Security News

Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks
2025-05-22 15:06

A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and...

Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks
2025-05-22 12:07

A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe,...

CTM360 report: Ransomware exploits trust more than tech
2025-05-22 05:30

A recent wave of ransomware attacks has disrupted major retailers across the UK. According to a new report from CTM360, the attackers didn’t need to break down the door, they were invited in...

Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics
2025-05-21 18:06

Russian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022. The activity has been assessed to be...

Hazy Hawk gang exploits DNS misconfigs to hijack trusted domains
2025-05-20 15:57

A threat actor named 'Hazy Hawk' has been using DNS CNAME hijacking to hijack abandoned cloud endpoints of domains belonging to trusted organizations and incorporate them in large-scale scam...

Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery
2025-05-20 15:53

A threat actor known as Hazy Hawk has been observed hijacking abandoned cloud resources of high-profile organizations, including Amazon S3 buckets and Microsoft Azure endpoints, by leveraging...

Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts
2025-05-20 05:49

Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and...

⚡ Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and More
2025-05-19 10:00

Cybersecurity leaders aren’t just dealing with attacks—they’re also protecting trust, keeping systems running, and maintaining their organization’s reputation. This week’s developments highlight a...

Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own
2025-05-16 15:23

During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red...

Google fixes high severity Chrome flaw with public exploit
2025-05-15 08:25

Google has released emergency security updates to patch a high-severity Chrome vulnerability that has a public exploit and can let attackers hijack accounts. [...]