Security News > 2025 > March

150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms
2025-03-27 08:13

An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to...

CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices
2025-03-27 06:23

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited...

NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems
2025-03-27 06:06

A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation. SnapCenter is an enterprise-focused software that's used to...

The hidden costs of security tool bloat and how to fix it
2025-03-27 06:00

In this Help Net Security interview, Shane Buckley, President and CEO at Gigamon, discusses why combating tool bloat is a top priority for CISOs as they face tighter budgets and expanding security...

Cyber insurance isn’t always what it seems
2025-03-27 05:30

Many companies think cyber insurance will protect them from financial losses after an attack. But many policies have gaps. Some claims get denied. Others cover less than expected. CISOs must...

Hottest cybersecurity open-source tools of the month: March 2025
2025-03-27 05:00

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Hetty: Open-source HTTP toolkit for...

ETSI releases security standard for the quantum future
2025-03-27 04:30

ETSI launched post-quantum security standard to guarantee the protection of critical data and communications in the future. The specification “Efficient Quantum-Safe Hybrid Key Exchanges with...

UK fines software provider £3.07 million for 2022 ransomware breach
2025-03-27 00:01

The UK Information Commissioner's Office (ICO) has fined Advanced Computer Software Group Ltd £3.07 million over a 2022 ransomware attack that exposed the sensitive personal data of 79,404 people,...

Signalgate storm intensifies as journalist releases full secret Houthi airstrike chat
2025-03-26 21:16

So F-18 launch times, weapons, drone support aren't classified now ... who knew? The Atlantic's editor-in-chief who was inadvertently added to a Signal group in which the US Secretary of Defense,...

Oracle customers confirm data stolen in alleged cloud breach is valid
2025-03-26 20:20

Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that...