Security News

Ex-NSA cyber-boss: AI will soon be a great exploit coder
2025-04-30 23:31

For now it's a potential bug-finder and friend to defenders RSAC Former NSA cyber-boss Rob Joyce thinks today's artificial intelligence is dangerously close to becoming a top-tier vulnerability...

Enterprise tech dominates zero-day exploits with no signs of slowdown
2025-04-29 17:02

As Big Tech gets used to the pain, smaller vendors urged to up their game

⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More
2025-04-28 12:18

What happens when cybercriminals no longer need deep skills to breach your defenses? Today’s attackers are armed with powerful tools that do the heavy lifting — from AI-powered phishing kits to...

Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised
2025-04-28 07:13

Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access. The attacks, first observed...

Craft CMS RCE exploit chain used in zero-day attacks to steal data
2025-04-25 19:44

Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. [...]

Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp
2025-04-23 10:49

Multiple suspected Russia-linked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft...

When confusion becomes a weapon: How cybercriminals exploit economic turmoil
2025-04-23 06:00

It begins with a simple notification: “Markets in Free Fall.” Within moments, the headlines multiply: new tariffs, emergency actions, plummeting consumer confidence. Across boardrooms and break...

Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals
2025-04-22 16:46

Cybersecurity researchers have detailed a malware campaign that's targeting Docker environments with a previously undocumented technique to mine cryptocurrency. The activity cluster, per Darktrace...

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)
2025-04-22 12:06

There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week. “All users running an SSH server...

Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials
2025-04-22 10:50

In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google's infrastructure and...