A critical flaw (CVE-2025-24859, CVSS 10) in Apache Roller lets attackers keep access even after password changes. All versions ≤6.1.4 are affected. A critical vulnerability, tracked as CVE-2025-24859 (CVSS score of 10.0), affects the Apache Roller open-source, Java-based blogging server software. The…
Category: EN
Chinese snoops use stealth RAT to backdoor US orgs – still active last week
Let the espionage and access resale campaigns begin (again) A cyberspy crew or individual with ties to China’s Ministry of State Security has infected global organizations with a remote access trojan (RAT) that’s “even better” than Cobalt Strike, using this…
Conduent Says Names, Social Security Numbers Stolen in Cyberattack
The business services provider confirms personal information such as names and Social Security numbers was stolen in a January cyberattack. The post Conduent Says Names, Social Security Numbers Stolen in Cyberattack appeared first on SecurityWeek. This article has been indexed…
Building Smarter AI Through Targeted Training
In recent years, artificial intelligence and machine learning have been in high demand across a broad range of industries. As a consequence, the cost and complexity of constructing and maintaining these models have increased significantly. Artificial intelligence and machine…
WhatsApp Windows Vulnerability CVE-2025-30401 Could Let Hackers Deliver Malware via Fake Images
Meta has issued a high-priority warning about a critical vulnerability in the Windows version of WhatsApp, tracked as CVE-2025-30401, which could be exploited to deliver malware under the guise of image files. This flaw affects WhatsApp versions prior to…
Hertz data breach: Customers in US, EU, UK, Australia and Canada affected
American car rental company Hertz has suffered a data breach linked to last year’s exploitation of Cleo zero-day vulnerabilities by a ransomware gang. The breach resulted in information of an unknown number of customers of Hertz and Hertz’s subsidiaries Dollar…
Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence
A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change. The flaw, assigned the CVE identifier CVE-2025-24859, carries a CVSS…
Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems. “Threat actors are increasingly using…
North Korean Hackers Exploit LinkedIn to Infect Crypto Developers with Infostealers
Posing as potential employers, Slow Pisces hackers conceal malware in coding challenges sent to cryptocurrency developers on LinkedIn This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korean Hackers Exploit LinkedIn to Infect Crypto Developers with Infostealers
What Are the Benefits of a Microservices Architecture?
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: What Are the Benefits of a Microservices Architecture?
How to Blur Your House on Google Maps and Why You Should Do It [6 Easy Steps]
Imagine your home, laid bare for anyone with an internet connection — that’s the reality of unblurred Street View. If you’re concerned about privacy or… The post How to Blur Your House on Google Maps and Why You Should Do…
Check Point and Fuse to Deliver First Real-Time Blockchain Firewall
The rise of blockchain promises a more open, decentralized internet. But with that promise comes new risks—and so far, the security landscape hasn’t kept pace. In 2024 alone, crypto platforms lost over $2.2 billion to cyber attacks, with sophisticated exploits…
Unmasking APT29: The Sophisticated Phishing Campaign Targeting European Diplomacy
Executive Summary Check Point Research has been observing a sophisticated phishing campaign conducted by Advanced Persistent Threat (APT) 29, a Russian-linked threat group. The operation targeted diplomatic organizations throughout Europe. The campaign appears to continue a previous operation called Wineloader,…
PlexTrac for CTEM helps security teams centralize security data
PlexTrac launched PlexTrac for CTEM, expanding the platform’s capabilities with a proactive and continuous threat exposure management solution designed to help security teams centralize security data, prioritize risk based on business impact, and automate validation and remediation workflows. PlexTrac for…
Microsoft Teams File Sharing Unavailable Due to Unexpected Outage
Microsoft Teams users across the globe are experiencing significant disruptions in file-sharing capabilities due to an unexpected outage, impacting workplace communication and collaboration. A wave of reports began surfacing from organizations and individuals unable to share files within Microsoft Teams—the…
Meta will use public EU user data to train its AI models
Meta announced that it will use public EU user data to train AI, resuming plans paused last year over Irish data protection concerns. Meta will start training its AI models using public data from adults in the EU, after pausing…
Prophylactic Cybersecurity for Healthcare
How to Be Proactive in a Reactive World In healthcare, preventative medicine is always more effective, less costly, and has better outcomes than waiting until after a serious heart incident occurs. It’s an apt analogy for cybersecurity as well. Prophylactic…
GitGuardian Launches NHI Governance to Secure Non-Human Identities and Their Secrets for Enterprises
Secrets sprawl is a growing cybersecurity challenge, especially with NHIs. GitGuardian’s new NHI Governance product offers centralized inventory and lifecycle management to help enterprises regain control over their secrets and prevent costly breaches. The post GitGuardian Launches NHI Governance to…
DataDome platform enhancements put businesses in control of AI agents
DataDome announced major advancements to its platform and partner ecosystem that put businesses back in control of how AI agents access and interact with their digital assets. These innovations come at a pivotal moment, as enterprises grapple with the rapid…
Unified Endpoint Management: One Tool to Rule All
As the number of endpoint devices increases, managing and securing them becomes complex. The traditional way of using separate security tools for desktops, mobile devices, tablets, and other endpoints is… The post Unified Endpoint Management: One Tool to Rule All…