software vulnerability

State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability

Sep 24, 2025Ravie LakshmananVulnerability / Email Security Libraesva has released a security update to address a vulnerability in its Email Security Gateway (ESG) solution that it said has been exploited by state-sponsored threat actors. The…

Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security

Sep 23, 2025Ravie LakshmananFirmware Security / Vulnerability Cybersecurity researchers have disclosed details of two security vulnerabilities impacting Supermicro Baseboard Management Controller (BMC) firmware that could potentially allow attackers to bypass crucial verification steps and update…

Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries

Sep 23, 2025Ravie LakshmananFinancial Crime / Cryptocurrency Law enforcement authorities in Europe have arrested five suspects in connection with an “elaborate” online investment fraud scheme that stole more than €100 million ($118 million) from over…

U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN

Sep 23, 2025Ravie LakshmananNational Security / Threat Intelligence The U.S. Secret Service on Tuesday said it took down a network of electronic devices located across the New York tri-state area that were used to threaten…

SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw

Sep 23, 2025Ravie LakshmananVulnerability / Data Security SolarWinds has released hot fixes to address a critical security flaw impacting its Web Help Desk software that, if successfully exploited, could allow attackers to execute arbitrary commands…

Why CISOs Must Rethink Incident Remediation

Big companies are getting smaller, and their CEOs want everyone to know it. Wells Fargo has cut its workforce by 23% over five years, Bank of America has shed 88,000 employees since 2010, and Verizon’s…

ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service

Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against targets of interest. The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers…

GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

Sep 23, 2025Ravie LakshmananSupply Chain Attack / Malware GitHub on Monday announced that it will be changing its authentication and publishing options “in the near future” in response to a recent wave of supply chain…

BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells

Sep 23, 2025Ravie LakshmananSEO Poisoning / Malware Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken by a Chinese-speaking threat actor using a malware called BadIIS in attacks targeting…

ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks

Organizations in Belarus, Kazakhstan, and Russia have emerged as the target of a phishing campaign undertaken by a previously undocumented hacking group called ComicForm since at least April 2025. The activity primarily targeted industrial, financial,…

« Previous
1
…
46
47
48
49
50
…
342
Next »