The rapid pace of technological change, evolving regulations, and shifting customer expectations require CIAM systems that can adapt and evolve over time. The organizations that build sustainable competitive advantages through CIAM are those that invest in flexible, extensible architectures that…
Category: EN
New pathWiper Malware Targets Critical Infrastructure to Deploy Admin Tools
Cisco Talos has uncovered a sophisticated and destructive cyberattack targeting a critical infrastructure entity in Ukraine, deploying a previously unknown wiper malware dubbed “PathWiper.” This attack, attributed with high confidence to a Russia-nexus advanced persistent threat (APT) actor, showcases the…
US Offering $10 Million Reward for RedLine Malware Developer
A reward is being offered for Maxim Alexandrovich Rudometov, who is accused of developing and managing the RedLine malware. The post US Offering $10 Million Reward for RedLine Malware Developer appeared first on SecurityWeek. This article has been indexed from…
HPE Patches Critical Vulnerability in StoreOnce
An HPE StoreOnce vulnerability allows attackers to bypass authentication, potentially leading to remote code execution. The post HPE Patches Critical Vulnerability in StoreOnce appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: HPE Patches…
New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack
A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos. “The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had…
BADBOX 2.0 Malware Hits Over a Million Android Devices in Global Cyber Threat
HUMAN’s Satori Threat Intelligence and Research team, in collaboration with Google, Trend Micro, and Shadowserver, has uncovered and partially disrupted a massive cyber fraud operation named BADBOX 2.0. This operation, an evolved iteration of the original BADBOX malware disclosed in…
Paste.ee Turned Cyber Weapon: XWorm and AsyncRAT Delivered by Malicious Actors
The widespread text-sharing website Paste.ee has been used as a weapon by bad actors to spread powerful malware strains like XWorm and AsyncRAT, which is a worrying trend for cybersecurity professional. This tactic represents a significant shift in phishing and…
OpenAI Report: 10 AI Threat Campaigns Revealed Including Windows-Based Malware, Fake Resumes
OpenAI’s June 2025 report, which details 10 threats from six countries, warns that AI is accelerating cyber threats, lowering barriers for attackers, and calling for collective detection efforts. This article has been indexed from Security | TechRepublic Read the original…
Play ransomware group hit 900 organizations since 2022
A joint advisory from the US and Australian authorities states that Play ransomware has hit approximately 900 organizations over the past three years. A joint advisory from the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and…
Iranian APT ‘BladedFeline’ Stays Silent in Organizations Network for 8 Years
A sophisticated Iranian cyberespionage group has maintained undetected access to government networks across Iraq and the Kurdistan Regional Government for nearly eight years, representing one of the longest-running advanced persistent threat campaigns in the Middle East. The group, designated as…
PoC Exploit Released for Apache Tomcat DoS Vulnerability
A critical memory leak vulnerability in Apache Tomcat’s HTTP/2 implementation (CVE-2025-31650) has been weaponized, enabling unauthenticated denial-of-service attacks through malformed priority headers. The flaw affects Tomcat versions 9.0.76–9.0.102, 10.1.10–10.1.39, and 11.0.0-M2–11.0.5, with public exploits already circulating 12. Vulnerability Mechanics and…
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. “Several widely used extensions […] unintentionally transmit sensitive data…
Kettering data published, Reddit sues Anthropic, North Face breached
Stolen Kettering Health data published Reddit sues Anthropic for scraping North Face website customer accounts breached Huge thanks to our sponsor, Conveyor Let me guess, another security questionnaire just landed in your inbox. Which means all the follow up tasks…
How to secure your portable devices against cyberthreats
Portable devices such as smartphones, tablets, and laptops have become integral to our daily routines, storing a wealth of sensitive personal and professional information. As… The post How to secure your portable devices against cyberthreats appeared first on Panda Security…
Hackers Exploit Roundcube Vulnerability to Steal User Credentials via XSS Attack
A recent spearphishing campaign targeting Polish entities has been attributed with high confidence to the UNC1151 threat actor, a group linked to Belarusian state interests and, according to some sources, Russian intelligence services. CERT Polska reports that the attackers leveraged…
Hackers Using New Sophisticated iMessage 0-Click Exploit to Attack iPhone Users
A previously unknown zero-click vulnerability in Apple’s iMessage appears to have been exploited by sophisticated threat actors targeting high-profile individuals across the United States and the European Union. The vulnerability, dubbed “NICKNAME,” affected iOS versions up to 18.1.1 and was…
June 2025 Patch Tuesday forecast: Second time is the charm?
Microsoft has been busy releasing more out-of-band (OOB) patches than usual throughout May. The May Patch Tuesday release of updates was typical in number of vulnerabilities addressed with 41 in both Windows 10 and 11, and their associated servers. They…
Claroty enhances xDome platform with Device Purpose and Risk Benchmarking capabilities
Claroty announced new capabilities in its SaaS-based Claroty xDome platform that provide organizations with an impact-centric view of their CPS environment. The new additions, Device Purpose and Risk Benchmarking, allow users to see how the overall risk of an environment…
Pathlock helps organizations protect their SAP environments from development to deployment
Pathlock announced a major expansion of its SAP cybersecurity offerings, introducing a new portfolio of value-driven and easy-to-deploy SAP cybersecurity solutions, including a Free Edition. Designed to deliver maximum value and fast time-to-protection, the launch marks a significant step toward…
Cyber Extortion, Ukraine’s Cyber Offensive, and Chrome Trust Shake-up
Cybersecurity Today, hosted by Jim Love, delves into the latest in cyber threats. Cyber criminals have breached 20 organizations via convincing fake IT support calls, targeting Salesforce data for extortion. Ukraine’s intelligence claims a significant cyber operation against Russia’s…