Security News

Signalgate: Pentagon watchdog probes Defense Sec Hegseth
2025-04-04 00:36

Classification compliance? Records retention requirements? How quaint A US Department of Defense watchdog has opened an investigation into its own Secretary of Defense, Pete Hegseth, over his use...

For flux sake: CISA, annexable allies warn of hot DNS threat
2025-04-03 22:54

Shape shifting technique described as menace to national security The US govt's Cybersecurity Infrastructure Agency, aka CISA, on Thursday urged organizations, internet service providers, and...

Max severity RCE flaw discovered in widely used Apache Parquet
2025-04-03 21:29

A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. [...]

Hunters International shifts from ransomware to pure data extortion
2025-04-03 21:06

The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to date theft and extortion-only attacks. [...]

Microsoft starts testing Windows 11 taskbar icon scaling
2025-04-03 20:04

​Microsoft is testing a new taskbar icon scaling feature that automatically scales down Windows taskbar icons to show more apps when it gets too overcrowded. [...]

CISA warns of Fast Flux DNS evasion used by cybercrime gangs
2025-04-03 19:37

CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the "Fast Flux" cybercrime evasion technique used by state-sponsored...

Suspected Chinese spies right now hijacking buggy Ivanti gear – for third time in 3 years
2025-04-03 19:14

Simple denial-of-service blunder turned out to be remote unauth code exec disaster Suspected Chinese government spies have been exploiting a newly disclosed critical bug in Ivanti VPN appliances...

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
2025-04-03 17:52

A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS)...

Ivanti patches Connect Secure zero-day exploited since mid-March
2025-04-03 17:43

Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March...

Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware
2025-04-03 17:39

Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. "These campaigns notably use redirection methods such as URL...