High-level government institutions in Sri Lanka, Bangladesh, and Pakistan have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder. “The attackers used spear phishing emails paired with geofenced payloads to ensure that only…
Cyberattack on Serviceaide Compromises Data of 480,000 Catholic Health Patients
Data breach at Serviceaide, Inc., a technology vendor for Catholic Health, exposed sensitive information belonging to approximately 480,000 patients. The incident, caused by an improperly secured Elasticsearch database, left names, Social Security numbers, medical records, and login credentials publicly accessible…
A security key for every employee? Yubikey-as-a-Service goes global
Yubico’s roaming authenticators can now be provisioned and delivered in 175 countries. Here’s what the service offers. This article has been indexed from Latest stories for ZDNET in Security Read the original article: A security key for every employee? Yubikey-as-a-Service…
China-linked UnsolicitedBooker APT used new backdoor MarsSnake in recent attacks
China-linked UnsolicitedBooker used a new backdoor, MarsSnake, to target an international organization in Saudi Arabia. ESET researchers revealed that a China-linked APT, tracked as UnsolicitedBooker, targeted an international organization in Saudi Arabia using a new backdoor called MarsSnake. The experts…
23andMe and its customers’ genetic data bought by a pharmaceutical org
The bankrupt 23andMe, along with all of its genetic data, has been bought by US drugmaker Regeneron Pharmaceuticals. This article has been indexed from Malwarebytes Read the original article: 23andMe and its customers’ genetic data bought by a pharmaceutical org
Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers
The Likely Exploited Vulnerabilities (LEV) equations can help augment KEV- and EPSS-based remediation prioritization. The post Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Red Hat Enterprise Linux 10 helps mitigate future quantum-based threats
Red Hat Enterprise Linux 10 provides a strategic and intelligent backbone for enterprise IT to navigate complexity, accelerate innovation and build a more secure computing foundation for the future. As enterprise IT grapples with the proliferation of hybrid environments and…
Product showcase: Secure digital and physical access with the Swissbit iShield Key 2
To meet today’s complex security requirements, organizations need solutions that are not only secure, but also practical and scalable. The Swissbit iShield Key 2 offers a compelling answer by combining two critical security functions – digital authentication and physical access…
Security Flaw in WordPress Plugin Puts 22,000 Websites at Risk of Cyber Attacks
Critical security vulnerability has been discovered in Motors, a popular WordPress theme with over 22,000 sales, potentially exposing thousands of websites to complete takeover. Security researchers at Wordfence identified an unauthenticated privilege escalation vulnerability that allows attackers to change passwords…
Threat Actors Deploy Bumblebee Malware via Poisoned Bing SEO Results
A newly identified cyberattack campaign has revealed the persistent and evolving threat of Bumblebee malware, a sophisticated downloader first discovered in 2022 and linked to ransomware groups like Conti. According to a recent report by Cyjax, threat actors have orchestrated…
Cloud Security and Privacy: Best Practices to Mitigate the Risks
Cloud security refers to technologies, best practices, and safety guidelines that help to protect your data from human errors, insider and security threats. Therefore, it naturally covers a wide range of procedures, which are aimed at securing systems from data…
How to create a remote access policy, with template
Remote work, while beneficial, presents numerous security risks. Help keep your organization’s systems safe with a remote access policy. This article has been indexed from Search Security Resources and Information from TechTarget Read the original article: How to create a…
DPRK IT Workers Pose as Polish & US Nationals to Obtain Full-Stack Developer Roles
A sophisticated employment scam network linked to the Democratic People’s Republic of Korea (DPRK) has been identified targeting remote technology positions in Western companies. These threat actors are posing as Polish and US nationals to secure employment in engineering and…
Phishing Attack Prevention – Best Practices for 2025
The phishing attack landscape continues to evolve in 2025, with cybercriminals using more sophisticated techniques to bypass security measures, emphasizing the need for phishing attack prevention. Phishing remains one of the most prevalent and damaging cyber threats facing organizations worldwide.…
Adidas Data Breach – Customers’ Personal Information Exposed
Adidas Korea has announced a security breach affecting customer data, marking the second major incident in the fashion industry targeting Korean consumers this month. The sportswear giant revealed that unauthorized access was gained through a third-party customer service provider, compromising…
Threat Actors Deliver Bumblebee Malware Poisoning Bing SEO
A sophisticated malware campaign leveraging search engine optimization (SEO) poisoning on Microsoft Bing has emerged, delivering the notorious Bumblebee malware to unsuspecting users. The campaign, identified in May 2025, specifically targets users searching for specialized software tools, demonstrating a concerning…
Ransomware attack on food distributor spells more pain for UK supermarkets
Peter Green Chilled supplies all the major UK chains It’s more bad news for UK supermarkets with chilled and frozen food distribution business Peter Green Chilled confirming a ransomware attack with customers.… This article has been indexed from The Register…
TrustCloud Raises $15 Million for Security Assurance Platform
AI-native security assurance firm TrustCloud has raised $15 million in a strategic funding round led by ServiceNow Ventures. The post TrustCloud Raises $15 Million for Security Assurance Platform appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Event Preview: 2025 Threat Detection & Incident Response (Virtual) Summit
SecurityWeek’s 2025 Threat Detection & Incident Response (TDIR) Summit takes place as a virtual summit on Wednesday, May 21st. The post Event Preview: 2025 Threat Detection & Incident Response (Virtual) Summit appeared first on SecurityWeek. This article has been indexed…
[NEU] [mittel] TYPO3 Core: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in TYPO3 Core ausnutzen, um Dateien zu manipulieren, Informationen auszuspähen, Sicherheitsvorkehrungen zu umgehen, einen Denial-of-Service auszulösen oder seine Privilegien zu erweitern. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen…
[UPDATE] [mittel] GnuTLS: Schwachstelle ermöglicht Denial of Service
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in GnuTLS ausnutzen, um einen Denial of Service Angriff durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE] [mittel] GnuTLS: Schwachstelle ermöglicht…
[NEU] [hoch] TYPO3 Extensions: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in verschiedenen TYPO3 Extensions ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen und um Cross-Site Scripting Angriffe durchzuführen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den…
Compromised RVTools Installer Spreading Bumblebee Malware
RVTools installer on its official site was found delivering malware. Research shows it spread Bumblebee loader. Users urged to verify downloads. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original…
Qilin Exploits SAP Zero-Day Vulnerability Weeks Ahead of Public Disclosure
Cybersecurity experts at OP Innovate have uncovered evidence that CVE-2025-31324, a critical zero-day vulnerability in SAP NetWeaver Visual Composer, was actively exploited nearly three weeks before its public disclosure. This flaw, residing in the /developmentserver/metadatauploader endpoint, lacks proper authentication and…