Latest Cybersecurity News and Articles
12 February 2025
Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild.
Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in its Chromium-based Edge
12 February 2025
Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution.
The list of vulnerabilities is below -
CVE-2024-38657 (CVSS score: 9.1) - External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy
11 February 2025
Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited.
11 February 2025
On the eve of the Munich Security Conference, Google argues that the cybercriminal threat should be treated as a national security threat like state-backed hacking groups.
The post Cybercrime Threatens National Security, Google Threat Intel Team Says appeared first on SecurityWeek.
11 February 2025
The Microsoft Patch Tuesday machine hummed loudly this month urgent fixes for a pair of already-exploited Windows zero-days.
The post Microsoft Patches ‘Wormable’ Windows Flaw and File-Deleting Zero-Day appeared first on SecurityWeek.
11 February 2025
Patch Tuesday: Adobe patches 45 vulnerabilities across multiple products and warn of remote code execution exploitation risks.
The post Adobe Plugs 45 Software Security Holes, Warn of Code Execution Risks appeared first on SecurityWeek.
11 February 2025
Russia-based bulletproof hosting services provider Zservers was sanctioned for providing services to support LockBit ransomware operations.
The post Russian Cybercrime Network Targeted for Sanctions Across US, UK and Australia appeared first on SecurityWeek.
11 February 2025
OpenSSL has patched CVE-2024-12797, a high-severity vulnerability found by Apple that can allow man-in-the-middle attacks.
The post High-Severity OpenSSL Vulnerability Found by Apple Allows MitM Attacks appeared first on SecurityWeek.
11 February 2025
SAP has released 19 new and two updated security notes on its February 2025 patch day, including six notes for high-severity vulnerabilities.
The post SAP Releases 21 Security Patches appeared first on SecurityWeek.
11 February 2025
Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content.
"Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while preserving user privacy and keeping users in control of their data," a spokesperson for
11 February 2025
Threat actors are exploiting exposed ASP.NET keys to deploy malware.
11 February 2025
A recent U.K. cybersecurity report found that 93% of companies were targeted by fraud in the past year, with 73% expecting risks to grow in 2025.
11 February 2025
Law enforcement agencies take down the 8Base ransomware group’s infrastructure, arrest four Russian operators.
The post Authorities Disrupt 8Base Ransomware, Arrest Four Russian Operators appeared first on SecurityWeek.
11 February 2025
Multi-factor authentication (MFA) has quickly become the standard for securing business accounts. Once a niche security measure, adoption is on the rise across industries. But while it’s undeniably effective at keeping bad actors out, the implementation of MFA solutions can be a tangled mess of competing designs and ideas. For businesses and employees, the reality is that MFA sometimes feels
11 February 2025
Intel says roughly 100 of the 374 vulnerabilities it patched last year were firmware and hardware security defects.
The post Intel Patched 374 Vulnerabilities in 2024 appeared first on SecurityWeek.
11 February 2025
Dozens of local newspapers owned by media company Lee Enterprises experienced disruptions as a result of a cyberattack.
The post Cyberattack on Lee Enterprises Causes Disruptions at Dozens of Newspapers appeared first on SecurityWeek.
11 February 2025
Eric Council Jr. pleaded guilty to hacking the X (formerly Twitter) account of the US Securities and Exchange Commission.
The post Alabama Man Pleads Guilty to Hacking SEC’s X Account appeared first on SecurityWeek.
11 February 2025
Progress Software has addressed multiple high-severity security flaws in its LoadMaster software that could be exploited by malicious actors to execute arbitrary system commands or download any file from the system.
Kemp LoadMaster is a high-performance application delivery controller (ADC) and load balancer that provides availability, scalability, performance, and security for business-critical
11 February 2025
Staffers at the nation’s cybersecurity agency whose job is to ensure the security of US elections have been placed on administrative leave.
The post US Cyber Agency Puts Election Security Staffers Who Worked With the States on Leave appeared first on SecurityWeek.
11 February 2025
Gcore’s latest DDoS Radar report analyzes attack data from Q3–Q4 2024, revealing a 56% YoY rise in the total number of DDoS attacks with the largest attack peaking at a record 2 Tbps. The financial services sector saw the most dramatic increase, with a 117% rise in attacks, while gaming remained the most-targeted industry. This period’s findings emphasize the need for robust, adaptive DDoS