CISA Alerts on Actively Exploited CrushFTP Authentication Bypass Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively exploited vulnerability in CrushFTP, a popular file transfer server solution. Identified as CVE-2025-31161, the vulnerability allows attackers to bypass authentication, posing significant risks to organizations relying…

6 Reasons to Visit Check Point at RSAC 2025

The RSA Conference is where the cyber security world comes together, and this year, Check Point’s presence will be greatly felt. From breakthrough AI defenses to exclusive executive gatherings, we’re bringing innovation, insight, and hands-on experiences to the show floor.…

SAP Patches Critical Code Injection Vulnerabilities

SAP released 20 security notes on April 2025 patch day, including three addressing critical code injection and authentication bypass flaws. The post SAP Patches Critical Code Injection Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…

Malicious VS Code Extensions with Millions of Installs Put Developers at Risk

A sophisticated cryptomining campaign has been uncovered, targeting developers through malicious Visual Studio Code (VS Code) extensions. These extensions, masquerading as legitimate tools, have collectively accumulated over one million installations, exposing the scale of the attack. Researchers at ExtensionTotal detected…

Over 26,000 Dark Web Discussions Focused on Hacking Financial Organizations

Radware’s comprehensive research into the cybersecurity landscape has uncovered significant trends shaping the financial services industry’s vulnerabilities in 2024. The analysis, conducted across 46 deep-web hacker forums, identified over 26,000 threat actors’ discussions that revealed increasingly sophisticated cyberattack methods. The…

[UPDATE] [mittel] Apache Tomcat: Mehrere Schwachstellen

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache Tomcat ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen…