ConnectWise, a leading provider of software solutions for managed service providers, disclosed today that it detected suspicious activity within its environment, believed to be orchestrated by a sophisticated nation-state actor. The breach, which impacted a small number of ScreenConnect customers,…
ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach
ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. “ConnectWise recently learned of suspicious activity within our…
SentinelOne Recovers: Platform Back Online After Extended Outage
On May 29, 2025, SentinelOne, a leading cybersecurity provider, experienced a significant platform outage that disrupted access to its commercial customer consoles worldwide. The incident began earlier in the day and was promptly acknowledged by SentinelOne, which communicated updates to…
Apache Tomcat CGI Servlet Flaw Enables Security Constraint Bypass
A newly disclosed vulnerability, CVE-2025-46701, has been identified in Apache Tomcat’s CGI servlet, allowing attackers to bypass security constraints under specific conditions. The flaw, announced on May 29, 2025, is rooted in the improper handling of case sensitivity within the…
Using AI to outsmart AI-driven phishing scams
Phishing scams used to be filled with awkward wording and obvious grammar mistakes. Not anymore. AI is now making it harder to distinguish what is real. According to Cofense, email-based scams surged 70% year over year, driven by AI’s ability…
Why privacy in blockchain must start with open source
Traditionally, trust came from centralized institutions. Banks, payment networks, and clearinghouses are closed systems. Users cannot see the inner workings, but they rely on external audits, government regulation, and long histories of compliance to feel secure. It’s a model that…
Cybersecurity Today: Hijacker Scams, Ransomware Attacks, and Summer Travel Threats
In this episode of Cybersecurity Today, host Jim Love covers critical updates in the world of cyber threats. The FBI warns of hijackers posing as IT support to infiltrate law firms, a Wisconsin city reveals a ransomware attack affecting…
Actionable Threat Intelligence for Mitigating Emerging Cyber Threats
As ransomware gangs, state-sponsored hackers, and AI-powered malware operators intensify their campaigns, organizations worldwide are racing to implement actionable threat intelligence frameworks that transform raw data into preemptive defense mechanisms. The global threat intelligence market, projected to reach $26.19 billion…
IT Security News Hourly Summary 2025-05-30 06h : 5 posts
5 posts were published in the last hour 3:32 : Apache Tomcat CGI Servlet Vulnerability Allows Security Constraint Bypass 3:32 : Predictive Cyber Risk Analysis Using Aggregated Threat Intelligence 3:32 : Feel Supported by Your NHI Security Team 3:32 :…
AI agents have access to key data across the enterprise
82% of organizations already use AI agents, but only 44% of organizations report having policies in place to secure them, according to SailPoint. While 53% are in the process of developing such policies, the reality is that most remain exposed…
SentinelOne Outage: Services Restored After Hours-Long Platform Disruption
SentinelOne, a leading AI-powered cybersecurity company, experienced a significant global platform outage on May 29, 2025, that affected commercial customers worldwide for approximately six hours. The incident impacted multiple services on SentinelOne’s Singularity platform, including endpoint protection, extended detection and…
Integrating Threat Intelligence into Security Operations Centers
As cyber threats grow in complexity and volume, Security Operations Centers (SOCs) increasingly leverage threat intelligence to transform their defensive strategies from reactive to proactive. Integrating Cyber Threat Intelligence (CTI) into SOC workflows has become critical for organizations that aim…
Infosec products of the month: May 2025
Here’s a look at the most interesting products from the past month, featuring releases from: Anchore, BalkanID, Cyble, groundcover, Hunted Labs, LogicGate, McAfee, Obsidian Security, Outpost24, PentestPad, ProcessUnity, Resecurity, Searchlight Cyber, SecuX, ServiceNow, ThreatMark, and Verosint. New MCP server from…
Exchange 2016, 2019 support ends soon: What IT should do to stay secure
Microsoft is ending support for Exchange Server 2016, Exchange Server 2019, and Outlook 2016 on October 14, 2025. That date might seem far off, but if you’re managing email systems or Office deployments, it’s worth paying attention to now. These…
Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas
Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025. “We detected and removed these campaigns before they were able to build authentic audiences on our apps,”…
Auslegungssache 135: Datenschutz im vernetzten Auto
Moderne Autos sammeln unzählige Daten über Fahrverhalten, Standorte und mehr. Doch was geschieht mit diesen Informationen und wie steht es um den Datenschutz? Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Auslegungssache 135: Datenschutz im…
Apache Tomcat CGI Servlet Vulnerability Allows Security Constraint Bypass
A new security vulnerability has been discovered in Apache Tomcat’s CGI servlet implementation that could allow attackers to bypass configured security constraints under specific conditions. The vulnerability, designated CVE-2025-46701, was disclosed on May 29, 2025, and affects multiple versions of…
Predictive Cyber Risk Analysis Using Aggregated Threat Intelligence
As cyber threats evolve at an alarming pace, organizations are increasingly turning toward predictive analytics to stay one step ahead of potential breaches. By aggregating threat intelligence from multiple sources and applying advanced predictive models, security teams are shifting from…
Feel Supported by Your NHI Security Team
Have You Considered the Strategic Importance of NHI Management? Consider this: The evolving technology has caused a seismic shift in how businesses protect their IT infrastructure. A crucial part of this protection is the effective management of Non-Human Identities (NHIs)…
Unlocking Powerful Benefits with NHIs
Is Your Organization Realizing the Powerful Benefits of NHIs? Acquiring a deep understanding of Non-Human Identities (NHIs) is pivotal for organizations striving to build solid fortifications around their data and systems. NHIs, also known as machine identities, are the unseen…
Building Trust Through Effective NHI Management
Why is Trust Crucial in NHI Management? Think about it. How much faith do we place in Non-Human Identities (NHIs) that aid in modern cybersecurity protocols? Is that trust well-founded? The role of trust in NHI management becomes key as…
Developing Collaborative Threat Intelligence Sharing Frameworks
In today’s rapidly evolving digital landscape, organizations increasingly recognize that defending against sophisticated cyber threats in isolation is no longer viable. Recent developments in collaborative threat intelligence sharing frameworks demonstrate how the cybersecurity community is uniting to combat these challenges…
ISC Stormcast For Friday, May 30th, 2025 https://isc.sans.edu/podcastdetail/9472, (Fri, May 30th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, May 30th, 2025…
U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams, commonly known as “pig butchering.” In January 2025, KrebsOnSecurity detailed…