Security News

Ivanti warns of critical Neurons for ITSM auth bypass flaw
2025-05-13 15:54

​Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability. [...]

New "Bring Your Own Installer" EDR bypass used in ransomware attack
2025-05-05 20:28

A new "Bring Your Own Installer" EDR bypass technique is exploited in attacks to bypass SentinelOne's tamper protection feature, allowing threat actors to disable endpoint detection and response...

Cybercriminals blend AI and social engineering to bypass detection
2025-04-21 05:00

Attackers are focusing more on stealing identities. Because of this, companies need to use zero trust principles. They should also verify user identities more carefully, says DirectDefense....

ASUS warns of critical auth bypass flaw in routers using AiCloud
2025-04-18 16:05

ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. [...]

Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
2025-04-17 15:22

The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting...

New Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with Logs
2025-04-16 16:18

Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege...

41% of Attacks Bypass Defenses: Adversarial Exposure Validation Fixes That
2025-04-16 14:02

Your dashboards say you're secure—but 41% of threats still get through. Picus Security's Adversarial Exposure Validation uncovers what your stack is missing with continuous attack simulations and...

Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed
2025-04-13 08:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) April 2025 Patch Tuesday...

Hackers exploit WordPress plugin auth bypass hours after disclosure
2025-04-10 19:11

Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. [...]

WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334)
2025-04-07 11:28

WinRAR users, upgrade your software as soon as possible: a vulnerability (CVE-2025-31334) that could allow attackers to bypass Windows’ Mark of the Web (MotW) security warning and execute...