Yesterday’s headlines have sent ripples through the cybersecurity and software supply chain communities: MITRE announced that U.S. government funding for the CVE (Common Vulnerabilities and Exposures) database was set to expire today. Overnight, the CVE Foundation emerged with a plan…
Category: EN
Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler
Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues…
6,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in Drag and Drop Multiple File Upload for WooCommerce WordPress Plugin
On March 28th, 2025, we received a submission for an Arbitrary File Move vulnerability in Drag and Drop Multiple File Upload for WooCommerce, a WordPress plugin with more than 6,000 active installations. This vulnerability makes it possible for unauthenticated threat…
CISA Extends Support a Last Minute to CVE Program, Averting Global Cybersecurity Crisis
CISA announced an eleventh-hour contract extension with MITRE Corporation to maintain the Common Vulnerabilities and Exposures (CVE) program, narrowly avoiding a lapse in federal funding that threatened to destabilize vulnerability management worldwide. The move came just hours before the program’s…
Researchers Expose Medusa Ransomware Group’s Onion Site
Researchers have successfully infiltrated the digital fortress of one of the most prolific ransomware groups, Medusa Locker. Known for targeting critical sectors like healthcare, education, and manufacturing, the group has been responsible for numerous cyberattacks since its detection in 2019.…
Interlock Ransomware Uses Multi-Stage Attack Through Legitimate Websites to Deliver Malicious Browser Updates
The Interlock ransomware intrusion set has escalated its operations across North America and Europe with sophisticated techniques. Not falling under the typical Ransomware-as-a-Service (RaaS) category, Interlock operates independently, focusing primarily on Big Game Hunting and double extortion campaigns. This group’s…
CVE program gets last-minute funding from CISA – and maybe a new home
Feds extend vulnerability nerve-center contract at 11th hour In an 11th-hour reprieve, the US government last night agreed to continue funding the globally used Common Vulnerabilities and Exposures (CVE) Program.… This article has been indexed from The Register – Security…
Vulnerability Summary for the Week of April 7, 2025
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info n/a — n/a A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating…
ASML, Others Outline Impact Of Trump’s Tariffs
Chip making giant ASML mirrors other equipment makers, and outlines financial impact of Donald Trump’s tariffs This article has been indexed from Silicon UK Read the original article: ASML, Others Outline Impact Of Trump’s Tariffs
China Names US Operatives For Alleged Cyberattacks
China is reportedly pursuing three alleged US NSA operatives, after cyberattacks on Chinese infrastructure This article has been indexed from Silicon UK Read the original article: China Names US Operatives For Alleged Cyberattacks
Hackers Target Investors Through Fraud Networks to Steal Financial Data
Hackers have launched sophisticated schemes designed to defraud investors and steal their financial data. Utilizing digital platforms, encrypted messaging apps, and crypto transactions, these criminals exploit the rise of online investment platforms to conduct their fraudulent activities. Fraudulent networks employ…
How Apple plans to train its AI on your data without sacrificing your privacy
Apple’s solution is called ‘differential privacy’ – and it’s already been using it for Genmojis. This article has been indexed from Latest stories for ZDNET in Security Read the original article: How Apple plans to train its AI on your…
2025 Imperva Bad Bot Report: How AI is Supercharging the Bot Threat
Bad bots continue to target organizations across every industry and geography, but the rise of Artificial Intelligence (AI) is fueling bot attacks, making them more intelligent and more evasive than ever before. For over twelve years, Imperva has been dedicated…
MITRE CVE Program Gets Last-Hour Funding Reprieve
The US government’s cybersecurity agency CISA has “executed the option period on the contract” to keep the vulnerability catalog operational. The post MITRE CVE Program Gets Last-Hour Funding Reprieve appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1
IntroductionThe Zscaler ThreatLabz team discovered new activity associated with Mustang Panda, originating from two machines from a targeted organization in Myanmar. This research led to the discovery of new ToneShell variants and several previously undocumented tools. Mustang Panda, a China-sponsored…
Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak | P2
This is Part 2 of our two-part technical analysis on Mustang Panda’s new tools. For details on ToneShell and StarProxy, go to Part 1.IntroductionIn addition to the new ToneShell variants and StarProxy, Zscaler ThreatLabz discovered two new keyloggers used by…
Oracle Faces Data Leak Claims, Clarifies Cloud Services Remain Safe
Oracle has informed its users that a recent cyberattack only affected two outdated servers that are no longer in use. These systems were separate from Oracle’s main cloud services, and the company says that no active customer data or…
Evolving Threat of Ransomware: From Extortion to Data Poisoning
Over the years, ransomware attacks have become a staple of cybercrime, primarily involving hackers encrypting critical databases and demanding a ransom in exchange for a decryption key. This traditional model of cyber extortion has already caused significant disruption across industries. …
Google Introduces ‘Auto Restart’ Feature to Boost Android Device Security
Google, the global search giant and a subsidiary of Alphabet Inc., is rolling out a new security feature dubbed “Auto Restart” to enhance data protection on Android devices. The feature is designed to prevent unauthorized access to sensitive information in…
Can Passwordless Tactics Help Thwart Major Cyber Threats?
In the ever-evolving cybersecurity landscape, one age-old vulnerability continues to haunt individuals and organizations alike: passwords. From weak or reused credentials to phishing and brute-force attacks, traditional password-based authentication has proven to be a persistent weak link in the digital…