Hackers continue to exploit the ConnectWise ScreenConnect remote management and monitoring (RMM) tool to deploy malicious payloads, with a focus on financial organizations. An independent researcher first reported a potential critical vulnerability in ScreenConnect versions 23.9.7 and prior through the…
Category: EN
Airlines Don’t Want You to Know They Sold Your Flight Data to DHS
A contract obtained by 404 Media shows that an airline-owned data broker forbids the feds from revealing it sold them detailed passenger data. This article has been indexed from Security Latest Read the original article: Airlines Don’t Want You to…
Ongoing cyberattack at US grocery distributor giant UNFI affecting customer orders
United Natural Foods said it is “diligently managing through the cyber incident” that sparked disruption outages. This article has been indexed from Security News | TechCrunch Read the original article: Ongoing cyberattack at US grocery distributor giant UNFI affecting customer…
Canva Creators’ Data Exposed Via AI Chatbot Company Database
A significant data breach involving personal information from hundreds of Canva Creators program participants, exposed through an unsecured AI chatbot database operated by a Russian company. The incident highlights emerging security vulnerabilities in the rapidly expanding artificial intelligence supply chain.…
ISPConfig Vulnerability Allows Privilege Escalation to Superadmin and PHP Code Injection
A critical security vulnerability has been discovered in ISPConfig version 3.2 build 12p1 that allows authenticated remote users to escalate their privileges to superadmin status and subsequently execute arbitrary PHP code on affected systems. The vulnerability, identified by an independent…
Google bug allowed phone number of almost any user to be discovered
Google has fixed a vulnerability in its account recovery flow which could have allowed attackers to find linked phone numbers. This article has been indexed from Malwarebytes Read the original article: Google bug allowed phone number of almost any user…
44% of people encounter a mobile scam every single day, Malwarebytes finds
A mobile scam finds most people at least once a week, new Malwarebytes research reveals. The financial and emotional consequences are dire. This article has been indexed from Malwarebytes Read the original article: 44% of people encounter a mobile scam…
Trump guts digital ID rules, claims they help ‘illegal aliens’ commit fraud
Also axes secure software mandates – optional is the new secure, apparently President Donald Trump late Friday signed a cybersecurity-focused executive order that, in the White House’s words, “amends problematic elements of Obama and Biden-era Executive Orders.”… This article has…
Hackers Stole 300,000 Crash Reports From Texas Department of Transportation
The Texas Department of Transportation has disclosed a data breach impacting the personal information included in 300,000 crash reports. The post Hackers Stole 300,000 Crash Reports From Texas Department of Transportation appeared first on SecurityWeek. This article has been indexed…
ISPConfig Vulnerability Allows Privilege Escalation to Superadmin and PHP Code Injection Exploit
A critical security vulnerability has been identified in ISPConfig version 3.2.12p1, a widely used open-source web hosting control panel. The vulnerability allows authenticated attackers to escalate their privileges to that of a superadmin and execute arbitrary PHP code remotely, posing…
New SharePoint Phishing Campaigns Employing Deceptive Lick Techniques
Security analysts at CyberProof’s Security Operations Center (SOC) have identified a sharp rise in phishing campaigns leveraging Microsoft SharePoint to bypass modern detection systems. Unlike traditional phishing attempts that rely on embedded malicious links, these sophisticated attacks exploit the inherent…
Secure Your Oracle Database Passwords in AWS RDS With a Password Verification Function
Protecting database access through strong password policies is a cornerstone of security in any environment. When deploying Oracle databases on AWS RDS, enforcing password complexity is essential, but the approach differs slightly from on-premises Oracle environments. AWS provides two primary…
Vanta’s AI agent wants to run your compliance program — and it just might
Vanta launches autonomous AI agent that automates security compliance workflows, helping enterprises save 12+ hours weekly on policy management and audit preparation. This article has been indexed from Security News | VentureBeat Read the original article: Vanta’s AI agent wants…
How Cisco plans to stop rogue AI agent attacks inside your network
As AI agents grow more powerful and unpredictable, Cisco unveils tools to lock down networks, track agent behavior, and prevent chaos before it spreads through your infrastructure. This article has been indexed from Latest stories for ZDNET in Security Read…
What cybersecurity experts are talking about in 2025
The cybersecurity field moves quickly, with new research surfacing regularly and threat actors constantly shifting their approaches. We’ve gathered five recent research topics that caught our attention, each offering a different angle on the current threat landscape and the creative…
Swimlane Raises $45 Million for Security Automation Platform
Swimlane has raised $45 million in a growth funding round to fuel its global channel expansion and product innovation. The post Swimlane Raises $45 Million for Security Automation Platform appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
AU10TIX AnyDoc Authentication identifies tampered or forged documents
AU10TIX is enhancing its product suite with the launch of AnyDoc Authentication, a capability that exposes forged, tampered, or synthetic non-ID documents that may bypass traditional identity verification methods. AnyDoc harnesses advanced AI, forensic forgery detection, and metadata analysis to…
Webinar: Cloud security made easy with CIS Hardened Images
This webinar is designed for leadership and management professionals looking to enhance their organization’s security posture in the cloud. The authors explore CIS Hardened Images: how they work, the security benefits they offer, and why they’re especially valuable for public…
DDoS Attacks on Financial Sector Surge in Scale and Sophistication
The financial sector was the industry most targeted by distributed denial-of-service (DDoS) attacks in 2024, with a peak in October This article has been indexed from www.infosecurity-magazine.com Read the original article: DDoS Attacks on Financial Sector Surge in Scale and…
Critical Vulnerability in Lovable’s Security Policies Allows Malicious Code Injection
Security researchers have uncovered a widespread vulnerability in Lovable’s AI-powered development platform that exposes sensitive user data and enables malicious code injection across hundreds of applications. The critical vulnerability, discovered on March 20, 2025, affects the platform’s implementation of Row…