Cybersecurity researchers have uncovered a dangerous new exploitation technique, dubbed the “SonicBoom Attack Chain,” which allows hackers to bypass authentication and seize administrative control over SonicWall Secure Mobile Access (SMA) appliances. This attack leverages a combination of recently disclosed vulnerabilities,…
Sansec uncovered a supply chain attack via 21 backdoored Magento extensions
Supply chain attack via 21 backdoored Magento extensions hit 500–1,000 e-stores, including a $40B multinational. Sansec researchers reported that multiple vendors were hacked in a coordinated supply chain attack, the experts discovered that a backdoor was hidden in 21 applications.…
TikTok Fined $600 Million for China Data Transfers That Broke EU Privacy Rules
EU privacy watchdog fined TikTok $600 million after a four-year investigation found that data transfers to China put users at risk of spying, in breach of strict EU data privacy rules. The post TikTok Fined $600 Million for China Data…
Why EASM Projects Fail: Three Pitfalls to Avoid
If you avoid the pitfalls detailed in this article, then EASM can provide a great defense against two-thirds of your breach problem. The post Why EASM Projects Fail: Three Pitfalls to Avoid appeared first on Security Boulevard. This article has…
Apache Parquet Java Vulnerability Enables Remote Code Execution
A high-severity vulnerability (CVE-2025-46762) has been discovered in Apache Parquet Java, exposing systems using the parquet-avro module to remote code execution (RCE) attacks. The flaw, disclosed by Apache Parquet contributor Gang Wu on May 2, 2025, impacts versions up to…
Trump promises protection for TikTok, for which he has a ‘warm spot in my heart’
Hails DOGE operatives for computer skills during interview in which he also flubbed some tech investment figures US President Donald Trump has said TikTok will be “very strongly protected” as the made-in-China social network has “a warm spot in my…
Beyond Traditional Vendor Management: Navigating AI Risks in the Supply Chain
There are many ways in which AI is increasing risk, extending beyond third parties to affect all aspects of our security programs. The post Beyond Traditional Vendor Management: Navigating AI Risks in the Supply Chain appeared first on Security Boulevard.…
Are You Too Reliant on Third-Party Vendors for Cybersecurity?
Protecting client data and company secrets requires vendor help and an expert IT team to monitor databases. The post Are You Too Reliant on Third-Party Vendors for Cybersecurity? appeared first on Security Boulevard. This article has been indexed from Security…
Microsoft Authenticator passkeys, StealC malware upgraded, CISA budget slashed
Microsoft ends Authenticator password autofill in favor of Edge StealC malware enhanced with stealth upgrades and data theft White House proposes cutting $491M from CISA budget Thanks to today’s episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust…
14 Years Strong: A Heartfelt Thank You from Hackers Online Club!
Hey HOC Community, Wow, can you believe it? Hackers Online Club has just completed its 14th year! That’s… The post 14 Years Strong: A Heartfelt Thank You from Hackers Online Club! appeared first on Hackers Online Club. This article has…
Microsoft to Block Emails With 550 5.7.15 Access denied Error
In a notable development that will affect numerous businesses globally, Microsoft has announced that it will commence the rejection of emails that do not adhere to strict authentication standards, resulting in the error code “550 5.7.15 Access denied.” This enforcement,…
Apache Parquet Java Vulnerability Let Attackers Execute Arbitrary Code
A new critical security vulnerability in Apache Parquet Java has been disclosed that could allow attackers to execute arbitrary code through specially crafted Parquet files. The vulnerability, tracked as CVE-2025-46762, affects all versions of Apache Parquet Java through 1.15.1. Apache…
Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data
The threat actors known as Golden Chickens have been attributed to two new malware families dubbed TerraStealerV2 and TerraLogger, suggesting continued development efforts to fine-tune and diversify their arsenal. “TerraStealerV2 is designed to collect browser credentials, cryptocurrency wallet data, and…
Signal Version Used In National Security Scandal Has Flaws
