DefectDojo launched risk-based prioritization capabilities for DefectDojo Pro. This new feature enables application and infrastructure security teams to prioritize vulnerabilities based on real-world risk—not just severity scores—using a range of factors including exploitability, reachability, revenue impact, potential compliance penalties, user…
Category: EN
Scattered Spider Launches Supply Chain Attacks on UK Retail Organizations
Scattered Spider, also known as Roasting 0ktapus and Scatter Swine, has emerged as a formidable threat actor targeting UK retail organizations. Active since May 2022, this financially motivated group has historically focused on telecommunications and business process outsourcing (BPO) sectors…
F5 BIG-IP Vulnerability Allows Remote Command Execution
Critical security vulnerability in F5 BIG-IP systems has been discovered that allows authenticated administrators to execute arbitrary system commands, effectively bypassing security boundaries. Identified as CVE-2025-31644, the command injection flaw affects multiple versions of BIG-IP running in Appliance mode. Security…
Four Hackers Caught Exploiting Old Routers as Proxy Servers
U.S. authorities unsealed charges against four foreign nationals accused of operating a global cybercrime scheme that hijacked outdated wireless routers to create malicious proxy networks. Russian nationals Alexey Viktorovich Chertkov (37), Kirill Vladimirovich Morozov (41), Aleksandr Aleksandrovich Shishkin (36), and…
Moldovan Police arrested a 45-year-old foreign man participating in ransomware attacks on Dutch companies
A 45-year-old foreign man has been arrested in Moldova for allegedly participating in ransomware attacks on Dutch companies in 2021. Moldovan police arrested a 45-year-old foreign man as a result of a joint international operation involving Moldovan and Dutch authorities.…
Advancing Cybersecurity in Australia
Palo Alto Networks Prisma Access Browser Achieves IRAP Assessment Government organisations and critical infrastructure entities are the custodians of some of the most important and sensitive data in the world. This data … The post Advancing Cybersecurity in Australia appeared…
AI Agents: Transformative or Turbulent?
Described as revolutionary and disruptive, AI agents are the new cornerstone of innovation in 2025. But as with any technology standing on the cutting edge, this evolution isn’t without its trade-offs. Will this new blend of intelligence and autonomy really…
SAP Patches Another Critical NetWeaver Vulnerability
SAP has released 16 new security notes on its May 2025 Security Patch Day, including a note dealing with another critical NetWeaver vulnerability. The post SAP Patches Another Critical NetWeaver Vulnerability appeared first on SecurityWeek. This article has been indexed…
Marks & Spencer confirms customers’ personal data was stolen in hack
A ransomware gang reportedly took credit for the data breach. This article has been indexed from Security News | TechCrunch Read the original article: Marks & Spencer confirms customers’ personal data was stolen in hack
Top 5 Takeaways from RSAC 2025: INE Security Alert
Comprehensive Training Platform Delivers Solutions for AI Security, Cloud Management, and Incident Response Readiness. Fresh from a high-impact presence at RSAC 2025, where INE Security welcomed thousands of visitors to its interactive booth at San Francisco’s Moscone Center, the global cybersecurity training…
Researchers Uncovered North Korean Nationals Remote IT Worker Fraud Scheme
In a significant cybersecurity investigation, researchers have revealed an elaborate fraud scheme orchestrated by North Korean nationals who used stolen identities to secure remote IT positions at US-based companies and nonprofits. According to a December 2024 US indictment, fourteen North…
SAP May 2025 Patch Tuesday – Patch for Actively Exploited 0-Day & 15 Vulnerabilities
SAP’s May 2025 Security Patch Day includes an urgent update to the previously released emergency patch for a critical zero-day vulnerability (CVE-2025-31324) that continues to see active exploitation across multiple industries globally. The release includes 16 new Security Notes and…
North Korean Hackers Leveraging Academic Forum Invitation & Dropbox to Deliver Malware
In March 2025, a sophisticated spear phishing campaign attributed to the North Korean state-sponsored hacking group APT37 has been targeting activists focused on North Korean affairs. The attackers crafted convincing emails disguised as invitations to academic forums from a South…
Radware Says Recently Disclosed WAF Bypasses Were Patched in 2023
The Radware Cloud WAF product vulnerabilities disclosed by CERT/CC were addressed two years ago. The post Radware Says Recently Disclosed WAF Bypasses Were Patched in 2023 appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Hackers Abuse PyInstaller to Deploy Stealthy macOS Infostealer
Jamf Threat Labs has identified a novel macOS infostealer that exploits PyInstaller, a legitimate open-source tool used to bundle Python scripts into standalone Mach-O executables. This marks the first documented instance of PyInstaller being weaponized to deploy infostealers on macOS,…
Court Rules Against NSO Group
The case is over: A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a software vulnerability that hijacked the phones of thousands of users. I’m sure it’ll…
Marks & Spencer Says Data Stolen in Ransomware Attack
Marks & Spencer has confirmed that personal information was stolen in a recent cyberattack claimed by a ransomware group. The post Marks & Spencer Says Data Stolen in Ransomware Attack appeared first on SecurityWeek. This article has been indexed from…
CISO Survey Surfaces Shift in Application Security Responsibilities
A global survey of 200 CISOs suggests responsibility for application security is shifting more toward the teams building and deploying software. The post CISO Survey Surfaces Shift in Application Security Responsibilities appeared first on Security Boulevard. This article has been…
North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress
The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor’s targeting beyond Russia. Enterprise security firm Proofpoint said the end goal of the campaign is…
Deepfake Defense in the Age of AI
The cybersecurity landscape has been dramatically reshaped by the advent of generative AI. Attackers now leverage large language models (LLMs) to impersonate trusted individuals and automate these social engineering tactics at scale. Let’s review the status of these rising attacks,…