Tag: Cyber Security News

A critical vulnerability CVE-2025-42922 has been discovered in SAP NetWeaver that allows an authenticated, low-privileged attacker to execute arbitrary code and achieve a full system compromise. The flaw resides in the Deploy Web Service upload mechanism, where insufficient access control…

Read more →

Microsoft has addressed two significant elevation of privilege vulnerabilities affecting its Windows BitLocker encryption feature. The flaws, tracked as CVE-2025-54911 and CVE-2025-54912, were disclosed on September 9, 2025, and carry an “Important” severity rating. Both vulnerabilities could allow an authorized…

Read more →

Google has issued an urgent security update for the Chrome browser on Windows, Mac, and Linux, addressing a critical vulnerability that could allow attackers to execute arbitrary code remotely. Users are strongly advised to update their browsers immediately to protect…

Read more →

Workday has confirmed it suffered a data breach after a security incident involving a third-party application that compromised customer information. The breach originated from Salesloft’s Drift application, which connects to Salesforce environments. On August 23, 2025, Workday became aware of…

Read more →

Every SOC analyst knows the frustration. Your SIEM generates hundreds, sometimes thousands of alerts daily. Each alert demands attention, but with limited time and resources, how do you prioritize effectively? Investigating each alert in isolation leaves teams reactive, overwhelmed, and…

Read more →

Microsoft has released its September 2025 Patch Tuesday updates, addressing a total of 81 security vulnerabilities across its product suite. The security patches cover a wide range of software, including Windows, Microsoft Office, Azure, and SQL Server. Among the fixes…

Read more →

A new wave of phishing attacks purporting to originate from South Korea’s National Tax Service has emerged, leveraging familiar electronic document notifications to trick recipients into divulging their Naver credentials. Distributed on August 25, 2025, the email mimics the official…

Read more →

Fortinet has disclosed a medium-severity vulnerability in its FortiDDoS-F product line that could allow a privileged attacker to execute unauthorized commands. Tracked as CVE-2024-45325, the flaw is an OS command injection vulnerability residing within the product’s command-line interface (CLI). The…

Read more →

Salat Stealer has emerged as a pervasive threat targeting Windows endpoints with a focus on harvesting browser-stored credentials and cryptocurrency wallet data. First detected in August 2025, this Go-based infostealer leverages a range of evasion tactics, including UPX packing and…

Read more →

Cybersecurity researchers have observed the emergence of a novel Android banking trojan, RatOn in recent months that seamlessly combines remote access capabilities with NFC relay technology and Automated Transfer System (ATS) functions. Initially detected in mid-July 2025, RatOn’s multi-stage architecture…

Read more →

A widespread issue with Microsoft’s anti-spam filtering service is preventing some Exchange Online and Microsoft Teams users from opening URLs, disrupting workflows across organizations. The problem, tracked under Microsoft advisory MO1148487, remains ongoing as the company works on a permanent…

Read more →

Police-issued body cameras have become ubiquitous tools for recording law enforcement encounters, yet a recent investigation has uncovered troubling design choices in a budget-friendly system that compromise both privacy and data integrity. The Viidure mobile application, designed to transfer video…

Read more →

Penetration Testing as a Service (PTaaS) is a modern evolution of traditional pentesting that combines the speed and efficiency of a platform with the skill of human ethical hackers. Unlike the time-consuming, point-in-time nature of traditional engagements, PTaaS offers a…

Read more →

Ivanti has released security updates to address two high-severity vulnerabilities in its Endpoint Manager (EPM) software that could allow remote code execution. The vulnerabilities, tracked as CVE-2025-9712 and CVE-2025-9872, affect multiple versions of the product. The company has stated that…

Read more →

External penetration testing is a crucial practice for any organization aiming to validate its security posture against real-world threats. In 2025, with the proliferation of cloud services, SaaS applications, and remote work, an organization’s external attack surface is larger and…

Read more →

Jaguar Land Rover (JLR) has extended the shutdown of its UK factories until at least Wednesday, more than a week after a significant cyber attack crippled its operations. The production halt, which began after the company detected the breach on…

Read more →

A sophisticated cyber attack has emerged targeting organizations through a malicious impersonation of DeskSoft’s legitimate EarthTime application, deploying multiple malware families in a coordinated ransomware operation. The attack represents a concerning evolution in threat actor tactics, demonstrating how legitimate software…

Read more →

A recent analysis of a Windows kernel-memory dump has provided a detailed look into a DRIVER_POWER_STATE_FAILURE, a critical error that results in a Blue Screen of Death (BSOD). The investigation reveals how a single malfunctioning driver can cause a system-wide…

Read more →

APT37, the North Korean-aligned threat actor also known as ScarCruft, Ruby Sleet, and Velvet Chollima, has expanded its arsenal with sophisticated new malware targeting Windows systems. Active since 2012, the group primarily focuses on South Korean individuals connected to the…

Read more →

Adobe has issued an emergency security patch for a critical vulnerability in its Magento and Adobe Commerce platforms, dubbed “SessionReaper”. The vulnerability is considered one of the most severe in Magento’s history, prompting an out-of-band update on Tuesday, September 9th,…

Read more →