Security News > 2025 > January

Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution
2025-01-29 10:21

A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution...

How Lazarus Group built a cyber espionage empire
2025-01-29 09:03

Since September 2024, SecurityScorecard’s STRIKE team has been investigating Lazarus Group’s activity, uncovering key details about their infrastructure. Despite variations in payload delivery and...

Spending watchdog blasts UK govt over sloth-like progress to shore up IT defenses
2025-01-29 07:24

Think government cybersecurity is bad? Guess again. It’s alarmingly so The UK government is significantly behind on its 2022 target to harden systems against cyberattacks by 2025, with a new...

UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents
2025-01-29 05:52

The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of...

Preparing financial institutions for the next generation of cyber threats
2025-01-29 05:30

In this Help Net Security interview, James Mirfin, SVP and Head of Risk and Identity Solutions at Visa, discusses key priorities for leaders combating fraud, the next-generation threats...

Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer
2025-01-29 05:29

Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked as...

Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability
2025-01-29 05:11

Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild. "Attackers can leverage this...

Cybersecurity crisis in numbers
2025-01-29 05:00

The number of US data compromises in 2024 (3,158) decreased 1% compared to 2023 (3,202), 44 events away from tying a record for the number of compromises tracked in a year, according to the...

SEC and FCA fines: Issues jump
2025-01-29 04:30

The financial sector faces communication compliance challenges as organizations struggle to maintain oversight across communication channels. Adding to the complexity is the unexpected rise of...

Only 13% of organizations fully recover data after a ransomware attack
2025-01-29 04:00

Ransomware attacks are disrupting and undermining business operations and draining revenue streams, according to Illumio. Findings from the study reveal that 58% of organizations had to shut down...