Latest Cybersecurity News and Articles
06 May 2025
Threat actors are revisiting SAP NetWeaver instances to leverage webshells deployed via a recent zero-day vulnerability.
The post Second Wave of Attacks Hitting SAP NetWeaver After Zero-Day Compromise appeared first on SecurityWeek.
06 May 2025
Rami Khaled Ahmed, a 36-year-old from Yemen, has been charged for launching ransomware attacks between 2021 and 2023.
The post US Charges Yemeni Man for Black Kingdom Ransomware Attacks appeared first on SecurityWeek.
06 May 2025
Threat actors started exploiting a vulnerability in Samsung MagicINFO only days after a PoC exploit was published.
The post Samsung MagicINFO Vulnerability Exploited Days After PoC Publication appeared first on SecurityWeek.
06 May 2025
It wasn't ransomware headlines or zero-day exploits that stood out most in this year's Verizon 2025 Data Breach Investigations Report (DBIR) — it was what fueled them. Quietly, yet consistently, two underlying factors played a role in some of the worst breaches: third-party exposure and machine credential abuse.
According to the 2025 DBIR, third-party involvement in breaches doubled
06 May 2025
CISA warns organizations that threat actors are exploiting a critical-severity vulnerability in low-code AI builder Langflow.
The post Critical Vulnerability in AI Builder Langflow Under Attack appeared first on SecurityWeek.
06 May 2025
Misconfigured Apache Pinot instances can and have enabled threat actors to gain access to sensitive information.
The post Microsoft Warns of Attackers Exploiting Misconfigured Apache Pinot Installations appeared first on SecurityWeek.
06 May 2025
Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations and leak valuable data.
"While these 'plug-and-play' options greatly simplify the setup process, they often prioritize ease of use over security," Michael Katchinskiy and Yossi Weizman from the Microsoft Defender for Cloud Research team
06 May 2025
Microsoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role — managing authentication, enforcing policy, and connecting users across distributed environments.
That prominence also
06 May 2025
New report warns that organisations unable to defend AI-enabled threats are exposed to greater cyber risk.
06 May 2025
Android’s May 2025 security update includes patches for an exploited vulnerability in the FreeType open source rendering engine.
The post Android Update Patches FreeType Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.
06 May 2025
Google has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild.
The vulnerability in question is CVE-2025-27363 (CVSS score: 8.1), a high-severity flaw in the System component that could lead to local code execution without requiring any additional execution privileges.
"The most severe of
06 May 2025
Harrods experienced a cyberattack, and cybersecurity leaders are sharing their insights.
06 May 2025
A recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation.
The vulnerability, tracked as CVE-2025-3248, carries a CVSS score of 9.8 out of a maximum of 10.0.
"Langflow contains a missing
05 May 2025
Cybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple's AirPlay protocol that, if successfully exploited, could enable an attacker to take over susceptible devices supporting the proprietary wireless technology.
The shortcomings have been collectively codenamed AirBorne by Israeli cybersecurity company Oligo.
"These vulnerabilities can be chained by
05 May 2025
Most organizations are unprepared for the era of quantum computing.
05 May 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw impacting Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog, a little over a week after it was publicly disclosed.
The vulnerability in question is CVE-2025-34028 (CVSS score: 10.0), a path traversal bug that affects 11.38 Innovation Release, from versions
05 May 2025
The proposed $491 million cut is being positioned as a “refocusing”of CISA on its core mission “while eliminating weaponization and waste.”
The post White House Proposal Slashes Half-Billion from CISA Budget appeared first on SecurityWeek.
05 May 2025
The new investment values Doppel at $205 million and provides runway to meet enterprise demand for AI-powered threat detection tools.
The post Doppel Banks $35M for AI-Based Digital Risk Protection appeared first on SecurityWeek.
05 May 2025
Kelly Benefits has determined that the impact of the recently disclosed data breach is much bigger than initially believed.
The post Kelly Benefits Data Breach Impact Grows to 400,000 Individuals appeared first on SecurityWeek.
05 May 2025
CISA has flagged a critical-severity Commvault vulnerability as exploited one week after technical details were released.
The post Critical Commvault Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.