Security News > 2025

Pentagon declares war on 'outdated' software buying
2025-05-06 18:27

(If only that would keep folks off unsanctioned chat app side quests) The US Department of Defense (DoD) is overhauling its "outdated" software procurement systems, and insists it's putting...

Apache Parquet exploit tool detect servers vulnerable to critical flaw
2025-05-06 18:16

A proof-of-concept exploit tool has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. [...]

Samsung MagicINFO 9 Server RCE flaw now exploited in attacks
2025-05-06 17:10

Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. [...]

UK Legal Aid Agency investigates cybersecurity incident
2025-05-06 16:20

The Legal Aid Agency (LAA), an executive agency of the UK's Ministry of Justice that oversees billions in legal funding, warned law firms of a security incident and said the attackers might have...

Critical Langflow RCE flaw exploited to hack AI app servers
2025-05-06 16:05

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and...

Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet
2025-05-06 15:33

Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) devices to corral them into a Mirai botnet for conducting distributed...

New Microsoft 365 outage impacts Teams and other services
2025-05-06 15:31

Microsoft is investigating a new Microsoft 365 outage affecting multiple services across North America, including the company's Teams collaboration platform. [...]

Why EASM is vital to modern digital risk protection
2025-05-06 14:01

You can't protect what you can't see. From shadow IT to supplier risk, modern attack surfaces are sprawling fast — and External Attack Surface Management (EASM) is how security teams take back...

New Investment Scams Use Facebook Ads, RDGA Domains, and IP Checks to Filter Victims
2025-05-06 13:36

Cybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal their activity through traffic distribution...

Google fixes actively exploited FreeType flaw on Android
2025-05-06 13:33

Google has released the May 2025 security updates for Android with fixes for 45 security flaws, including an actively exploited zero-click FreeType 2 code execution vulnerability. [...]