Older WinRAR versions let malicious archives override the user-specified path via crafted archives, enabling stealthy system compromise. This article has been indexed from Security | TechRepublic Read the original article: WinRAR Zero-Day Exploited by Russian-Linked Hackers RomCom and Paper Werewolf
Category: EN
Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach
Hackers leaked 2.8M sensitive records from Allianz Life, exposing data on business partners and customers in ongoing Salesforce data theft attacks. Hackers leaked 2.8 million sensitive records of US insurance giant Allianz Life, exposing data on business partners and customers…
CVE-2017-11882 Will Never Die, (Wed, Aug 13th)
One of the key messages broadcasted by security professionals is: “Patch, patch and patch again!”. But they are nasty vulnerabilities that remain exploited by attackers even if they are pretty old. %%cve:2017-11882%% is one of them: this remote code execution…
Malicious npm Package Lures Job Seekers and Exfiltrates Sensitive Data
A self-proclaimed Ukrainian Web3 team targeted a community member during an interview’s first round by instructing them to clone and run a GitHub repository named EvaCodes-Community/UltraX. Suspecting foul play, the individual contacted the SlowMist security team, who conducted a thorough…
I installed Linux on this mini PC – here’s how it transformed my workflow (for the better)
If you only have space for a tiny PC, but don’t want to skimp on power, Geekcom has a great option for you. This article has been indexed from Latest news Read the original article: I installed Linux on this…
Navigating the API Security Landscape: Your Definitive API Security Buyer’s Guide for 2025
APIs power today’s digital economy—connecting customers, partners, and internal services at breakneck speed. But with that agility comes risk: in 2024 alone, API vulnerabilities cost organizations a staggering $2.5 billion in remediation, fines, and lost revenue. As APIs proliferate, traditional…
KnowBe4 refreshes brand after 15 years
KnowBe4, the cybersecurity platform that comprehensively addresses human risk management (HRM), today unveiled a bold new brand with what it claims to be “an innovative new vision for the future of the company.” The refreshed identity reflects KnowBe4’s leadership in…
Critical FortiSIEM Vulnerability Lets Attackers Execute Malicious Commands – PoC Found in the Wild
A critical security vulnerability in the Fortinet FortiSIEM platform allows unauthenticated attackers to execute arbitrary commands remotely. The vulnerability CVE-2025-25256, classified as CWE-78 (OS Command Injection), has been actively exploited in the wild with practical exploit code already circulating among…
Multiple Chrome High-Severity Vulnerabilities Let Attackers Execute Arbitrary Code
Google Chrome has released a critical security update addressing six vulnerabilities that could potentially enable arbitrary code execution on affected systems. The stable channel update to version 139.0.7258.127/.128 for Windows and Mac, and 139.0.7258.127 for Linux, contains patches for multiple…
ICS Patch Tuesday: Major Vendors Address Code Execution Vulnerabilities
August 2025 ICS Patch Tuesday advisories have been published by Siemens, Schneider, Aveva, Honeywell, ABB and Phoenix Contact. The post ICS Patch Tuesday: Major Vendors Address Code Execution Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Ransomware crew spills Saint Paul’s 43GB of secrets after city refuses to cough up cash
Minnesota’s capital is the latest to feature on Interlock’s leak blog after late-July cyberattack The Interlock ransomware gang has flaunted a 43GB haul of files allegedly stolen from the city of Saint Paul, following a late-July cyberattack that forced the…
AWS CISO explains how cloud-native security scales with your business
In this Help Net Security interview, Amy Herzog, CISO at AWS, discusses how cloud-native security enables scalable, flexible protection that aligns with how teams build in the cloud. She explains the Shared Responsibility Model and the tools and processes that…
Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics
Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East’s public sector and aviation industry. The threat actor behind the activity, according to Trend Micro, exhibited tactics mirroring those…
Urgent Vulnerabilities: Patching Exchange, Citrix, and Fortinet
In this episode of Cybersecurity Today, host David Shipley covers critical security updates and vulnerabilities affecting Microsoft Exchange, Citrix NetScaler, and Fortinet SSL VPNs. With over 29,000 unpatched Exchange servers posing a risk for admin escalation and potential full domain…
Critical FortiSIEM Vulnerability Allows Attackers to Execute Malicious Commands, PoC Found in the Wild
Security researchers have discovered a critical vulnerability in Fortinet’s FortiSIEM platform that enables remote attackers to execute unauthorized commands without authentication. The flaw, tracked as CVE-2025-25256, has achieved a maximum CVSS score of 9.8 and poses an immediate threat to…
FortiWeb Authentication Bypass Vulnerability Allows Logins as Any Existing User
A critical security vulnerability in Fortinet’s FortiWeb web application firewall has been discovered that allows unauthenticated attackers to bypass authentication and impersonate any existing user on affected devices. The flaw, tracked as CVE-2025-52970 and dubbed “Fort-Majeure” by its discoverer, stems…
Chrome Security Update Fixes High-Severity Flaws Allowing Arbitrary Code Execution
Google has released a critical security update for its Chrome browser, addressing six security vulnerabilities, including three high-severity flaws that could potentially allow arbitrary code execution on affected systems. The stable channel update, version 139.0.7258.127/.128 for Windows and Mac, and…
Critical FortiSIEM Vulnerability Let Attackers to Execute Malicious Commands – PoC Found in Wild
A critical security vulnerability in the Fortinet FortiSIEM platform that allows unauthenticated attackers to execute arbitrary commands remotely. The vulnerability CVE-2025-25256, classified as CWE-78 (OS Command Injection), has been actively exploited in the wild with practical exploit code already circulating…
New Zero-Click NTLM Credential Leak Exploit Bypasses Microsoft Patch for CVE-2025-24054
Security researchers at Cymulate Research Labs have discovered a critical zero-click NTLM credential leakage vulnerability that successfully bypasses Microsoft’s security patch for CVE-2025-24054, demonstrating that the original fix was incomplete and leaving millions of Windows systems exposed to sophisticated attacks.…
Crypto-crasher Do Kwon admits guilt over failed not-so-stablecoin that erased $41 billion
Tells court ‘What I did was wrong and I want to apologize for my conduct’ Terraform Labs founder Do Kwon has pled guilty to committing fraud when promoting the so-called “stablecoin” Terra USD and now faces time in jail.… This…