CISA has released a comprehensive cybersecurity advisory detailing how threat actors successfully compromised a U.S. federal civilian executive branch agency’s network by exploiting CVE-2024-36401, a critical remote code execution vulnerability in GeoServer. The incident, which remained undetected for three weeks,…
Tag: EN
Kali Linux 2025.3 Released With New Features and 10 New Hacking Tools
Kali team has released Kali Linux 2025.3, the third major update of the year for the popular penetration testing and ethical hacking distribution. This release introduces 10 new tools, brings significant updates to its mobile platform, Kali NetHunter, and enhances…
Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers
Tracked as CVE-2025-59689, the command injection bug could be triggered via malicious emails containing crafted compressed attachments. The post Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Proofpoint introduces four innovations to safeguard the agentic workspace
Proofpoint announced four innovations designed to secure the agentic workspace, where people and AI agents collaborate side by side. Proofpoint’s new collaboration and data security capabilities address the risks of the agentic workspace by solving four challenges: protecting AI assistants…
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials
Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services (AWS) Instance Metadata Service (IMDS). The vulnerability in question…
European airports restore services, CISA deals with GeoServer exploit, Jaguar Land Rover extends shutdown
European airports restoring services after system breach CISA deals with GeoServer exploit App for outing Charlie Kirk’s critics leaks personal data Huge thanks to our sponsor, Conveyor Have you been personally victimized by a questionnaire this week? The queue never…
What to expect from iPhone 17?
Apple has officially launched its new iPhone 17 lineup. The new devices that will be hitting the shelves later this month will come in four… The post What to expect from iPhone 17? appeared first on Panda Security Mediacenter. This…
Huawei’s HarmonyOS Leads Apple In China For Sixth Quarter
Huawei’s self-developed HarmonyOS leads Apple’s iOS in mainland China for sixth quarter in a row as company pushes for independence This article has been indexed from Silicon UK Read the original article: Huawei’s HarmonyOS Leads Apple In China For Sixth…
ShadowV2 Botnet Infects AWS Docker Containers to Launch DDoS Campaign
Darktrace’s latest investigation uncovered a novel campaign that blends traditional malware with modern DevOps technology. At the center of this operation lies a Python-based command-and-control (C2) framework hosted on GitHub CodeSpaces. The threat actors leverage a multi-stage Docker deployment initiated…
State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability
Libraesva has released a security update to address a vulnerability in its Email Security Gateway (ESG) solution that it said has been exploited by state-sponsored threat actors. The vulnerability, tracked as CVE-2025-59689, carries a CVSS score of 6.1, indicating medium…
Cloudflare mitigates largest-ever DDoS attack at 22.2 Tbps
Cloudflare blocked a new record-breaking DDoS attack peaking at 22.2 Tbps and 10.6 billion packets per second. Cloudflare announced it has mitigated a new record-breaking distributed denial-of-service (DDoS) attack that peaked at a record-breaking 22.2 terabits per second (Tbps) and…
Google’s $425 Million Fine a Win for Privacy, But Will it Stick?
Google must pay $425M for violating California privacy laws by tracking 98M users despite opt-outs. A major win for data privacy, though appeals loom. The post Google’s $425 Million Fine a Win for Privacy, But Will it Stick? appeared first…
APIs and hardware are under attack, and the numbers don’t look good
Attackers have a new favorite playground, and it’s not where many security teams are looking. According to fresh data from Bugcrowd, vulnerabilities in hardware and APIs are climbing fast, even as website flaws hold steady. The shift shows how attackers…
Building a stronger SOC through AI augmentation
In this Help Net Security interview, Tim Bramble, Director of Threat Detection and Response at OpenText, discusses how SOC teams are gaining value from AI in detecting and prioritizing threats. By learning what “normal” looks like across users and systems,…
Chrome High-severity Flaws Expose Sensitive Data, Trigger System Crashes
Google has released an urgent security update for its Chrome browser, addressing three high-severity vulnerabilities that could allow attackers to leak sensitive information and cause system instability. The latest Chrome version 140.0.7339.207/.208 for Windows and Mac, and 140.0.7339.207 for Linux,…
Jaguar Land Rover Factory Reopening Delayed After Cyber Attack
Jaguar Land Rover (JLR) has announced a further delay to the reopening of its production lines following a sophisticated cyber attack. The pause in manufacturing has been extended until Wednesday, 1 October 2025, to allow the investigation to progress and…
New “YiBackdoor” Malware Lets Hackers Run Commands and Steal Data
Cybersecurity researchers at Zscaler ThreatLabz have identified a sophisticated new malware strain dubbed YiBackdoor, first detected in June 2025. This emerging threat represents a significant evolution in backdoor technology, sharing substantial code similarities with established malware families IcedID and Latrodectus.…
Nosey Parker: Open-source tool finds sensitive information in textual data and Git history
Nosey Parker is an open-source command-line tool that helps find secrets and sensitive information hidden in text files. It works like a specialized version of grep, focused on spotting things like passwords, API keys, and other confidential data. The tool…
Building AI responsibly from day one
In this Help Net Security video, David Hardoon, Global Head of AI Enablement at Standard Chartered, discusses the role of ethics and safety in AI development. He explains why principles like fairness, accountability, and transparency must be built into AI…
GitHub’s NPM Lockdown, Deep Fake Threats, and Yellowknife’s Cyber Incident: Cybersecurity Today
Cybersecurity Today: GitHub’s NPM Lockdown, Deep Fake Threats, and Yellowknife’s Cyber Incident In this episode of ‘Cybersecurity Today’, host Jim Love discusses GitHub’s response to widespread supply chain attacks in the NPM ecosystem, the alarming rise of deep fake attacks…