Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Hard-Coded 'b' Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments
Cybersecurity researchers have disclosed three security flaws in the popular Sitecore Experience Platform (XP) that could be chained to achieve pre-authenticated remote code execution. Sitecore Experience Platform is an enterprise-oriented software that provides users with tools for content management, digital marketing, and analytics and reports. The list of vulnerabilities is as follows -
Published on: June 17, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Backups Are Under Attack: How to Protect Your Backups
Ransomware has become a highly coordinated and pervasive threat, and traditional defenses are increasingly struggling to neutralize it. Todayβs ransomware attacks initially target your last line of defense β your backup infrastructure. Before locking up your production environment, cybercriminals go after your backups to cripple your ability to recover, increasing the odds of a ransom payout.
Published on: June 17, 2025 | Source:Asus Armoury Crate Vulnerability Leads to Full System Compromise
A high-severity authorization bypass vulnerability in Asus Armoury Crate provides attackers with low-level system privileges. The post Asus Armoury Crate Vulnerability Leads to Full System Compromise appeared first on SecurityWeek.
Published on: June 17, 2025 | Source:New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks
Cybersecurity researchers have called attention to a new campaign that's actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware. "Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which in turn fetch and install the Flodrix malware," Trend Micro researchers Aliakbar Zahravi, Ahmed Mohamed
Published on: June 17, 2025 | Source:TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2023-33538 (CVSS score: 8.8), a command injection bug that could result in the execution of arbitrary system commands when
Published on: June 17, 2025 | Source:Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement
Meta Platforms on Monday announced that it's bringing advertising to WhatsApp, but emphasized that the ads are "built with privacy in mind." The ads are expected to be displayed on the Updates tab through its Stories-like Status feature, which allows ephemeral sharing of photos, videos, voice notes, and text for 24 hours. These efforts are "rolling out gradually," per the company. The social
Published on: June 17, 2025 | Source:Malicious Chimera Turns Larcenous on Python Package Index
Unlike typical data-stealing malware, this attack tool targets data specific to corporate and cloud infrastructures in order to execute supply chain attacks.
Published on: June 16, 2025 | Source:Scattered Spider, fresh off retail sector attack spree, pivots to insurance industry
Multiple U.S.-based companies in the insurance sector have already been hit over the past week and a half, according to Mandiant. The post Scattered Spider, fresh off retail sector attack spree, pivots to insurance industry appeared first on CyberScoop.
Published on: June 16, 2025 | Source:How to Break the Security Theater Illusion
When security becomes a performance, the fallout isn't just technical. It's organizational.
Published on: June 16, 2025 | Source:Anubis Ransomware-as-a-Service Kit Adds Data Wiper
The threat of wiping files and servers clean gives Anubis affiliates yet another way to leverage ransomware victims who may be hesitant to pay to get their data back, Trend Micro said.
Published on: June 16, 2025 | Source:Washington Post Staffer Emails Targeted in Cyber Breach
Journalists' Microsoft accounts were breached, which would have given attackers access to emails of staff reporters covering national security, economic policy, and China.
Published on: June 16, 2025 | Source:U.S. Seizes $7.74M in Crypto Tied to North Koreaβs Global Fake IT Worker Network
The U.S. Department of Justice (DoJ) said it has filed a civil forfeiture complaint in federal court that targets over $7.74 million in cryptocurrency, non-fungible tokens (NFTs), and other digital assets allegedly linked to a global IT worker scheme orchestrated by North Korea. "For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems to evade U.S.
Published on: June 16, 2025 | Source:'Water Curse' Targets Infosec Pros via Poisoned GitHub Repositories
The emerging threat group attacks the supply chain via weaponized repositories posing as legitimate pen-testing suites and other tools that are poisoned with malware.
Published on: June 16, 2025 | Source:SEC withdraws cyber rules for investment companies, advisers
The move last week came amid the pullback of other SEC regulations. The post SEC withdraws cyber rules for investment companies, advisers appeared first on CyberScoop.
Published on: June 16, 2025 | Source:Cybercrime crackdown disrupts malware, infostealers, marketplaces across the globe
A burst of global law enforcement actions during the past few weeks marked by a flurry of successful takedowns gives cybercrime experts a jolt of hope. The post Cybercrime crackdown disrupts malware, infostealers, marketplaces across the globe appeared first on CyberScoop.
Published on: June 16, 2025 | Source:Googleβs $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report
According to reports, the US Department of Justice will assess whether the deal would harm competition in the cybersecurity market. The post Googleβs $32 Billion Wiz Deal Draws DOJ Antitrust Scrutiny: Report appeared first on SecurityWeek.
Published on: June 16, 2025 | Source:Anubis Ransomware Encrypts and Wipes Files, Making Recovery Impossible Even After Payment
An emerging ransomware strain has been discovered incorporating capabilities to encrypt files as well as permanently erase them, a development that has been described as a "rare dual-threat." "The ransomware features a 'wipe mode,' which permanently erases files, rendering recovery impossible even if the ransom is paid," Trend Micro researchers Maristel Policarpio, Sarah Pearl Camiling, and
Published on: June 16, 2025 | Source:Security Is Only as Strong as the Weakest Third-Party Link
Third-party risks are increasing dramatically, requiring CISOs to evolve from periodic assessments to continuous monitoring and treating partner vulnerabilities as their own to enhance organizational resilience.