Cybersecurity Today: Disney Data Theft, Signal Gate, and Major Apple Vulnerability In this episode of Cybersecurity Today, host David Shipley discusses several key security incidents. Hacker ‘Null Bulge,’ real name Ryan Kramer, pleads guilty to stealing over 1.1 TB of…
How CISOs can talk cybersecurity so it makes sense to executives
CISOs know cyber risk is business risk. Boards don’t always see it that way. For years, CISOs have struggled to get boards to understand security beyond buzzwords. Many feel they’re either ignored or misunderstood. But with threats growing and regulations…
New Cyber threats emerge from Cyber Attacks on UK Companies
Over the past two weeks, media outlets have been rife with speculations about a significant cyber attack affecting three major UK-based companies: Marks & Spencer, Harrods, and Co-Op. Reports suggest that cybercriminals infiltrated these organizations, resulting in severe data breaches…
The Growing Cyber Threat of Steganography: Concealing Malicious Activity in Plain Sight
In an era where cybercrime is rapidly evolving, security professionals and hackers alike have found new, innovative ways to conceal malicious activity. One of the more alarming techniques to emerge in recent years is steganography—the art and science of hiding…
NCSC Warns of Ransomware Attacks Targeting UK Organisations
National Cyber Security Centre (NCSC) has issued technical guidance following a series of cyber attacks targeting UK retailers. These incidents have prompted concerns about the evolving threat landscape, particularly regarding ransomware and data extortion techniques. The NCSC’s National Resilience Director,…
How OSINT supports financial crime investigations
In this Help Net Security interview, Stuart Clarke, CEO at Blackdot Solutions, discusses the strategic use of open-source intelligence (OSINT) in tackling financial crime. He outlines its application in areas such as fraud, sanctions evasion, and money laundering, and addresses…
IT Security News Hourly Summary 2025-05-05 06h : 4 posts
4 posts were published in the last hour 4:2 : ISC Stormcast For Monday, May 5th, 2025 https://isc.sans.edu/podcastdetail/9436, (Mon, May 5th) 4:2 : India’s chipmaking ambitions hurt by Zoho’s no-go and Adani unease 4:2 : Ransomware spike exposes cracks in…
Review: Effective Vulnerability Management
Effective Vulnerability Management offers a view of a key part of cybersecurity, showing how practices, tools, and processes can help organizations reduce risk. About the authors Chris Hughes is the President of Aquia, a cybersecurity leader with 20 years of…
Vuls: Open-source agentless vulnerability scanner
Vuls is an open-source tool that helps users find and manage security vulnerabilities. It was created to solve the daily problems admins face when trying to keep servers secure. Many administrators choose not to use automatic software updates because they…
ISC Stormcast For Monday, May 5th, 2025 https://isc.sans.edu/podcastdetail/9436, (Mon, May 5th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, May 5th, 2025…
India’s chipmaking ambitions hurt by Zoho’s no-go and Adani unease
PLUS: China spring cleans its AIs; South Korea fines Meta, probes Broadcom; and more! PLUS: China spring cleans its AIs; South Korea fines Meta, probes Broadcom; and more! India’s ambition to become a global semiconductor manufacturing player went backwards last…
Ransomware spike exposes cracks in cloud security
90% of IT and security leaders said their organization experienced a cyberattack within the last year, according to a report by Rubrik. “Many organizations that move to the cloud assume their providers will handle security,” said Joe Hladik, Head of…
Critical Webmin Vulnerability Let Remote Attackers Escalate Privileges to Root-Level
A critical security vulnerability in Webmin, a widely-used web-based system administration tool, has been discovered, allowing remote attackers to escalate privileges and execute code with root-level access. Designated as CVE-2025-2774, this flaw poses severe risks to servers running affected versions…
Flexibility in Choosing the Right NHIs Solutions
Why is there a Need for Flexibility in Choosing the Right NHI Solutions? The need for well-rounded security measures is paramount. Undeniably, one of the key elements in crafting an effective cyber strategy revolves around Non-Human Identities (NHIs). Yet, with…