Security researchers have uncovered a critical SQL injection vulnerability (CVE-2025-26794) in Exim, the widely-used mail transfer agent (MTA) that powers over 60% of internet mail servers. The flaw enables authenticated attackers to execute arbitrary SQL commands through specially crafted ETRN…
10 Best DevOps Tools in 2025
The term “DevOps” is a combination of the words “development” and “operations.” Promoting the development and operation processes collectively is a cultural requirement. A single team can now manage the entire application lifecycle, including development, testing, deployment, and operations. System…
UniFi Protect Camera Vulnerability Allows Remote Code Execution Attacks
Ubiquiti Networks has issued an urgent security advisory addressing five critical vulnerabilities in its UniFi Protect camera ecosystem, including two flaws enabling unauthenticated remote code execution (RCE) attacks. The vulnerabilities, discovered during the 2025 Pwn2Own Toronto hacking competition and disclosed…
Parallels Desktop 0-Day Exploit Enables Root Privileges – PoC Released
A critical zero-day vulnerability in Parallels Desktop virtualization software has been publicly disclosed after seven months of unresolved reporting, enabling attackers to escalate privileges to the root level on macOS systems. The proof-of-concept (PoC) exploit code demonstrates two distinct bypass…
Cisco Confirms Salt Typhoon Exploitation in Telecom Hits
Cisco Talos has been actively tracking reports of extensive intrusion attempts targeting multiple major U.S. telecommunications companies. First identified in late 2024 and subsequently confirmed by the US government, this activity is attributed to a highly advanced threat actor known…
Exim Mail Transfer Vulnerability Allows Attackers to Inject Malicious SQL
A newly disclosed vulnerability in the Exim mail transfer agent (CVE-2025-26794) has sent shockwaves through the cybersecurity community, revealing a critical SQL injection flaw that enables attackers to compromise email systems and manipulate underlying databases. The vulnerability, confirmed in Exim…
Cybercrooks Exploit URL Manipulation in Sophisticated Phishing Scam
In a newly seen phishing campaign, malicious actors have exploited URL manipulation techniques to obfuscate their malicious links, compromising businesses and individuals worldwide. Check Point researchers identified a whopping 200,000 phishing emails abusing URL information to hide phishing links, with…
Man vs. machine: Striking the perfect balance in threat intelligence
In this Help Net Security interview, Aaron Roberts, Director at Perspective Intelligence, discusses how automation is reshaping threat intelligence. He explains that while AI tools can process massive data sets, the nuanced judgment of experienced analysts remains critical. Roberts also…
US Satellites enabled with AI Tech to make them immune to Cyber Attacks
China has emerged as one of the primary geopolitical and technological adversaries of the United States, a fact widely acknowledged on the global stage. In its pursuit of dominance, China continuously competes with the West, with the satellite sector being…
How Password Managers Enhance Security in Corporate Networks
In the digital age, corporate networks face an ever-growing number of cybersecurity threats, making password management a critical component of an organization’s security strategy. Password managers serve as essential tools for improving security, streamlining access control, and reducing the risks…
Biggest Crypto Hack in History – Hackers Stolen $1.46 Billion Worth Crypto From Bybit
In what has become the largest cryptocurrency theft in history, hackers infiltrated Bybit’s Ethereum cold wallet on February 21, 2025, siphoning approximately 401,346 ETH valued at $1.46 billion. The breach, attributed to North Korea’s Lazarus Group, exploited vulnerabilities in Bybit’s…
PoC Exploit Released for F5 BIG-IP Command Injection Vulnerability
Security researchers have disclosed critical details about CVE-2025-20029, a command injection vulnerability in F5’s BIG-IP Traffic Management Shell (TMSH) command-line interface. The flaw enables authenticated attackers with low privileges to bypass security restrictions, execute arbitrary commands, and gain root-level access to vulnerable systems.…
Why AI deployment requires a new level of governance
In this Help Net Security video, Lee Waskevich, VP of Security at ePlus, discusses how AI deployment demands enhanced governance and stricter controls, particularly in managing data. The recent ePlus AI Readiness survey revealed that the top data concerns among…
Misconfig Mapper: Open-source tool to uncover security misconfigurations
Misconfig Mapper is an open-source CLI tool built in Golang that discovers and enumerates instances of services used within your organization. It performs large-scale detection and misconfiguration assessments, leveraging customizable templates with detection and misconfiguration fingerprints to identify potential security…
Google Introduces Quantum-Safe Digital Signatures in Cloud KMS
Google Cloud has unveiled a critical cybersecurity upgrade: quantum-safe digital signatures via its Key Management Service (Cloud KMS), now available in preview. This move aligns with the National Institute of Standards and Technology’s (NIST) 2024 post-quantum cryptography (PQC) standards, offering developers tools…
Cutting Through the Noise: Smart Deduplication for Stronger Cybersecurity
2025 promises to be a big year in cybersecurity—for all the wrong reasons. While many are familiar with the projection that cybercrime will cost $10.5 trillion, Forrester’s updated report projects the costs will likely be closer to $12 trillion. To…
Bybit Confirms Record-Breaking $1.5 Billion Crypto Heist in Sophisticated Cold Wallet Attack
Cryptocurrency exchange Bybit on Friday revealed that a “sophisticated” attack led to the theft of over $1.5 billion worth of cryptocurrency from one of its Ethereum cold (offline) wallets, making it the largest ever single crypto heist in history. “The…
Rather than add a backdoor, Apple decides to kill iCloud E2EE for UK peeps
PLUS: SEC launches new crypto crime unit; Phishing toolkit upgraded; and more Infosec in brief Apple has responded to the UK government’s demand for access to its customers’ data stored in iCloud by deciding to turn off its Advanced Data…
Record Breaking Crypto Hack – Attackers Stolen $1.46 Billion From Bybit Exchange
Attackers infiltrated Bybit Exchange’s Ethereum cold wallet infrastructure to steal $1.46 billion in digital assets through sophisticated interface manipulation and social engineering tactics. The incident represents the largest theft from a centralized crypto exchange since Mt. Gox’s 2014 collapse, exposing…
IT Security News Hourly Summary 2025-02-24 03h : 2 posts
2 posts were published in the last hour 2:4 : ISC Stormcast For Monday, February 24th, 2025 https://isc.sans.edu/podcastdetail/9336, (Mon, Feb 24th) 1:32 : The best travel VPNs of 2025: Expert tested and reviewed
ISC Stormcast For Monday, February 24th, 2025 https://isc.sans.edu/podcastdetail/9336, (Mon, Feb 24th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, February 24th, 2025…
The best travel VPNs of 2025: Expert tested and reviewed
You should use a VPN whenever you travel. These are the best VPNs for use on the road based on their networks, security, and speed. This article has been indexed from Latest stories for ZDNET in Security Read the original…
Confluence Exploit Leads to LockBit Ransomware
Key Takeaways Case Summary The intrusion started with the exploitation of CVE-2023-22527, a critical remote code execution vulnerability in Confluence, against a Windows server. The first indication of threat actor … Read More This article has been indexed from The…
Trump 2.0 Brings Cuts to Cyber, Consumer Protections
One month into his second term, President Trump’s actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling…