The Chinese Advanced Persistent Threat (APT) group known as Salt Typhoon, also referred to as FamousSparrow, GhostEmperor, Earth Estries, and UNC2286, has been actively targeting critical sectors worldwide. This group has been particularly focused on telecommunications and government entities across…
CISA Alerts on Edimax IP Camera OS Command Injection Exploit
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical vulnerability found in Edimax IC-7100 IP cameras. The alert centers on an OS command injection vulnerability due to improper input sanitization, which allows malicious actors…
Babuk Ransomware Group Claims Attack on Telecommunication Firm Orange
The Babuk ransomware group has recently claimed responsibility for a sophisticated cyberattack on Orange, a leading global telecommunications company. According to an exclusive interview with SuspectFile.com, Babuk exploited a zero-day vulnerability in Orange’s systems to gain initial access to the…
Linux Kernel Out-of-bounds Write Vulnerability Let Attackers Escalate Privileges
A severe vulnerability in the Linux kernel has remained undetected for nearly two decades, allowing local users to gain root privileges on affected systems. Designated as CVE-2025-0927, this out-of-bounds write vulnerability in the Linux kernel’s HFS+ filesystem driver affects systems…
NCSC Sets 2035 Deadline for Post-Quantum Cryptography Migration
New NCSC guidance sets out a three-phase migration to post-quantum cryptography, designed to ensure all systems are protected from quantum attacks by 2035 This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Sets 2035 Deadline for Post-Quantum…
PA teachers union breach, Infosys settles lawsuit, Sperm bank data theft
Attackers swipe data from Pennsylvania teachers union Infosys settles $17.5M lawsuit after third-party breach Top U.S. sperm bank discloses data breach Thanks to this week episode sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and…
Berlin TXL: Ein neues Stück Stadt
Der alte Flughafen Tegel in Berlin hat nach seiner Schließung eine neue Bestimmung erhalten: Auf dem riesigen Areal entstehen die Urban Tech Republic, ein Forschungs- und Industriepark für urbane Technologien, sowie das Schumacher Quartier für mehr als 10.000 Menschen. Um…
Schwerwiegende Sicherheitslücken bedrohen Serverbetriebssystem IBM AIX
Angreifer können an zwei Sicherheitslücken in IBM AIX ansetzen, um Server zu kompromittieren. Außerdem gibt es Updates für IBM License Metric Tool v9. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Schwerwiegende Sicherheitslücken bedrohen Serverbetriebssystem…
Imperva Protects Against Apache Tomcat Deserialization Vulnerability
Overview A newly disclosed vulnerability, CVE-2025-24813, affecting Apache Tomcat, has been identified as a high-risk path equivalence vulnerability that allows attackers to manipulate filenames with internal dots (.) under specific conditions, leading to unauthorized file access, modification, and potential remote…
News alert: SpyCloud study shows Darknet identity exploitation arising to become a primary cyber risk
Austin, TX, Ma. 19, 2025, CyberNewswire — The average corporate user now has 146 stolen records linked to their identity, an average 12x increase from previous estimates, reflecting a surge in holistic identity exposures. SpyCloud, the leading identity threat ……
News alert: SecPod launches ‘Saner Cloud’ — CNAPP platform for real-time, automated security
Bengaluru, India, Mar. 19, 2025, CyberNewswire — SecPod, a global cybersecurity provider, has announced the General Availability of Saner Cloud, a Cloud-Native Application Protection Platform designed to provide automated remediation and workload security across multi-cloud environments. Unlike conventional security ……
News alert: Knocknoc raises seed funding to scale its just-in-time network access control technology
Sydney, Australia, Mar. 19, 2025, CyberNewswire — Sydney-based cybersecurity software company Knocknoc has raised a seed round from US-based venture capital firm Decibel Partners with support from CoAct and SomethingReal. The funding will support go-to-market, new staff, customer onboarding and…
IT Security News Hourly Summary 2025-03-20 09h : 7 posts
7 posts were published in the last hour 7:32 : CISA Warns of NAKIVO Backup Flaw Exploited in Attacks with PoC Released 7:32 : Kali Linux 2025.1a drops with theme refresh, Kali NetHunter updates 7:13 : FBI Wants You Not…
CISA Warns of NAKIVO Backup Flaw Exploited in Attacks with PoC Released
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a serious vulnerability in the NAKIVO Backup and Replication software, known as CVE-2024-48248. This vulnerability allows attackers to exploit an absolute path traversal flaw, enabling them to…
Kali Linux 2025.1a drops with theme refresh, Kali NetHunter updates
Kali Linux 2025.1a is now available. This release enhances existing features with improvements designed to streamline your experience. 2025 theme refresh Kali Linux 2025.1a introduces an annual theme refresh, maintaining a modern interface. This year’s update debuts a redesigned theme…
FBI Wants You Not to Fall for The Toll Road Smishing Scams
FBI has issued a public service announcement regarding the constantly increasing cases of toll road smishing scams. The Internet Crime Complaint Center (IC3) has received… The post FBI Wants You Not to Fall for The Toll Road Smishing Scams appeared…
SpyX Data Breach Exposes Personal Information of Nearly 2 Million Users
SpyX, a company known for developing spyware, has experienced a data breach that compromised the personal information of nearly 2 million users. As per a report posted by Have I been Pwned, the breach, which occurred on June 24, 2024,…
Critical Veeam Backup & Replication Vulnerability Allows Remote Execution of Malicious Code
A critical vulnerability in Veeam Backup & Replication software has been disclosed, posing a significant risk to users. This vulnerability, identified as CVE-2025-23120, allows remote code execution (RCE) by authenticated domain users. The severity of this issue is underscored by…
5 pitfalls that can delay cyber incident response and recovery
The responsibility of cyber incident response falls squarely on the shoulders of the CISO. And many CISOs invest heavily in technical response procedures, tabletop exercises and theoretical plans only to find out that when an actual breach strikes the organization…
CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a new campaign that targets the defense sectors with Dark Crystal RAT (aka DCRat). The campaign, detected earlier this month, has been found to target both employees of enterprises…
Kali Linux 2025.1a Released: New Tools and Desktop Environment Upgrades
Kali Linux, the renowned cybersecurity-focused Linux distribution, has just ushered in the new year with the release of Kali Linux 2025.1a. This update builds upon the existing features, offering myriad enhancements and improvements designed to give users a streamlined experience.…
Linux Kernel Vulnerability Allows Attackers to Escalate Privileges via Out-of-Bounds Write
A recently discovered vulnerability in the Linux kernel, identified as CVE-2025-0927, poses a significant threat to system security. This flaw, present in the HFS+ file system driver, allows attackers to exploit an out-of-bounds write condition, potentially leading to local privilege…
Chinese military-linked companies dominate US digital supply chain
Despite growing national security concerns and government restrictions, Chinese military-linked companies remain deeply embedded in the US digital supply chain, according to Bitsight. These organizations, many of which have been designated by the US Department of Defense as “Chinese Military…
How healthcare CISOs can balance security and accessibility without compromising care
In this Help Net Security interview, Sunil Seshadri, EVP and CSO at HealthEquity, talks about the growing risks to healthcare data and what organizations can do to stay ahead. He shares insights on vendor management, zero trust, and securing the…