Trend Micro researchers have uncovered a novel ransomware family dubbed Charon, deployed in a sophisticated campaign targeting the public sector and aviation industry in the Middle East. This operation employs advanced persistent threat (APT)-style techniques, including DLL sideloading via a…
Your Windows PC has a secretly useful backup tool – here’s how to access it
Looking for a traditional yet flexible program to back up your personal files? Windows has a built-in tool that you can take advantage of. This article has been indexed from Latest news Read the original article: Your Windows PC has…
Fortinet SSL VPNs getting hammered, The Netherlands critical infrastructure compromise, Africa the most targeted for cyber attacks
The hits just keep on coming Where’s the Little Dutch Boy when you need him? I felt the ransomware down in Africa Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like…right…
IT Security News Hourly Summary 2025-08-13 09h : 4 posts
4 posts were published in the last hour 6:34 : Ransomware crew spills Saint Paul’s 43GB of secrets after city refuses to cough up cash 6:34 : AWS CISO explains how cloud-native security scales with your business 6:34 : Charon…
This new Wyze security camera promises to eliminate blind spots for $70
The new Wyze Duo Cam Pan is a motion-tracking, pan-tilt camera that can surveil your home inside and out. This article has been indexed from Latest news Read the original article: This new Wyze security camera promises to eliminate blind…
WinRAR Zero-Day Exploited by Russian-Linked Hackers RomCom and Paper Werewolf
Older WinRAR versions let malicious archives override the user-specified path via crafted archives, enabling stealthy system compromise. This article has been indexed from Security | TechRepublic Read the original article: WinRAR Zero-Day Exploited by Russian-Linked Hackers RomCom and Paper Werewolf
Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach
Hackers leaked 2.8M sensitive records from Allianz Life, exposing data on business partners and customers in ongoing Salesforce data theft attacks. Hackers leaked 2.8 million sensitive records of US insurance giant Allianz Life, exposing data on business partners and customers…
CVE-2017-11882 Will Never Die, (Wed, Aug 13th)
One of the key messages broadcasted by security professionals is: “Patch, patch and patch again!”. But they are nasty vulnerabilities that remain exploited by attackers even if they are pretty old. %%cve:2017-11882%% is one of them: this remote code execution…
Malicious npm Package Lures Job Seekers and Exfiltrates Sensitive Data
A self-proclaimed Ukrainian Web3 team targeted a community member during an interview’s first round by instructing them to clone and run a GitHub repository named EvaCodes-Community/UltraX. Suspecting foul play, the individual contacted the SlowMist security team, who conducted a thorough…
I installed Linux on this mini PC – here’s how it transformed my workflow (for the better)
If you only have space for a tiny PC, but don’t want to skimp on power, Geekcom has a great option for you. This article has been indexed from Latest news Read the original article: I installed Linux on this…
Navigating the API Security Landscape: Your Definitive API Security Buyer’s Guide for 2025
APIs power today’s digital economy—connecting customers, partners, and internal services at breakneck speed. But with that agility comes risk: in 2024 alone, API vulnerabilities cost organizations a staggering $2.5 billion in remediation, fines, and lost revenue. As APIs proliferate, traditional…
KnowBe4 refreshes brand after 15 years
KnowBe4, the cybersecurity platform that comprehensively addresses human risk management (HRM), today unveiled a bold new brand with what it claims to be “an innovative new vision for the future of the company.” The refreshed identity reflects KnowBe4’s leadership in…
Critical FortiSIEM Vulnerability Lets Attackers Execute Malicious Commands – PoC Found in the Wild
A critical security vulnerability in the Fortinet FortiSIEM platform allows unauthenticated attackers to execute arbitrary commands remotely. The vulnerability CVE-2025-25256, classified as CWE-78 (OS Command Injection), has been actively exploited in the wild with practical exploit code already circulating among…
Multiple Chrome High-Severity Vulnerabilities Let Attackers Execute Arbitrary Code
Google Chrome has released a critical security update addressing six vulnerabilities that could potentially enable arbitrary code execution on affected systems. The stable channel update to version 139.0.7258.127/.128 for Windows and Mac, and 139.0.7258.127 for Linux, contains patches for multiple…
ICS Patch Tuesday: Major Vendors Address Code Execution Vulnerabilities
August 2025 ICS Patch Tuesday advisories have been published by Siemens, Schneider, Aveva, Honeywell, ABB and Phoenix Contact. The post ICS Patch Tuesday: Major Vendors Address Code Execution Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Ransomware crew spills Saint Paul’s 43GB of secrets after city refuses to cough up cash
Minnesota’s capital is the latest to feature on Interlock’s leak blog after late-July cyberattack The Interlock ransomware gang has flaunted a 43GB haul of files allegedly stolen from the city of Saint Paul, following a late-July cyberattack that forced the…
AWS CISO explains how cloud-native security scales with your business
In this Help Net Security interview, Amy Herzog, CISO at AWS, discusses how cloud-native security enables scalable, flexible protection that aligns with how teams build in the cloud. She explains the Shared Responsibility Model and the tools and processes that…
Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics
Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East’s public sector and aviation industry. The threat actor behind the activity, according to Trend Micro, exhibited tactics mirroring those…
Urgent Vulnerabilities: Patching Exchange, Citrix, and Fortinet
In this episode of Cybersecurity Today, host David Shipley covers critical security updates and vulnerabilities affecting Microsoft Exchange, Citrix NetScaler, and Fortinet SSL VPNs. With over 29,000 unpatched Exchange servers posing a risk for admin escalation and potential full domain…
Critical FortiSIEM Vulnerability Allows Attackers to Execute Malicious Commands, PoC Found in the Wild
Security researchers have discovered a critical vulnerability in Fortinet’s FortiSIEM platform that enables remote attackers to execute unauthorized commands without authentication. The flaw, tracked as CVE-2025-25256, has achieved a maximum CVSS score of 9.8 and poses an immediate threat to…
FortiWeb Authentication Bypass Vulnerability Allows Logins as Any Existing User
A critical security vulnerability in Fortinet’s FortiWeb web application firewall has been discovered that allows unauthenticated attackers to bypass authentication and impersonate any existing user on affected devices. The flaw, tracked as CVE-2025-52970 and dubbed “Fort-Majeure” by its discoverer, stems…
Chrome Security Update Fixes High-Severity Flaws Allowing Arbitrary Code Execution
Google has released a critical security update for its Chrome browser, addressing six security vulnerabilities, including three high-severity flaws that could potentially allow arbitrary code execution on affected systems. The stable channel update, version 139.0.7258.127/.128 for Windows and Mac, and…
Critical FortiSIEM Vulnerability Let Attackers to Execute Malicious Commands – PoC Found in Wild
A critical security vulnerability in the Fortinet FortiSIEM platform that allows unauthenticated attackers to execute arbitrary commands remotely. The vulnerability CVE-2025-25256, classified as CWE-78 (OS Command Injection), has been actively exploited in the wild with practical exploit code already circulating…
New Zero-Click NTLM Credential Leak Exploit Bypasses Microsoft Patch for CVE-2025-24054
Security researchers at Cymulate Research Labs have discovered a critical zero-click NTLM credential leakage vulnerability that successfully bypasses Microsoft’s security patch for CVE-2025-24054, demonstrating that the original fix was incomplete and leaving millions of Windows systems exposed to sophisticated attacks.…