A cryptojacking campaign is targeting exposed DevOps servers like Docker and Gitea to secretly mine cryptocurrency. Wiz researchers uncovered a cryptojacking campaign, tracked as JINX-0132, targeting exposed DevOps applications like Nomad, Consul, Docker, Gitea to secretly mine cryptocurrency. Threat actors behind the…
Category: EN
Multiple HPE StoreOnce Vulnerabilities Let Attackers Execute Malicious Code Remotely
Multiple security vulnerabilities in Hewlett-Packard Enterprise (HPE) StoreOnce software platform that could allow remote attackers to execute malicious code, bypass authentication mechanisms, and access sensitive enterprise data. The vulnerabilities affect HPE StoreOnce VSA versions prior to 4.3.11 and present significant…
Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion
Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping. “By mapping where our knowledge of these actors align, we will provide security professionals with…
Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues
Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing “patterns of concerning behavior observed over the past year.” The changes are expected to be introduced in Chrome 139, which is scheduled…
Navigating DORA: How Sekoia.io can support your compliance journey
As the cyber threat landscape evolves and the digital landscape changes, regulatory frameworks continue to emerge, aiming to bolster the security posture of organisations, particularly in the financial sector. One such regulation is the Digital Operational Resilience Act (DORA), effective…
Nvidia ‘Plans’ Cluster Capabilities For Blackwell China Chip
Nvidia’s upcoming Blackwell-based B30 for China market planned to allow high-performance clustering even as it downgrades performance This article has been indexed from Silicon UK Read the original article: Nvidia ‘Plans’ Cluster Capabilities For Blackwell China Chip
SolarWinds Dameware Vulnerability Could Let Attackers Gain Elevated Privileges
June 3, 2025 – SolarWinds Worldwide, LLC has announced the release of Dameware 12.3.2, a critical service update focused on bug fixes, security enhancements, and library upgrades. The release, dated June 2, 2025, addresses several technical issues reported by users…
MS and CrowdStrike partner, Qualcomm bugs exploited, new CISA cut details
Microsoft and CrowdStrike partner to link threat actor names Qualcomm sees Adreno bugs under active exploitation New details on proposed CISA cuts Huge thanks to our sponsor, Conveyor Does trying to get the security questionnaire done and back to your…
Splunk Enterprise XSS Vulnerability Let Attackers Execute Unauthorized JavaScript Code
A significant security vulnerability in the Splunk Enterprise platform could allow low-privileged attackers to execute unauthorized JavaScript code through a reflected Cross-Site Scripting (XSS) flaw. The vulnerability, tracked as CVE-2025-20297, affects multiple versions of Splunk Enterprise and Splunk Cloud Platform,…
Hackers Exploit AI Tools Misconfiguration To Run Malicious AI-generated Payloads
Cybercriminals are increasingly leveraging misconfigured artificial intelligence tools to execute sophisticated attacks that generate and deploy malicious payloads automatically, marking a concerning evolution in threat actor capabilities. This emerging attack vector combines traditional configuration vulnerabilities with the power of AI-driven…
#Infosec2025: Half of Firms Suffer Two Supply Chain Incidents in Past Year
Risk Ledger found that 90% of UK professionals view supply chain cyber incidents as a top concern for 2025 This article has been indexed from www.infosecurity-magazine.com Read the original article: #Infosec2025: Half of Firms Suffer Two Supply Chain Incidents in…
Critical HPE StoreOnce Flaws Allow Remote Code Execution by Attackers
Hewlett-Packard Enterprise (HPE) has issued a critical security bulletin (HPESBST04847 rev. 1) warning users of multiple high-impact vulnerabilities in its StoreOnce Software, specifically affecting versions before 4.3.11. The vulnerabilities, if exploited, could allow attackers to bypass authentication, execute arbitrary code…
Cartier Data Breach: Luxury Retailer Warns Customers That Personal Data Was Exposed
Luxury brand Cartier disclosed a data breach in which an unauthorized party gained access to its systems and obtained some client information. The post Cartier Data Breach: Luxury Retailer Warns Customers That Personal Data Was Exposed appeared first on SecurityWeek.…
How global collaboration is hitting cybercriminals where it hurts
In this Help Net Security interview, William Lyne, Deputy Director of UK’s National Crime Agency, discusses the cybercrime ecosystem and the threats it enables. He explains how cybercrime is becoming more accessible and fragmented. Lyne also talks about key trends,…
ColoCrossing – 7,183 breached accounts
In May 2025, hosting provider ColoCrossing identified a data breach that impacted customers of their ColoCloud virtual server product. ColoCrossing advised the incident was isolated to their cloud/VPS platform and stemmed from a single sign-on vulnerability. 7k email addresses were…
Bankers Association’s attack on cybersecurity transparency
A coalition of banking industry associations, including SIFA, the American Bankers Association (ABA), Bank Policy Institute (BPI), and several other lobbying groups have made a disgraceful appeal to the SEC to eliminate the rule requiring public disclosure of material cybersecurity…
Vet: Open-source software supply chain security tool
Vet is an open source tool designed to help developers and security engineers spot risks in their software supply chains. It goes beyond traditional software composition analysis by detecting known vulnerabilities and flagging malicious packages. Vet supports several ecosystems, including…
Development vs. security: The friction threatening your code
Developers are driven to deliver new features quickly, while security teams prioritize risk mitigation, which often puts the two at odds. 61% of developers said that it’s critical that security doesn’t block or decelerate the development process or become a…
New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch
Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild. The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged…
The hidden identity challenges of deploying AI agents across hybrid environments
As AI agents rapidly move from proof-of-concept to production, enterprises are running headfirst into a new set of challenges — ones that traditional identity and access management (IAM) systems simply weren’t built to solve. These agents don’t live in a…