APIs power today’s digital economy—connecting customers, partners, and internal services at breakneck speed. But with that agility comes risk: in 2024 alone, API vulnerabilities cost organizations a staggering $2.5 billion in remediation, fines, and lost revenue. As APIs proliferate, traditional…
KnowBe4 refreshes brand after 15 years
KnowBe4, the cybersecurity platform that comprehensively addresses human risk management (HRM), today unveiled a bold new brand with what it claims to be “an innovative new vision for the future of the company.” The refreshed identity reflects KnowBe4’s leadership in…
Critical FortiSIEM Vulnerability Lets Attackers Execute Malicious Commands – PoC Found in the Wild
A critical security vulnerability in the Fortinet FortiSIEM platform allows unauthenticated attackers to execute arbitrary commands remotely. The vulnerability CVE-2025-25256, classified as CWE-78 (OS Command Injection), has been actively exploited in the wild with practical exploit code already circulating among…
Multiple Chrome High-Severity Vulnerabilities Let Attackers Execute Arbitrary Code
Google Chrome has released a critical security update addressing six vulnerabilities that could potentially enable arbitrary code execution on affected systems. The stable channel update to version 139.0.7258.127/.128 for Windows and Mac, and 139.0.7258.127 for Linux, contains patches for multiple…
ICS Patch Tuesday: Major Vendors Address Code Execution Vulnerabilities
August 2025 ICS Patch Tuesday advisories have been published by Siemens, Schneider, Aveva, Honeywell, ABB and Phoenix Contact. The post ICS Patch Tuesday: Major Vendors Address Code Execution Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Ransomware crew spills Saint Paul’s 43GB of secrets after city refuses to cough up cash
Minnesota’s capital is the latest to feature on Interlock’s leak blog after late-July cyberattack The Interlock ransomware gang has flaunted a 43GB haul of files allegedly stolen from the city of Saint Paul, following a late-July cyberattack that forced the…
AWS CISO explains how cloud-native security scales with your business
In this Help Net Security interview, Amy Herzog, CISO at AWS, discusses how cloud-native security enables scalable, flexible protection that aligns with how teams build in the cloud. She explains the Shared Responsibility Model and the tools and processes that…
Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics
Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East’s public sector and aviation industry. The threat actor behind the activity, according to Trend Micro, exhibited tactics mirroring those…
Urgent Vulnerabilities: Patching Exchange, Citrix, and Fortinet
In this episode of Cybersecurity Today, host David Shipley covers critical security updates and vulnerabilities affecting Microsoft Exchange, Citrix NetScaler, and Fortinet SSL VPNs. With over 29,000 unpatched Exchange servers posing a risk for admin escalation and potential full domain…
Critical FortiSIEM Vulnerability Allows Attackers to Execute Malicious Commands, PoC Found in the Wild
Security researchers have discovered a critical vulnerability in Fortinet’s FortiSIEM platform that enables remote attackers to execute unauthorized commands without authentication. The flaw, tracked as CVE-2025-25256, has achieved a maximum CVSS score of 9.8 and poses an immediate threat to…
FortiWeb Authentication Bypass Vulnerability Allows Logins as Any Existing User
A critical security vulnerability in Fortinet’s FortiWeb web application firewall has been discovered that allows unauthenticated attackers to bypass authentication and impersonate any existing user on affected devices. The flaw, tracked as CVE-2025-52970 and dubbed “Fort-Majeure” by its discoverer, stems…
Chrome Security Update Fixes High-Severity Flaws Allowing Arbitrary Code Execution
Google has released a critical security update for its Chrome browser, addressing six security vulnerabilities, including three high-severity flaws that could potentially allow arbitrary code execution on affected systems. The stable channel update, version 139.0.7258.127/.128 for Windows and Mac, and…
Critical FortiSIEM Vulnerability Let Attackers to Execute Malicious Commands – PoC Found in Wild
A critical security vulnerability in the Fortinet FortiSIEM platform that allows unauthenticated attackers to execute arbitrary commands remotely. The vulnerability CVE-2025-25256, classified as CWE-78 (OS Command Injection), has been actively exploited in the wild with practical exploit code already circulating…
New Zero-Click NTLM Credential Leak Exploit Bypasses Microsoft Patch for CVE-2025-24054
Security researchers at Cymulate Research Labs have discovered a critical zero-click NTLM credential leakage vulnerability that successfully bypasses Microsoft’s security patch for CVE-2025-24054, demonstrating that the original fix was incomplete and leaving millions of Windows systems exposed to sophisticated attacks.…
Crypto-crasher Do Kwon admits guilt over failed not-so-stablecoin that erased $41 billion
Tells court ‘What I did was wrong and I want to apologize for my conduct’ Terraform Labs founder Do Kwon has pled guilty to committing fraud when promoting the so-called “stablecoin” Terra USD and now faces time in jail.… This…
Product showcase: Apricorn Aegis NVX, a high-security, portable SSD
The Apricorn Aegis NVX is a hardware-based 256-Bit AES XTS external SSD drive with integrated USB-C cable. Its storage capacities range from 500GB to 2TB. The device is OS free and cross-platform compatible. Design and build The drive comes with…
IT Security News Hourly Summary 2025-08-13 06h : 1 posts
1 posts were published in the last hour 4:3 : Microsoft Patches Over 100 Vulnerabilities
Microsoft Teams RCE Flaw Allows Hackers to Read, Modify, and Delete Messages
Microsoft has disclosed a critical remote code execution vulnerability in Microsoft Teams that could allow attackers to execute malicious code and potentially access, modify, or delete user messages. The vulnerability, tracked as CVE-2025-53783, was published on August 12, 2025, and…
Adobe Patches Over 60 Vulnerabilities Across 13 Products
Adobe’s security updates fix vulnerabilities in Commerce, Substance, InDesign, FrameMaker, Dimension and other products. The post Adobe Patches Over 60 Vulnerabilities Across 13 Products appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Adobe…
How to build and grow a scalable vCISO practice as an MSP
The cybersecurity needs of small and midsize businesses have reached a critical point. Compliance mandates, increasing ransomware attacks, and cyber insurance requirements are driving demand for expert guidance. Yet, hiring a full-time Chief Information Security Officer (CISO) remains out of…
How Protected Are Your Secrets in the Cloud?
Are Your Machine Identities and Secrets Secure in a Cloud Environment? Security is paramount. With the advent of cloud technology takes hold, businesses are forced to navigate a complex web of cybersecurity risks. But what happens when these risks extend…
Feel Reassured with Advanced NHI Lifecycle Management
Why does NHI Lifecycle Management matter? Have you ever considered how secure your cloud operating environment is? Or perhaps you’ve pondered the safety of your organization’s sensitive data located in the cloud. With the rise in digital transformation and cloud…
Are Your Cloud APIs Safe from Identity Breaches?
Managing Non-Human Identities: An Essential Element in Cloud Security? Why is the security of Non-Human Identities (NHIs) emerging as a vital component in cybersecurity? With enterprises increasingly adopt cloud technologies, the responsibility of securing machine identities and the secrets they…
CISOs face a complex tangle of tools, threats, and AI uncertainty
Most organizations are juggling too many tools, struggling with security blind spots, and rushing into AI adoption without governance, according to JumpCloud. he average organization now uses more than nine tools to manage core IT functions. That is fueling a…