Security News

Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader
2025-04-18 12:03

A new multi-stage attack has been observed delivering malware families like Agent Tesla variants, Remcos RAT, and XLoader. "Attackers increasingly rely on such complex delivery mechanisms to evade...

CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download
2025-04-18 04:29

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog,...

Windows NTLM hash leak flaw exploited in phishing attacks on governments
2025-04-17 19:20

A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. [...]

Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks
2025-04-17 15:54

Find out the specifics of these iOS and macOS vulnerabilities, as well as which Apple devices were impacted.

Ahold Delhaize confirms data theft after INC ransomware claims attack
2025-04-17 14:49

Food retail giant Ahold Delhaize confirms that data was stolen from its U.S. business systems during a November 2024 cyberattack. [...]

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)
2025-04-17 12:24

CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting government and private...

CISA tags SonicWall VPN flaw as actively exploited in attacks
2025-04-17 08:54

On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability. [...]

Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)
2025-04-17 08:27

Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been exploited “in an...

Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks
2025-04-17 03:33

Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild. The...

Developers Beware: Slopsquatting & Vibe Coding Can Increase Risk of AI-Powered Attacks
2025-04-16 19:09

Slopsquatting and vibe coding are fueling a new wave of AI-driven cyberattacks, exposing developers to hidden risks through fake, hallucinated packages.