Security News

New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework
2025-04-25 10:41

Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution.  "The exploitation is...

Everest ransomware's dark web leak site defaced, now offline
2025-04-07 18:30

The dark web leak site of the Everest ransomware gang has apparently been hacked over the weekend by an unknown attacker and is now offline. [...]

WinRAR flaw bypasses Windows Mark of the Web security alerts
2025-04-05 14:14

A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine. [...]

Web 3.0 Requires Data Integrity
2025-04-03 11:05

If you’ve ever taken a computer security class, you’ve probably learned about the three legs of computer security—confidentiality, integrity, and availability—known as the CIA triad. When we talk...

Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign
2025-04-03 04:45

Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface (API) from payment processor Stripe to validate stolen payment...

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
2025-03-30 05:07

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched...

Hijacked Microsoft web domain injects spam into SharePoint servers
2025-03-27 23:11

The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all SharePoint sites with old embedded videos to display it as spam. [...]

Vivaldi integrates Proton VPN into the browser to fight web tracking
2025-03-27 13:39

Vivaldi has announced the integration of Proton VPN directly into its browser without requiring add-on downloads or plugin activations, allowing users to protect their data against 'Big Tech'...

How does your data end up on the dark web?
2025-03-26 05:00

The dark web is a hidden corner of the internet where people can remain anonymous. It’s often confused with the deep web, but they’re not quite the same thing. The deep web is just everything...

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)
2025-03-24 13:07

A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web pages they should no...