten to delete or leak compromised data if payments aren't made, though none of the organizations that received them had active ransomware attacks.

Many CISOs are weighing the benefits of going virtual as a consultant. Can the pendulum swing in the other direction?

The future of the formerly fearsome cybercriminal group remains uncertain as key members have moved to a new affiliation, in fresh attacks that use novel persistence malware BackConnect.

It was discovered that Ansible did not properly verify certain fields of X.509 certificates. An attacker could possibly use this issue to spoof SSL servers if they were able to intercept network communications. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3908) Martin Carpenter discovered that certain connection plugins for Ansible did not properly restrict users. An attacker with local access could possibly use this issue to escape a restricted environment via symbolic links misuse. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-6240) Robin Schneider discovered that Ansible's apt_key module did not properly verify key fingerprints. A remote attacker could possibly use this issue to perform key injection, leading to the access of sensitive information. This issue only affec…  ( 5 min )

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; - Direct Digital Synthesis drivers; - TTY drivers; - 9P distributed file system; - ALSA framework; (CVE-2023-52880, CVE-2024-43900, CVE-2024-36964, CVE-2024-50233, CVE-2022-48994)  ( 4 min )

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - Block layer subsystem; - GPIO subsystem; - GPU drivers; - Media drivers; - Network drivers; - SCSI subsystem; - Direct Digital Synthesis drivers; - TTY drivers; - 9P distributed file system; - JFS file system; - NILFS2 file system; - File systems infrastructure; - BPF subsystem; - Netfilter; - Network sockets; - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - IPv4 networking; - IPv6 networking; - Netlink; - TIPC protocol; - Wireless networking; - ALSA framework; (CVE-2022-48994, CVE-2024-43900, CVE-2024-40943, CVE-2024-41063, CVE-2024-42070, CVE-2024-38567, CVE-2024-36964, CVE-2023-52522, CVE-2024-53156, CVE-2024-53104, CVE-2024-43854, CVE-2024-42068, CVE-2023-52818, CVE-2024-44931, CVE-2021-47103, CVE-2023-52799, CVE-2024-43893, CVE-2024-36886, CVE-2024-49902, CVE-2024-36952, CVE-2024-40911, CVE-2023-52488, CVE-2024-35896, CVE-2024-50117, CVE-2024-50171, CVE-2021-47606, CVE-2024-40910, CVE-2024-43892, CVE-2024-50148, CVE-2024-41064, CVE-2024-44938, CVE-2024-50233, CVE-2023-52880, CVE-2024-43863, CVE-2024-26685, CVE-2024-40981)  ( 5 min )

It was discovered that Redis incorrectly handled certain memory operations during pattern matching. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-31228) It was discovered that Redis incorrectly handled certain specially crafted Lua scripts. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-46981) It was discovered that Redis incorrectly handled some malformed ACL selectors. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.10 and Ubuntu 24.04 LTS. (CVE-2024-51741)  ( 4 min )

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - ACPI drivers; - GPU drivers; - HID subsystem; - I2C subsystem; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - IOMMU subsystem; - IRQ chip drivers; - Multiple devices driver; - Media drivers; - Network d…  ( 5 min )

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - Network drivers; (CVE-2024-50274, CVE-2024-53064, CVE-2024-56672)  ( 4 min )

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; (CVE-2024-56672)  ( 4 min )

A security issues was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; (CVE-2024-56672)  ( 4 min )

i-Soon employees charged with conducting extensive hacking campaigns on behalf of Beijing’s security services. The post US Indicts China’s iSoon ‘Hackers-for-Hire’ Operatives  appeared first on SecurityWeek.

Cyber-physical systems security company TXOne Networks has published its 2024 Annual OT/ICS Cybersecurity Report. The post Organizations Still Not Patching OT Due to Disruption Concerns: Survey appeared first on SecurityWeek.

SpecterOps has raised an unusually large $75 million Series B funding round to accelerate the growth of its BloodHound Enterprise platform.  The post SpecterOps Scores $75M Series B to Scale BloodHound Enterprise Platform  appeared first on SecurityWeek.

Silk Typhoon APT caught using IT supply chain entry points to conduct reconnaissance, siphon data, and move laterally on victim networks. The post China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain appeared first on SecurityWeek.

An Iranian threat actor was seen targeting UAE organizations with polyglot files to deliver a new backdoor named Sosano. The post Iranian Hackers Target UAE Firms With Polyglot Files appeared first on SecurityWeek.

The China-lined threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to corporate networks. That's according to new findings from the Microsoft Threat Intelligence team, which said the Silk Typhoon (formerly Hafnium) hacking

USB drive attacks constitute a significant cybersecurity risk, taking advantage of the everyday use of USB devices to deliver malware and circumvent traditional network security measures. These attacks lead to data breaches, financial losses, and operational disruptions, with lasting impacts on an organization's reputation. An example is the Stuxnet worm discovered in 2010, a malware designed to