UK government minister Pat McFadden said during CYBERUK that the incidents affecting M&S, Co-op and Harrods show that cybersecurity is a necessity This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Government Warns Retail Attacks Must Serve…
Category: EN
Mirai Botnet Actively Targeting GeoVision IoT Devices for Command Injection Exploits
The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of command injection vulnerabilities in discontinued GeoVision Internet of Things (IoT) devices. The vulnerabilities, tracked as CVE-2024-6047 and CVE-2024-11120, were initially disclosed in June and November 2024, respectively,…
NSO Group must pay WhatsApp over $167M in damages for attacks on its users
NSO Group must pay WhatsApp over $167M in damages for a 2019 hack targeting 1,400+ users, per U.S. jury ruling after a five-year legal battle. A U.S. jury ordered NSO Group to pay WhatsApp over $167M for using Pegasus spyware…
Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day
At least two ransomware groups exploited the Windows zero-day CVE-2025-29824 before it was patched by Microsoft. The post Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Actively exploited FreeType flaw fixed in Android (CVE-2025-27363)
Google has released fixes for a bucketload of Android security vulnerabilities, including a FreeType flaw (CVE-2025-27363) that “may be under limited, targeted exploitation.” About CVE-2025-27363 CVE-2025-27363 is an out of bounds write vulnerability in FreeType, an open-source software library that…
Second OttoKit Vulnerability Exploited to Hack WordPress Sites
Threat actors are targeting a critical-severity vulnerability in the OttoKit WordPress plugin to gain administrative privileges. The post Second OttoKit Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Talent Shortages Bite as 80% of UK Firms Hit with AI Threats
Half of UK firms have over 10 cyber positions unfilled, according to Cisco This article has been indexed from www.infosecurity-magazine.com Read the original article: Talent Shortages Bite as 80% of UK Firms Hit with AI Threats
Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal
During our monitoring of Agenda ransomware activities, we uncovered campaigns that made use of the SmokeLoader malware and a new loader we’ve named NETXLOADER. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article:…
IBM Cognos Analytics Security Vulnerability Allowed Unauthorized File Uploads
IBM has issued a security bulletin addressing two newly discovered, high-severity vulnerabilities in its Cognos Analytics platform. These flaws, tracked as CVE-2024-40695 (Malicious File Upload) and CVE-2024-51466 (Expression Language Injection), potentially expose enterprise systems to unauthorized file uploads and the risk of sensitive data…
Chrome Security Patch Addresses WebAudio Vulnerability Allowing Code Execution
Google has released a critical security update for Chrome, addressing a vulnerability that could allow attackers to execute malicious code through the browser’s WebAudio component. According to an announcement published on Tuesday, May 6, 2025, the stable channel has been…
Mirai Botnet Actively Exploiting GeoVision IoT Devices Command Injection Vulnerabilities
The cybersecurity landscape has once again been disrupted by the resurgence of the notorious Mirai botnet, which has been actively exploiting command injection vulnerabilities in discontinued GeoVision Internet of Things (IoT) devices. This latest campaign leverages two critical vulnerabilities-CVE-2024-6047 and…
160-Year-Old Haulage Firm Folds Following Cyber-Attack: Director Sounds Alarm
A devastating ransomware attack has forced Knights of Old, a 160-year-old haulage firm based in Kettering, Northamptonshire, into administration, resulting in 730 job losses and prompting a stark warning from its director to other businesses. Paul Abbott, who served on…
Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that masquerades as a seemingly harmless Discord-related utility but incorporates a remote access trojan. The package in question is discordpydebug, which was uploaded to PyPI on…
Critical AWS Amplify Studio Flaw Allowed Attackers to Execute Arbitrary Code
Amazon Web Services (AWS) has addressed a critical security flaw (CVE-2025-4318) in its AWS Amplify Studio platform, which could have allowed authenticated attackers to execute malicious JavaScript code during component rendering. The vulnerability, publicly disclosed on May 5, 2025, affects the amplify-codegen-ui package, a…
Essential Cybersecurity Controls (ECC-1:2018) – A Comprehensive Guide
Cybersecurity threats continue to evolve, posing very real risks to organizations, and nowhere is this risk more pronounced than in entities that handle a nation’s critical infrastructure, as these attacks put public health and safety at risk, harm the environment,…
US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations
The US government warns of threat actors targeting ICS/SCADA systems at oil and natural gas organizations. The post US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Blue Shield health data of nearly 5 million Californians leaked to Google
Last month, Blue Shield of California began notifying its customers that the health data of approximately 4.7 million patients had been leaked to Google. The… The post Blue Shield health data of nearly 5 million Californians leaked to Google appeared…
U.S. CISA adds FreeType flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FreeType flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a FreeType flaw, tracked as CVE-2025-27363 (CVSS score of 8.1), to its Known Exploited Vulnerabilities (KEV) catalog.…
MIWIC25: Kiranjit Kaur Shergill, Developer at Barclays
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024’s Top 20 women selected…
Severe Kibana Flaw Allowed Attackers to Run Arbitrary Code
A newly disclosed security vulnerability in Elastic’s Kibana platform has put thousands of businesses at risk, with attackers able to execute arbitrary code on vulnerable systems. The flaw, identified as CVE-2025-25014, carries a critical CVSS score of 9.1, underscoring the urgency for…