Security News

New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking
2025-03-18 13:31

A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out...

Like whitebox servers, rent-a-crew crime 'affiliates' have commoditized ransomware
2025-03-07 11:31

Which is why taking down chiefs and infra behind big name brand operations isn't working Interview There's a handful of cybercriminal gangs that Jason Baker, a ransomware negotiator with...

Over 37,000 VMware ESXi servers vulnerable to ongoing attacks
2025-03-06 15:39

Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. [...]

Rubrik rotates authentication keys after log server breach
2025-03-03 20:53

Rubrik disclosed last month that one of its servers hosting log files was breached, causing the company to rotate potentially leaked authentication keys. [...]

New OpenSSH flaws expose SSH servers to MiTM and DoS attacks
2025-02-18 17:07

OpenSSH has released security updates addressing two vulnerabilities, a machine-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago. [...]

Microsoft fixes bug causing Windows Server 2025 boot errors
2025-02-14 11:18

​Microsoft has fixed a known issue causing "boot device inaccessible" errors during startup on some Windows Server 2025 systems using iSCSI. [...]

Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster
2025-02-13 18:26

The Dutch Police (Politie) dismantled the ZServers/XHost bulletproof hosting operation after taking offline 127 servers used by the illegal platform. [...]

DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects
2025-02-10 09:44

Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS...

Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers
2025-02-07 18:42

Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial...

Attackers compromise IIS servers by leveraging exposed ASP.NET machine keys
2025-02-07 12:11

A ViewState code injection attack spotted by Microsoft threat researchers in December 2024 could be easily replicated by other attackers, the company warned. “In the course of investigating,...