Published on: June 16, 2025 | Source:Archetyp Dark Web Market Shut Down by Law Enforcement
The Archetyp Market drug marketplace has been targeted by law enforcement in an operation involving takedowns and arrests. The post Archetyp Dark Web Market Shut Down by Law Enforcement appeared first on SecurityWeek.
Published on: June 16, 2025 | Source:Zoomcar Says Hackers Accessed Data of 8.4 Million Users
The Indian car sharing marketplace Zoomcar learned that its systems were hacked after a threat actor contacted employees. The post Zoomcar Says Hackers Accessed Data of 8.4 Million Users appeared first on SecurityWeek.
Published on: June 16, 2025 | Source:β‘ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak Hack, AI Data Leaks and More
Some of the biggest security problems start quietly. No alerts. No warnings. Just small actions that seem normal but aren't. Attackers now know how to stay hidden by blending in, and that makes it hard to tell when somethingβs wrong. This weekβs stories arenβt just about what was attackedβbut how easily it happened. If weβre only looking for the obvious signs, what are we missing right in front
Published on: June 16, 2025 | Source:Playbook: Transforming Your Cybersecurity Practice Into An MRR Machine
Introduction The cybersecurity landscape is evolving rapidly, and so are the cyber needs of organizations worldwide. While businesses face mounting pressure from regulators, insurers, and rising threats, many still treat cybersecurity as an afterthought. As a result, providers may struggle to move beyond tactical services like one-off assessments or compliance checklists, and demonstrate
Published on: June 16, 2025 | Source:240,000 Impacted by Data Breach at Eyecare Tech Firm Ocuco
The KillSec ransomware group has stolen hundreds of gigabytes of data from Ireland-based eyecare technology company Ocuco. The post 240,000 Impacted by Data Breach at Eyecare Tech Firm Ocuco appeared first on SecurityWeek.
Published on: June 16, 2025 | Source:Anubis Ransomware Packs a Wiper to Permanently Delete Files
The emerging Anubis ransomware becomes a major threat, permanently deleting user files and making recovery impossible. The post Anubis Ransomware Packs a Wiper to Permanently Delete Files appeared first on SecurityWeek.
Published on: June 16, 2025 | Source:Red Teaming AI: The Build Vs Buy Debate
A strong AI deployment starts with asking the right questions, mapping your risks, and thinking like an adversary β before itβs too late. The post Red Teaming AI: The Build Vs Buy Debate appeared first on SecurityWeek.
Published on: June 16, 2025 | Source:High-Severity Vulnerabilities Patched in Tenable Nessus Agent
Three high-severity Tenable Agent vulnerabilities could allow users to overwrite and delete files, or execute arbitrary code, with System privileges. The post High-Severity Vulnerabilities Patched in Tenable Nessus Agent appeared first on SecurityWeek.
Published on: June 16, 2025 | Source:PyPI, npm, and AI Tools Exploited in Malware Surge Targeting DevOps and Cloud Environments
Cybersecurity researchers fromSafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat (676 Downloads) ts-runtime-compat-check (1,588 Downloads) solders (983 Downloads) @mediawave/lib (386 Downloads) All the identified npm
Published on: June 16, 2025 | Source:Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: Iβm speaking at the International Conference on Digital Trust, AI and the Future in Edinburgh, Scotland on Tuesday, June 24 at 4:00 PM. The list is maintained on this page.
Published on: June 15, 2025 | Source:Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets
A new malware campaign is exploiting a weakness in Discord's invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan. "Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers," Check Point said in a technical report. "The attackers combined the ClickFix
Published on: June 14, 2025 | Source:Friday Squid Blogging: Stubby Squid
Video of the stubby squid (Rossia pacifica) from offshore Vancouver Island. As usual, you can also use this squid post to talk about the security stories in the news that I havenβt covered.
Published on: June 13, 2025 | Source:CISA Reveals 'Pattern' of Ransomware Attacks Against SimpleHelp RMM
A new Cybersecurity and Infrastructure Security Agency (CISA) advisory warned ransomware actors have been actively exploiting a critical SimpleHelp flaw since January.
Published on: June 13, 2025 | Source:Threat Actor Abuses TeamFiltration for Entra ID Account Takeovers
Researchers discovered a large-scale campaign using the open source penetration-testing framework that has targeted more than 80,000 Microsoft accounts.
Published on: June 13, 2025 | Source:Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
Cybersecurity researchers are calling attention to a "large-scale campaign" that has been observed compromising legitimate websites with malicious JavaScript injections. According to Palo Alto Networks Unit 42, these malicious injects are obfuscated using JSFuck, which refers to an "esoteric and educational programming style" that uses only a limited set of characters to write and execute
Published on: June 13, 2025 | Source:Why CISOs Must Align Business Objectives & Cybersecurity
This alignment makes a successful CISO, but creating the same sentiment across business leadership creates a culture of commitment and greatly contributes to achieving goals.
Published on: June 13, 2025 | Source:In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoriaβs Secret Cyberattack Cost
Noteworthy stories that might have slipped under the radar: Cloudflare outage not caused by cyberattack, Dutch police identified 126 users of Cracked.io, the Victoriaβs Secret cyberattack has cost $10 million. The post In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoriaβs Secret Cyberattack Cost appeared first on SecurityWeek.
Published on: June 13, 2025 | Source: