Security News > 2025 > April

Simple denial-of-service blunder turned out to be remote unauth code exec disaster Suspected Chinese government spies have been exploiting a newly disclosed critical bug in Ivanti VPN appliances...

A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS)...

Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March...

Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. "These campaigns notably use redirection methods such as URL...

The State Bar of Texas is warning it suffered a data breach after the INC ransomware gang claimed to have breached the organization and began leaking samples of stolen data. [...]

Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017. [...]

It's going to happen to you one day, so get your ducks in a row As Benjamin Franklin famously said: "An ounce of prevention is worth a pound of cure," and that's especially true when it comes to...

Here are the most common and latest advancements in payment fraud strategies and payment fraud prevention tools for protecting your business.

A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise...

CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, CISA has confirmed on Monday by adding the flaw to its Known...