The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said…
Mar 13, 2025Ravie LakshmananAuthentication / Vulnerability Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections. SAML is an…
As IT environments grow more complex, IT professionals are facing unprecedented pressure to secure business-critical data. With hybrid work the new standard and cloud adoption on the rise, data is increasingly distributed across different environments,…
Mar 13, 2025Ravie LakshmananOpen Source / Vulnerability Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has been assigned the CVE…
Mar 13, 2025Ravie LakshmananBrowser Security / Encryption Browser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending expiration of…
Mar 12, 2025Ravie LakshmananCyber Espionage / Vulnerability The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX routers from Juniper Networks as part of a campaign designed to deploy custom backdoors,…
Mar 12, 2025Ravie LakshmananCloud Security / Vulnerability Threat intelligence firm GreyNoise is warning of a “coordinated surge” in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning multiple platforms. “At least 400 IPs have been…
We’ve been hearing the same story for years: AI is coming for your job. In fact, in 2017, McKinsey printed a report, Jobs Lost, Jobs Gained: Workforce Transitions in a Time of Automation, predicting that…
Mar 12, 2025Ravie LakshmananPatch Tuesday / Vulnerability Microsoft on Tuesday released security updates to address 57 security vulnerabilities in its software, including a whopping six zero-days that it said have been actively exploited in the…
Mar 12, 2025Ravie LakshmananEndpoint Security / Vulnerability Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in “extremely sophisticated” attacks. The vulnerability has been assigned the…