Security News

Ahold Delhaize confirms data theft after INC ransomware claims attack
2025-04-17 14:49

Food retail giant Ahold Delhaize confirms that data was stolen from its U.S. business systems during a November 2024 cyberattack. [...]

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)
2025-04-17 12:24

CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting government and private...

CISA tags SonicWall VPN flaw as actively exploited in attacks
2025-04-17 08:54

On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability. [...]

Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)
2025-04-17 08:27

Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been exploited “in an...

Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks
2025-04-17 03:33

Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild. The...

Developers Beware: Slopsquatting & Vibe Coding Can Increase Risk of AI-Powered Attacks
2025-04-16 19:09

Slopsquatting and vibe coding are fueling a new wave of AI-driven cyberattacks, exposing developers to hidden risks through fake, hallucinated packages.

Apple fixes two zero-days exploited in targeted iPhone attacks
2025-04-16 18:06

Apple released emergency security updates to patch two zero-day vulnerabilities that were used in an "extremely sophisticated attack" against specific targets' iPhones. [...]

41% of Attacks Bypass Defenses: Adversarial Exposure Validation Fixes That
2025-04-16 14:02

Your dashboards say you're secure—but 41% of threats still get through. Picus Security's Adversarial Exposure Validation uncovers what your stack is missing with continuous attack simulations and...

New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks
2025-04-16 10:37

Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail...

Attack Flow: Learn how cyber adversaries combine and sequence offensive techniques
2025-04-16 05:00

MITRE’s Attack Flow project aims to translate complex cyber operations into a structured language. By describing how adversaries sequence and combine offensive techniques to reach their...