Security News

ClickFix attack delivers infostealers, RATs in fake Booking.com emails
2025-03-13 15:00

Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including...

GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks
2025-03-13 12:26

Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication...

Facebook discloses FreeType 2 flaw exploited in attacks
2025-03-12 21:04

Facebook is warning that a FreeType vulnerability in all versions up to 2.13 can lead to arbitrary code execution, with reports that the flaw has been exploited in attacks. [...]

Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack
2025-03-12 11:56

Threat intelligence firm GreyNoise is warning of a "coordinated surge" in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning multiple platforms. "At least 400 IPs have...

Defending against EDR bypass attacks
2025-03-12 05:00

EDR bypass and killer attacks are surging, yet many organizations continue to overlook this threat while they have become over-reliant on this security tool – particularly when preventing...

Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks
2025-03-12 04:02

Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in "extremely sophisticated" attacks. The vulnerability has been assigned the CVE identifier...

Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks
2025-03-11 18:43

Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in "extremely sophisticated" attacks. [...]

Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks
2025-03-11 14:35

The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. "The monitored campaigns...

Critical PHP RCE vulnerability mass exploited in new attacks
2025-03-11 14:26

Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. [...]

CISA tags critical Ivanti EPM flaws as actively exploited in attacks
2025-03-11 13:01

CISA warned U.S. federal agencies to secure their networks against attacks exploiting three critical vulnerabilities affecting Ivanti Endpoint Manager (EPM) appliances. [...]