Latest Cybersecurity News and Articles
04 April 2025
There’s a virtuous cycle in technology that pushes the boundaries of what’s being built and how it’s being used. A new technology development emerges and captures the world's attention. People start experimenting and discover novel applications, use cases, and approaches to maximize the innovation's potential. These use cases generate significant value, fueling demand for the next iteration of
04 April 2025
Oracle has confirmed suffering a data breach but the tech giant is apparently trying to downplay the impact of the incident.
The post Oracle Confirms Cloud Hack appeared first on SecurityWeek.
04 April 2025
A critical vulnerability in Apache Parquet can be exploited to execute arbitrary code remotely, leading to complete system compromise.
The post Critical Apache Parquet Vulnerability Leads to Remote Code Execution appeared first on SecurityWeek.
04 April 2025
Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.
The post Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack appeared first on SecurityWeek.
04 April 2025
Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure that has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2025-22457 (CVSS score: 9.0), concerns a case of a stack-based buffer overflow that could be exploited to execute arbitrary code on affected systems.
"A stack-based buffer overflow in Ivanti Connect
04 April 2025
A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting (BPH) provider called Proton66 to facilitate their operations.
The findings come from DomainTools, which detected the activity after it discovered a phony website named cybersecureprotect[.]com hosted on Proton66 that masqueraded as an antivirus service.
The threat intelligence firm said it
04 April 2025
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration bodies and critical infrastructure facilities in the country with an aim to steal sensitive data.
The campaign, the agency said, involved the use of compromised email accounts to send phishing messages containing links pointing to legitimate
03 April 2025
A maximum severity security vulnerability has been disclosed in Apache Parquet's Java Library that, if successfully exploited, could allow a remote attacker to execute arbitrary code on susceptible instances.
Apache Parquet is a free and open-source columnar data file format that's designed for efficient data processing and retrieval, providing support for complex data, high-performance
03 April 2025
Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials.
"These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection," Microsoft said in a report shared with The
03 April 2025
Ivanti misdiagnoses a remote code execution vulnerability and Mandiant reports that Chinese hackers are launching in-the-wild exploits.
The post Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances appeared first on SecurityWeek.
03 April 2025
An unauthenticated SQL injection vulnerability in Halo ITSM could have been exploited to read, modify, or insert data.
The post Halo ITSM Vulnerability Exposed Organizations to Remote Hacking appeared first on SecurityWeek.
03 April 2025
The notorious cybercrime group Hunters International is dropping ransomware to focus on data theft and extortion.
The post Hunters International Ransomware Gang Rebranding, Shifting Focus appeared first on SecurityWeek.
03 April 2025
The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems.
The new activity, assessed to be a continuation of the campaign, has been codenamed ClickFake Interview by
03 April 2025
Less than two dozen cybersecurity merger and acquisition (M&A) deals were announced in March 2025.
The post Cybersecurity M&A Roundup: 23 Deals Announced in March 2025 appeared first on SecurityWeek.
03 April 2025
The rules have changed. Again. Artificial intelligence is bringing powerful new tools to businesses. But it's also giving cybercriminals smarter ways to attack. They’re moving quicker, targeting more precisely, and slipping past old defenses without being noticed.
And here's the harsh truth: If your security strategy hasn’t evolved with AI in mind, you’re already behind.
But you’re not alone—and
03 April 2025
GitHub has announced new capabilities to help organizations and developers keep secrets in their code protected.
The post 39 Million Secrets Leaked on GitHub in 2024 appeared first on SecurityWeek.
03 April 2025
AI holds the promise to revolutionize all sectors of enterpriseーfrom fraud detection and content personalization to customer service and security operations. Yet, despite its potential, implementation often stalls behind a wall of security, legal, and compliance hurdles.
Imagine this all-too-familiar scenario: A CISO wants to deploy an AI-driven SOC to handle the overwhelming volume of security
03 April 2025
Two CVEs now exist for an actively exploited CrushFTP vulnerability and much of the security industry is using the ‘wrong one’.
The post Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability appeared first on SecurityWeek.
03 April 2025
Cisco fixes two high-severity denial-of-service vulnerabilities in Meraki devices and Enterprise Chat and Email.
The post Vulnerabilities Expose Cisco Meraki and ECE Products to DoS Attacks appeared first on SecurityWeek.
03 April 2025
Google’s patches for Quick Share for Windows vulnerabilities leading to remote code execution were incomplete and could be easily bypassed.
The post Google Released Second Fix for Quick Share Flaws After Patch Bypass appeared first on SecurityWeek.