Security News

CISA: Medusa ransomware hit over 300 critical infrastructure orgs
2025-03-12 19:26

CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month. [...]

Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws
2025-03-12 01:24

Microsoft tackles 50-plus security blunders, Adobe splats 3D bugs, and Apple deals with a doozy Patch Tuesday Microsoft’s Patch Tuesday bundle has appeared, with a dirty dozen flaws competing for...

Critical PHP RCE vulnerability mass exploited in new attacks
2025-03-11 14:26

Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. [...]

CISA tags critical Ivanti EPM flaws as actively exploited in attacks
2025-03-11 13:01

CISA warned U.S. federal agencies to secure their networks against attacks exploiting three critical vulnerabilities affecting Ivanti Endpoint Manager (EPM) appliances. [...]

Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches
2025-03-11 06:45

Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees. The...

Swiss critical sector faces new 24-hour cyberattack reporting rule
2025-03-10 15:47

Switzerland's National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the...

Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
2025-03-06 12:33

Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code...

US charges Chinese hackers linked to critical infrastructure breaches
2025-03-05 17:23

The US Justice Department has charged Chinese state security officers along with APT27 and i-Soon hackers for network breaches and cyberattacks that have targeted victims globally since 2011. [...]

89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals
2025-02-27 13:05

Organizations are either already adopting GenAI solutions, evaluating strategies for integrating these tools into their business plans, or both. To drive informed decision-making and effective...

Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws
2025-02-21 06:51

PoC exploit code shows why this is a patch priority Security engineers have released a proof-of-concept exploit for four critical Ivanti Endpoint Manager bugs, giving those who haven't already...