Latest Cybersecurity News and Articles
14 May 2025
More than 3 million records of student-athletes and college coaches’ were exposed in an unencrypted, non-password-protected database.
14 May 2025
Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems.
The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0.
"A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to
14 May 2025
Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained in attacks to gain remote code execution.
The vulnerabilities in question are listed below -
CVE-2025-4427 (CVSS score: 5.3) - An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials
13 May 2025
Adobe Patch Tuesday headlined by a major Adobe ColdFusion update patching a wide swatch of code execution and privilege escalation attacks.
The post Adobe Patches Big Batch of Critical-Severity Software Flaws appeared first on SecurityWeek.
13 May 2025
The tech giant didn’t disclose the total amount of lost jobs but it will amount to about 6,000 people.
The post Microsoft to Lay Off About 3% of Its Workforce appeared first on SecurityWeek.
13 May 2025
Patch Tuesday: Microsoft patches at least 70 security bugs and flagged five zero-days in the “exploitation detected” category.
The post Zero-Day Attacks Highlight Another Busy Microsoft Patch Tuesday appeared first on SecurityWeek.
13 May 2025
A SAP Security Analyst digs into the most recent SAP Patch Day updates.
13 May 2025
A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks.
"Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE)," EclecticIQ researcher Arda Büyükkaya said in an analysis published today.
Targets of the campaign
13 May 2025
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets.
The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times. It was first
13 May 2025
CTI, digital brand protection and other cyber risk initiatives shouldn’t only be utilized by security and cyber teams.
The post Sharing Intelligence Beyond CTI Teams, Across Wider Functions and Departments appeared first on SecurityWeek.
13 May 2025
SAP has released 16 new security notes on its May 2025 Security Patch Day, including a note dealing with another critical NetWeaver vulnerability.
The post SAP Patches Another Critical NetWeaver Vulnerability appeared first on SecurityWeek.
13 May 2025
The Radware Cloud WAF product vulnerabilities disclosed by CERT/CC were addressed two years ago.
The post Radware Says Recently Disclosed WAF Bypasses Were Patched in 2023 appeared first on SecurityWeek.
13 May 2025
As the era of quantum computing approaches, many organizations still experience gaps in preparedness.
13 May 2025
Marks & Spencer has confirmed that personal information was stolen in a recent cyberattack claimed by a ransomware group.
The post Marks & Spencer Says Data Stolen in Ransomware Attack appeared first on SecurityWeek.
13 May 2025
The cybersecurity landscape has been dramatically reshaped by the advent of generative AI. Attackers now leverage large language models (LLMs) to impersonate trusted individuals and automate these social engineering tactics at scale.
Let’s review the status of these rising attacks, what’s fueling them, and how to actually prevent, not detect, them.
The Most Powerful Person on the
13 May 2025
A Turkey-affiliated espionage group has exploited a zero-day vulnerability in Output Messenger since April 2024.
The post Output Messenger Zero-Day Exploited by Turkish Hackers for Iraq Spying appeared first on SecurityWeek.
13 May 2025
The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor's targeting beyond Russia.
Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on the "trajectory of the Russian invasion."
"The group's interest in Ukraine follows historical targeting
13 May 2025
A 45-year-old individual was arrested in Moldova for his suspected involvement in DoppelPaymer ransomware attacks.
The post Suspected DoppelPaymer Ransomware Group Member Arrested appeared first on SecurityWeek.
13 May 2025
Orca positioned the deal as an expansion of its capabilities into the realm of AI-based autonomous remediation and prevention.
The post Orca Snaps Up Opus in Cloud Security Automation Push appeared first on SecurityWeek.
13 May 2025
An information exposure flaw in TeleMessage has been added to CISA’s Known Exploited Vulnerabilities catalog.
The post CISA Warns of Flaw in TeleMessage App Used by Ex-National Security Advisor appeared first on SecurityWeek.