Security News

Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756)
2025-05-13 18:38

Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice phone / conferencing systems, the company’s product security incident...

Magento supply chain attack compromises hundreds of e-stores
2025-05-02 18:09

A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational. [...]

Oracle Health breach compromises patient data at US hospitals
2025-03-28 14:13

A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers. [...]

Infostealer campaign compromises 10 npm packages, targets devs
2025-03-27 20:22

Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. [...]

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)
2025-03-24 13:07

A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web pages they should no...

CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
2025-03-19 05:05

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known...

GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories
2025-03-17 10:11

Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous...

CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries
2025-02-26 10:53

The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday warned of renewed activity from an organized criminal group it tracks as UAC-0173 that involves infecting computers with a...

Threat actors are using legitimate Microsoft feature to compromise M365 accounts
2025-02-14 14:16

Suspected Russian threat actors have been taking advantage of Microsoft Device Code Authentication to trick targets into granting them access to their Microsoft 365 (M365) accounts. “While Device...

Attackers compromise IIS servers by leveraging exposed ASP.NET machine keys
2025-02-07 12:11

A ViewState code injection attack spotted by Microsoft threat researchers in December 2024 could be easily replicated by other attackers, the company warned. “In the course of investigating,...