Latest Cybersecurity News and Articles
10 June 2025
Adobe on Tuesday pushed security updates to address a total of 254 security flaws impacting its software products, a majority of which affect Experience Manager (AEM).
Of the 254 flaws, 225 reside in AEM, impacting AEM Cloud Service (CS) as well as all versions prior to and including 6.5.22. The issues have been resolved in AEM Cloud Service Release 2025.5 and version 6.5.23.
"Successful
10 June 2025
Redmond warns that external control of a file name or path in WebDAV "allows an unauthorized attacker to execute code over a network."
The post Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’ appeared first on SecurityWeek.
10 June 2025
Cybersecurity researchers have uncovered over 20 configuration-related risks affecting Salesforce Industry Cloud (aka Salesforce Industries), exposing sensitive data to unauthorized internal and external parties.
The weaknesses affect various components like FlexCards, Data Mappers, Integration Procedures (IProcs), Data Packs, OmniOut, and OmniScript Saved Sessions.
"Low-code platforms such as
10 June 2025
The financially motivated threat actor known as FIN6 has been observed leveraging fake resumes hosted on Amazon Web Services (AWS) infrastructure to deliver a malware family called More_eggs.
"By posing as job seekers and initiating conversations through platforms like LinkedIn and Indeed, the group builds rapport with recruiters before delivering phishing messages that lead to malware," the
10 June 2025
A new executive order from the Trump Administration rewrites cybersecurity policy, and security leaders are sharing their thoughts.
10 June 2025
Cybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that's being propagated via fraudulent gaming websites.
"Upon execution, the malware displays a fake window to appear legitimate while simultaneously decrypting and executing malicious code in the background," Trellix security researchers Niranjan Hegde, Vasantha Lakshmanan
10 June 2025
The Texas Department of Transportation has disclosed a data breach impacting the personal information included in 300,000 crash reports.
The post Hackers Stole 300,000 Crash Reports From Texas Department of Transportation appeared first on SecurityWeek.
10 June 2025
Swimlane has raised $45 million in a growth funding round to fuel its global channel expansion and product innovation.
The post Swimlane Raises $45 Million for Security Automation Platform appeared first on SecurityWeek.
10 June 2025
Security researchers uncover critical flaws and widespread misconfigurations in Salesforce’s industry-specific CRM solutions.
The post Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud appeared first on SecurityWeek.
10 June 2025
Research reveals 6 widely used Google Chrome extensions unintentionally transmit user data over simple HTTP.
10 June 2025
SAP has fixed a critical NetWeaver vulnerability allowing attackers to bypass authorization checks and escalate their privileges.
The post Critical Vulnerability Patched in SAP NetWeaver appeared first on SecurityWeek.
10 June 2025
Modern enterprise networks are highly complex environments that rely on hundreds of apps and infrastructure services. These systems need to interact securely and efficiently without constant human oversight, which is where non-human identities (NHIs) come in. NHIs — including application secrets, API keys, service accounts, and OAuth tokens — have exploded in recent years, thanks to an
10 June 2025
Sensor manufacturer Sensata said a ransomware group had access to its network for more than a week and stole personal information.
The post Sensitive Information Stolen in Sensata Ransomware Attack appeared first on SecurityWeek.
10 June 2025
Google has stepped in to address a security flaw that could have made it possible to brute-force an account's recovery phone number, potentially exposing them to privacy and security risks.
The issue, according to Singaporean security researcher "brutecat," leverages an issue in the company's account recovery feature.
That said, exploiting the vulnerability hinges on several moving parts,
10 June 2025
Exploitation of a critical-severity RCE vulnerability in Roundcube started only days after a patch was released.
The post Exploited Vulnerability Impacts Over 80,000 Roundcube Servers appeared first on SecurityWeek.
10 June 2025
Google has awarded $5,000 to a researcher who found security holes that enabled brute-forcing the phone number of any user.
The post Vulnerabilities Exposed Phone Number of Any Google User appeared first on SecurityWeek.
10 June 2025
The threat actor known as Rare Werewolf (formerly Rare Wolf) has been linked to a series of cyber attacks targeting Russia and the Commonwealth of Independent States (CIS) countries.
"A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries," Kaspersky said. "The malicious functionality of the campaign
10 June 2025
United Natural Foods has taken some systems offline after detecting unauthorized activity on its IT systems, causing disruptions to operations.
The post Whole Foods Distributor United Natural Foods Hit by Cyberattack appeared first on SecurityWeek.
10 June 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities in question are listed below -
CVE-2025-32433 (CVSS score: 10.0) - A missing authentication for a critical
09 June 2025
Foreign hackers have increasingly identified smartphones, other mobile devices and the apps they use as a weak link in U.S. cyberdefenses.
The post Chinese Hackers and User Lapses Turn Smartphones Into a ‘Mobile Security Crisis’ appeared first on SecurityWeek.