Researchers have uncovered a critical vulnerability (CVE-2025-29927) in Next.js middleware, allowing authorization bypass. Learn about the exploit and fixes.
In its 2025 Global Third-Party Breach Report, SecurityScorecard has found that 35.5% of all cyber breaches in 2024 were third-party related, up from 29% in 2023
The proliferation of scarily realistic deepfakes is one of the more pernicious byproducts of the rise of AI, and falling victim to scams based on them is already costing companies millions of...
Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that...
Researchers aren’t aware of active exploitation in the wild, but they warn the risk for publicly exposed and unpatched Ingress Nginx controllers is extremely high. The post String of defects in...
Researchers aren’t aware of active exploitation in the wild, but they warn the risk for publicly exposed and unpatched Ingress Nginx controllers is extremely high. The post String of defects in...
“We applaud Chairman Carr’s leadership in advancing common-sense regulatory reform. Modernizing these outdated rules will allow for greater investment in critical network infrastructure, ensuring...
Incorrect Privilege Assignment vulnerability (CVE-2025-2098) has been found in Fast CAD Reader (Beijing Honghu Yuntu Technology) application.
When people think of cybersecurity threats, they often picture external hackers breaking into networks. However, some of the most damaging breaches stem from within organizations. Whether through...
APT groups from China were ranked among the top global cyber threats alongside North Korea, russia, and Iran, showcasing heightened offensive capabilities and posing significant challenges to the...
Colin Ahern sat down with Recorded Future News earlier this year to discuss New York’s efforts to protect local governments from ransomware and more.
AI tools will be used in your work—here’s how to make them safe
ASEC Blog publishes Ransom & Dark Web Issues Week 4, March 2025 * New ransomware group Arkana Security claims attack on a US telecommunications company. * New ransomware group Frag claims attacks...
Overview Mark of the Web (MoTW) is a Windows feature that identifies files downloaded from the Internet and displays a security warning, as well as restricts the files to be executed with a...
2025-03-15 • Github (TheRavenFile) • Rakesh Krishnan • py.anubisbackdoor Open article on Malpedia
ESET researchers discover new ties between affiliates of RansomHub and of rival gangs Medusa, BianLian, and Play
ESET researchers uncover the toolset used by the FamousSparrow APT group, including two undocumented versions of the group’s signature backdoor, SparrowDoor
Cloud-based streaming company StreamElements confirms it suffered a data breach at a third-party service provider after a threat actor leaked samples of stolen data on a hacking forum. [...]
Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security. Atlantis AIO "has emerged as a...
2025-03-17 • Cloudflare • Cloudflare • elf.blackbasta, win.blackbasta Open article on Malpedia
Threat actors are exploiting cloud platforms like Adobe and Dropbox to evade email gateways and steal credentials
2025-03-25 • SpyCloud • James • win.ghostsocks Open article on Malpedia
A new cybercrime platform named 'Atlantis AIO' provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs. [...]
A newly discovered malware campaign uses malicious npm packages to deploy reverse shells, compromising development environments
Keep your logins locked down with our favorite password management apps for PC, Mac, Android, iPhone, and web browsers.
Kaspersky attributed the hacks to an espionage campaign targeting journalists and employees at educational institutions.
Rising Cyber Threats in Healthcare – Discover the latest cybersecurity risks targeting healthcare organizations, from ransomware to third-party threats. Key Findings from the 2025 Trustwave Risk...
Posted by Christiaan Brand, Group Product ManagerWe’re excited to announce that starting today, Titan Security Keys are available for purchase in more than 10 new countries:IrelandPortugalThe...
Heads-up for Kubernetes admins! A batch of five critical vulnerabilities called “IngressNightmare” (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974) affecting...
The Office of the Director of National Intelligence (ODNI) identified in its 2025 Annual Threat Assessment of the... The post ODNI 2025 Threat Assessment notes threats from Russia, China, Iran,...