A critical security vulnerability affecting Apache DolphinScheduler’s default permission system has been identified and patched, prompting urgent update recommendations from the Apache Software Foundation. The vulnerability, which stems from overly permissive default configurations in the popular workflow scheduling platform, allows…
Tag: EN
New Dire Wolf Ransomware Attack Windows Systems, Deletes Event Logs and Backup-Related Data
A sophisticated new ransomware strain known as Dire Wolf has emerged as a significant threat to organizations worldwide, combining advanced encryption techniques with destructive anti-recovery capabilities. The malware group first appeared in May 2025 and has since targeted 16 organizations…
1,100 Ollama AI Servers Exposed to Internet With 20% of Them are Vulnerable
A comprehensive security investigation has uncovered a disturbing reality in the artificial intelligence infrastructure landscape: more than 1,100 instances of Ollama, a popular framework for running large language models locally, have been discovered exposed directly to the internet. This widespread…
Mis-issued TLS Certificates for 1.1.1.1 DNS Service Enable Attackers to Decrypt Traffic
The discovery of three improperly issued TLS certificates for 1.1.1.1, the popular public DNS service from Cloudflare, and the Asia Pacific Network Information Centre (APNIC). The certificates, which were issued in May 2025, could allow attackers to intercept and decrypt…
New Namespace Reuse Vulnerability Allows Remote Code Execution in Microsoft Azure AI, Google Vertex AI, and Hugging Face
Cybersecurity researchers have uncovered a critical vulnerability in the artificial intelligence supply chain that enables attackers to achieve remote code execution across major cloud platforms including Microsoft Azure AI Foundry, Google Vertex AI, and thousands of open-source projects. The newly…
France fines Google, SHEIN, for undercooked Cookie policies that led to crummy privacy
Web giant and Chinese e-tailer whacked for dropping trackers without permission France’s data protection authority levied massive fines against Google and SHEIN for dropping cookies on customers without securing their permission, and also whacked Google for showing ads in email…
H2O-3 JDBC Deserialization Vulnerability (CVE-2025-6507)
Overview Recently, NSFOCUS CERT detected that H2O-3 released a security update to fix the H2O-3 JDBC deserialization vulnerability (CVE-2025-6507); This vulnerability is a bypass of CVE-2024-45758 and CVE-2024-10553. Due to the deserialization flaw in the system’s JDBC connection processing logic,…
Cloudflare Fends Off A Record Breaking 11.5 Tbps DDoS Attack
In this episode of Cybersecurity Today, host Jim Love covers the latest and most critical stories in the world of cyber threats and digital defense: • Cloudflare fends off a record-breaking 11.5 Tbps DDoS attack, highlighting the relentless scale and…
XWorm Malware Adopts New Infection Chain to Bypass Security Detection
Cybersecurity researchers have identified a sophisticated evolution in XWorm malware operations, with the backdoor campaign implementing advanced tactics to evade detection systems. The Trellix Advanced Research Center has documented this significant shift in the malware’s deployment strategy, revealing a deliberate…
New ‘NotDoor’ Malware Targets Outlook Users for Data Theft and System Compromise
Russian state-sponsored hackers have developed a sophisticated new backdoor malware called “NotDoor” that specifically targets Microsoft Outlook users, enabling attackers to steal sensitive data and gain complete control over compromised systems. The NotDoor malware has been attributed to APT28, the…
Cutting through CVE noise with real-world threat signals
CISOs are dealing with an overload of vulnerability data. Each year brings tens of thousands of new CVEs, yet only a small fraction ever become weaponized. Teams often fall back on CVSS scores, which label thousands of flaws as “high”…
Cato Networks acquires Aim Security to bring AI protection into SASE Cloud
Cato Networks acquired Aim Security to further enhance the Cato SASE Cloud Platform, supporting secure enterprise adoption of AI agents and both public and private AI applications. Cato has now exceeded $300 million in annual recurring revenue (ARR). The company…
DDoS attacks serve as instruments of political influence and disruption
In the first half of 2025, there were 8,062,971 DDoS attacks worldwide, with EMEA taking the brunt at 3.2 million attacks, according to Netscout. Peak attacks reached speeds of 3.12 Tbps and 1.5 Gpps. These attacks have moved beyond simple…
Attackers are turning Salesforce trust into their biggest weapon
Salesforce has become a major target for attackers in 2025, according to new WithSecure research into threats affecting customer relationship management (CRM) platforms. The report shows that malicious activity inside Salesforce environments rose sharply in the first quarter of this…
This handy Apple Intelligence feature saves me over $200 a year
Sometimes the simplest features are the best. This article has been indexed from Latest news Read the original article: This handy Apple Intelligence feature saves me over $200 a year
How to decide between Linux and MacOS – if you’re ready to ditch Windows
I’ve used both Linux and MacOS for years. But if you have to decide between them, ask yourself these seven simple questions. This article has been indexed from Latest news Read the original article: How to decide between Linux and…
US puts $10M bounty on three Russians accused of attacking critical infrastructure
Seven-year-old Cisco vuln that remains inexplicably unpatched is their way in The US State Department has put a $10 million bounty on the heads of three Russians accused of being intelligence agents hacking America’s critical infrastructure – primarily via old…
Tidal Cyber Raises $10 Million for CTI and Adversary Behavior Platform
Co-founded by former MITRE experts, the startup will use the funding to accelerate product innovation and fuel company growth. The post Tidal Cyber Raises $10 Million for CTI and Adversary Behavior Platform appeared first on SecurityWeek. This article has been…
OnePlus will give you a $300 smartwatch for free right now – here’s how to qualify
What’s the catch? OnePlus will only give away 700 smartwatches before supplies run out. This article has been indexed from Latest news Read the original article: OnePlus will give you a $300 smartwatch for free right now – here’s how…
Congressional panel throws cyber threat intel-sharing, funding a lifeline
Clock is ticking US security leaders have urged lawmakers to reauthorize two key pieces of cyber legislation, including one that facilitates threat-intel sharing between the private sector and federal government, before they expire at the end of the month.… This…