Security News

Qilin Ransomware Ranked Highest in April 2025 with 72 Data Leak Disclosures
2025-05-08 13:47

Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a...

159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure
2025-04-24 12:58

As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. "We continue to see vulnerabilities being exploited at a fast pace...

Hackers exploit WordPress plugin auth bypass hours after disclosure
2025-04-10 19:11

Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. [...]

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure
2025-03-17 17:08

A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public...

Zabbix urges upgrades after critical SQL injection bug disclosure
2024-11-29 17:44

US agencies blasted 'unforgivable' SQLi flaws earlier this year Open-source enterprise network and application monitoring provider Zabbix is warning customers of a new critical vulnerability that...

Oracle warns of Agile PLM file disclosure flaw exploited in attacks
2024-11-19 19:56

Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files. [...]

SEC fines tech companies for misleading SolarWinds disclosures
2024-10-25 12:06

The Securities and Exchange Commission charged four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited – with...

SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures
2024-10-25 09:36

The U.S. Securities and Exchange Commission (SEC) has charged four current and former public companies for making "materially misleading disclosures" related to the large-scale cyber attack that...

Tech firms to pay millions in SEC penalties for misleading SolarWinds disclosures
2024-10-22 16:31

Unisys, Avaya, Check Point, and Mimecast settled with the agency without admitting or denying wrongdoing Four high-profile tech companies reached an agreement with the Securities and Exchange...

Jetpack fixes critical information disclosure flaw existing since 2016
2024-10-14 19:30

WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site. [...]