The API testing firm took down a database exposed to the internet without a password. This article has been indexed from Security News | TechCrunch Read the original article: API testing firm APIsec exposed customer data during security lapse
Category: EN
Gen Z’s Rising Susceptibility to Social Engineering Attacks
Gen Z, or individuals born between 1997 and 2012, have certain types of lifestyles, upbringings and character traits that make them ideal for social engineering exploitation. The post Gen Z’s Rising Susceptibility to Social Engineering Attacks appeared first on Security…
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group called Water…
Elon Musk’s xAI Buys Social Media Platform X
Elon Musk sells social media platform X to his AI start-up xAI in a move to combine resources, share AI-fuelled market value with X investors This article has been indexed from Silicon UK Read the original article: Elon Musk’s xAI…
Announcing EFF’s New Exhibit on Border Surveillance and Accompanying Events
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> EFF has created a traveling exhibit, “Border Surveillance: Places, People, and Technology,” which will make its debut at the Angel Island Immigration Station historical site this spring.…
Check Point confirms breach, but says it was ‘old’ data and crook made ‘false’ claims
Explanation leaves a ‘lot of questions unanswered,’ says infosec researcher A digital burglar is claiming to have nabbed a trove of “highly sensitive” data from Check Point – something the American-Israeli security biz claims is a huge exaggeration.… This article…
20,000 WordPress Sites Affected by Arbitrary File Upload and Deletion Vulnerabilities in WP Ultimate CSV Importer WordPress Plugin
On March 5th, 2025, we received a submission for an Arbitrary File Upload and an Arbitrary File Deletion vulnerability in WP Ultimate CSV Importer, a WordPress plugin with more than 20,000 active installations. The arbitrary file upload vulnerability can be…
Technical Analysis Published for OpenSSH’s Agent Forwarding RCE Vulnerability
Security researchers have published a detailed technical analysis of a critical remote code execution (RCE) vulnerability (CVE-2023-38408) in OpenSSH’s agent forwarding feature that was disclosed in July 2023. The Qualys Threat Research Unit discovered the vulnerability, which affected all OpenSSH…
EFF Installs Border Technology Exhibit at Angel Island Immigration Station
Exhibit Encourages Visitors to Consider the Past and Present of U.S. Border Policy < div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> SAN FRANCISCO—The Electronic Frontier Foundation (EFF) has installed a photographic and informational exhibit on…
Analyzing open-source bootloaders: Finding vulnerabilities faster with AI
Using Microsoft Security Copilot to expedite the discovery process, Microsoft has uncovered several vulnerabilities in multiple open-source bootloaders impacting all operating systems relying on Unified Extensible Firmware Interface (UEFI) Secure Boot. Through a series of prompts, we identified and refined…
Zoom software leading to BlackSuit Ransomware drop on Windows
Zoom, the popular video conferencing software widely used by businesses across the globe for meetings and virtual collaboration, has recently made headlines—but not for the reasons you might expect. The company has found itself linked to an alarming rise in…
Developers Face a Challenge with Fake Hiring That Steals Private Data
Cyble threat intelligence researchers discovered a GitHub repository posing as a hiring coding challenge, tricking developers into downloading a backdoor that steals private data. The campaign employs a variety of novel approaches, including leveraging a social media profile for…
VanHelsing Ransomware Strikes Windows ARM and ESXi Platforms
As part of an ongoing analysis of ransomware-as-a-service operations, a new operation known as VanHelsing has been identified. This operation demonstrates a sophisticated multi-platform capability, posing a significant cybersecurity threat. This new strain of ransomware is designed to be…
Connor Moucka Extradited to U.S. for Snowflake Data Breaches Targeting 165 Companies
Connor Moucka, a Canadian citizen accused of orchestrating large-scale data breaches affecting 165 companies using Snowflake’s cloud storage services, has agreed to be extradited to the United States to face multiple federal charges. The breaches, which targeted high-profile companies…
New innovations in Microsoft Purview for protected, AI-ready data
Microsoft Purview delivers a comprehensive set of solutions that help customers seamlessly secure and confidently activate data in the era of AI. The post New innovations in Microsoft Purview for protected, AI-ready data appeared first on Microsoft Security Blog. This…
New Malware Variant RESURGE Exploits Ivanti Vulnerability
CISA recommends immediate action to address malware variant RESURGE exploiting Ivanti vulnerability CVE-2025-0282 This article has been indexed from www.infosecurity-magazine.com Read the original article: New Malware Variant RESURGE Exploits Ivanti Vulnerability
AWS WAF Classic vs WAFV2: Features and Migration Considerations
Amazon Web Services Web Application Firewall (AWS WAF) protects web programs against widespread vulnerabilities including SQL injection and cross-scriptability. Amazon Web Services WAFV2, a new WAF Classic service, introduces with it increased agility, elasticity, and operational efficiency. In this article,…
New Ubuntu Security Bypasses Allow Attackers to Exploit Kernel Vulnerabilities
Three critical bypasses in Ubuntu Linux’s unprivileged user namespace restrictions allow local attackers to escalate privileges and exploit kernel vulnerabilities. These bypasses affect Ubuntu 23.10 and 24.04 LTS systems, where AppArmor-based protections were introduced to limit namespace misuse. While not…
Multiple Dell Unity Vulnerabilities Let Attackers Compromise Affected System
Dell Technologies has released a critical security update addressing multiple severe vulnerabilities in its Unity enterprise storage systems that could allow attackers to execute arbitrary commands as root, delete critical system files, and perform other malicious activities without authentication. Security…
CrushFTP Vulnerability Exploited to Gain Full Server Access
A critical vulnerability (CVE-2025-2825) in CrushFTP, a widely used enterprise file transfer solution, allows attackers to bypass authentication and gain unauthorized server access. The vulnerability, which affects versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0, received a CVSS score of…