cyber security news

CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack

Oct 16, 2025Ravie LakshmananVulnerability / Data Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based on…

Chinese Threat Group ‘Jewelbug’ Quietly Infiltrated Russian IT Network for Months

A threat actor with ties to China has been attributed to a five-month-long intrusion targeting a Russian IT service provider, marking the hacking group’s expansion to the country beyond Southeast Asia and South America. The…

F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion

Oct 15, 2025Ravie LakshmananVulnerability / Threat Intelligence U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP’s source code and information related to…

Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks

New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain…

How Attackers Bypass Synced Passkeys

Oct 15, 2025Ravie LakshmananData Protection / Browser Security TLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys. Synced passkeys…

Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped

Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant officially ended support for its…

Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control

Oct 15, 2025Ravie LakshmananVulnerability / Critical Infrastructure Cybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixnet remote terminal unit (RTU) products that, if successfully exploited, could result in code execution with the…

Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access

Oct 15, 2025Ravie LakshmananVulnerability / Server Security Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer software from ICT Innovations, has come under active exploitation in the wild. The vulnerability, assigned…

New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login

Oct 15, 2025Ravie Lakshmanan Enterprise Software / Vulnerability SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in…

Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year

Oct 14, 2025Ravie LakshmananCyber Espionage / Network Security Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than…

« Previous
1
…
40
41
42
43
44
…
348
Next »