A security researcher identified as Remy disclosed a critical vulnerability discovered during a YesWeHack bug bounty engagement. The researcher uncovered exposed OAuth credentials that granted unrestricted access to sensitive user data, demonstrating how a seemingly minor misconfiguration can lead to…
Category: EN
Apache ActiveMQ Vulnerability Lets Remote Hackers Execute Arbitrary Code
A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered, enabling remote attackers to execute arbitrary code on unpatched systems. Tracked as CVE-2025-29953, this flaw carries a high CVSS score of 8.1 and impacts all versions of…
North Korea Stole Your Job
For years, North Korea has been secretly placing young IT workers inside Western companies. With AI, their schemes are now more devious—and effective—than ever. This article has been indexed from Security Latest Read the original article: North Korea Stole Your…
TehetségKapu – 54,357 breached accounts
In March 2025, almost 55k records were breached from the Hungarian education office website TehetségKapu. The data was subsequently published to a popular hacking forum and included email addresses, names and usernames. This article has been indexed from Have I…
SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models
SonicWall has revealed that two now-patched security flaws impacting its SMA100 Secure Mobile Access (SMA) appliances have been exploited in the wild. The vulnerabilities in question are listed below – CVE-2023-44221 (CVSS score: 7.2) – Improper neutralization of special elements…
Scattered Spider extradition, Telecom hack warnings, Impersonation scammer takedown
Alleged ‘Scattered Spider’ member extradited to U.S. Experts see little progress after major Chinese telecom hack Polish police take down impersonation scammers Thanks to today’s episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity…
Steganography Analysis With pngdump.py: Bitstreams, (Thu, May 1st)
A friend asked me if my pngdump.py tool can extract individual bits from an image (cfr. diary entry “Steganography Analysis With pngdump.py”). This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Steganography Analysis…
Tackling the No. 1 CISO budget item with a SIEM transformation
One of the most prevalent concerns for security leaders is cost – namely, how they can work within their budget and still keep their organization protected. Business leaders understand that security is important, but security leaders are still grappling with…
Preparing for the next wave of machine identity growth
Machine identities are multiplying fast, and many organizations are struggling to keep up. In this Help Net Security interview, Wendy Wu, CMO at SailPoint, explains why machine identity security matters, where most companies go wrong, how automation can help, and…
Why SMEs can no longer afford to ignore cyber risk
In this Help Net Security interview, Steven Furnell, Professor of Cyber Security at the University of Nottingham, illustrates how small and medium-sized businesses (SMEs) must reassess their risk exposure and prioritize resilience to safeguard their long-term growth and stability. Learn…
Cyber Attack on British Co-Operative Group
The Co-Operative Group, commonly known as Co-Op, has issued an official statement confirming that some of its systems were recently targeted in a cyber attack. The retailer, which operates in a variety of sectors including food retail, funeral services, and…
FBI Uncovers 42,000 Phishing Domains Tied to LabHost PhaaS Operation
The Federal Bureau of Investigation (FBI) has revealed the existence of 42,000 phishing domains associated with the notorious LabHost phishing-as-a-service (PhaaS) platform. This operation, which spanned from November 2021 through April 2024, was recently disabled by law enforcement and had…
Commvault Confirms Zero-Day Attack Breached Its Azure Cloud Environment
Commvault, a global leader in data protection and information management, has confirmed that a sophisticated cyberattack involving a zero-day vulnerability breached its Azure cloud environment earlier this week. The breach, attributed to a suspected nation-state threat actor, underscores the evolving…
SonicWall OS Command Injection Vulnerability Exploited in the Wild
SonicWall has issued an urgent warning to customers that threat actors are actively exploiting a high-severity command injection vulnerability in its Secure Mobile Access (SMA) appliances. The vulnerability, tracked as CVE-2023-44221, was initially disclosed in December 2023 but has recently…
Anthropic Report Sheds Light on Emerging Threats from Generative AI Misuse
The cybersecurity landscape faces unprecedented challenges as artificial intelligence systems become increasingly weaponized by malicious actors. A groundbreaking report released on April 24, 2025, by Anthropic titled “Detecting and Countering Malicious Uses of Claude: March 2025” has revealed concerning patterns…
Hijacking NodeJS’ Jenkins Agents For Remote Code Execution
Security researchers recently uncovered a critical vulnerability in Node.js’s continuous integration infrastructure that allowed attackers to execute malicious code on internal Jenkins agents, potentially leading to a devastating supply chain attack. When multiple DevOps platforms work together to execute pipelines…
Hottest cybersecurity open-source tools of the month: April 2025
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. GoSearch: Open-source OSINT tool for uncovering digital footprints GoSearch is an open-source OSINT tool built to uncover digital footprints linked to specific…
Tor Browser 14.5.1 Released with Enhanced Security and New Features
The Tor Project has announced the official release of Tor Browser 14.5.1, introducing a host of security improvements and new features designed to bolster privacy and ease of use for millions around the globe. The new version is now available…
Top solutions to watch after RSAC 2025
RSAC 2025 showcased a wave of innovation, with vendors unveiling technologies poised to redefine cybersecurity. From AI-powered defense to breakthroughs in identity protection, this year’s conference delivered a glimpse into the future. Here are the most interesting products that caught…
AI and GPUs Make Your Passwords Easier to Crack: A Study
How AI and GPUs are revolutionizing password cracking. Learn how to safeguard your passwords with effective strategies. Read more! The post AI and GPUs Make Your Passwords Easier to Crack: A Study appeared first on Security Boulevard. This article has…