ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability
The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a …
12 Ways to Protect Your Business from Hackers During Remote Work
Michelle MooreUniversity of San Diego’sSeptember 11, 2025 Remote work is here to stay, with nearly a quarter of the U.S. workforce (22%)…
Spectre haunts CPUs again: VMSCAPE vulnerability leaks cloud secrets
If you thought the world was done with side-channel CPU attacks, think again. ETH Zurich has identified yet another Spectre-based transient…
Wyden Urges FTC Investigation Over Ascension Ransomware Hack
US Senator Ron Wyden of Oregon has called on the Federal Trade Commission to investigate Microsoft for cybersecurity lapses linked to…
Akira ransomware affiliates continue breaching organizations via SonicWall firewalls
Over a year after SonicWall patched CVE-2024-40766, a critical flaw in its next-gen firewalls, ransomware attackers are still gaining a…
Senator Wyden Urges FTC to Probe Microsoft for Ransomware-Linked Cybersecurity Negligence
U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to probe Microsoft and hold it responsible for what he called "gross…
UK Rail Operator LNER Confirms Cyber Attack Exposing Passenger Data
LNER cyber attack exposes passenger contact details and journey data. No financial information or passwords were taken, but customers are…
Boost Operational Resilience: Proactive Security with CORA Best Practices
On almost a monthly basis, the US Cybersecurity & Infrastructure Security Agency (CISA) publishes advisories about the latest…
Palo Alto Networks User-ID Credential Agent Vulnerability Exposes password In Cleartext
A newly disclosed vulnerability in Palo Alto Networks’ User-ID Credential Agent for Windows, identified as CVE-2025-4235, could…
Chinese APT Actor Compromises Military Firm with Novel Fileless Malware Toolset
A Chinese APT group has compromised a Philippines-based military firm using a novel, sophisticated fileless malware framework dubbed…
SAP Issues Critical Security Patch for NetWeaver and Other Products, Warns of CVE-2025-42944
SAP has released a new security update addressing a broad range of vulnerabilities across its product ecosystem. Among the most alarming is a…
Australia Warns of Ransomware Attacks Exploiting SonicWall VPN Flaw CVE-2024-40766
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has issued an urgent alert regarding active exploitation of…
SonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware Hackers
Threat actors affiliated with the Akira ransomware group have continued to target SonicWall devices for initial access. Cybersecurity firm…
France: Three Regional Healthcare Agencies Targeted by Cyber-Attacks
French regional healthcare agencies have been targeted by cyber-attacks compromising the personal data of patients across the country. On…
ChillyHell macOS Malware Resurfaces, Using Google.com as a Decoy
A previously dormant macOS threat, ChillyHell, is reviving. Read how this malware can bypass security checks, remain hidden, and install…
NVIDIA NVDebug Tool Vulnerability Let Attackers Escalate Privileges
NVIDIA has released a security update for its NVDebug tool to address three high-severity vulnerabilities that could allow an…
Ukrainian Ransomware Fugitive Added to Europe’s Most Wanted
A 28-year-old Ukrainian has been added to a list of Europe’s most wanted fugitives for alleged participation in LockerGoga ransomware attacks.…
Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts
Cybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake websites to…
Cracking the Boardroom Code: Helping CISOs Speak the Language of Business
CISOs know their field. They understand the threat landscape. They understand how to build a strong and cost-effective security stack. They…
LNER Reveals Supply Chain Attack Compromised Customer Information
The operator of one of the UK’s busiest rail lines has admitted that an unauthorized third party has accessed customer details via a supplier.…
1.5 billion packets per second DDoS attack detected with FastNetMon
London, United Kingdom, September 11th, 2025, CyberNewsWire FastNetMon today announced that it detected a record-scale distributed…
Vulnerability Management – common understanding and language enable teamwork
Part of a series This Blog post is part of the series Vulnerability Management Series: 3D (Definition, Deep-Dive, and Difficulties) Part 1…
ACSC Warns Of Sonicwall Access Control Vulnerability Actively Exploited In Attacks
The Australian Cyber Security Centre (ACSC) has issued a critical alert regarding a severe access control vulnerability in…
AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto
Cybersecurity researchers have disclosed details of a new campaign that leverages ConnectWise ScreenConnect, a legitimate Remote Monitoring…
Microsoft Copilot to Be Powered by Two AIs: OpenAI and Now Anthropic
Ddos September 11, 2025 The Information has reported that Microsoft is preparing to announce, within the coming weeks, the integration of…
High-Severity Flaws in Sunshine for Windows Allow Privilege Escalation
The CERT Coordination Center (CERT/CC) has issued a vulnerability note warning of two critical local security flaws affecting Sunshine for…
Beyond Cobalt Strike: A New Open-Source Hacking Tool Is on the Rise
Ddos September 11, 2025 Researchers at Palo Alto Networks’ Unit 42 have published a report detailing the rise of AdaptixC2, an open-source…
CVE-2025-8696: DoS Flaw in Stork UI Allows Unauthenticated Attackers to Crash Servers
Ddos September 11, 2025 The Internet Systems Consortium (ISC) has issued a security advisory addressing a high-severity flaw in Stork UI, a…
ACSC Warns of Active Exploitation of SonicWall SSL VPN Vulnerability (CVE-2024-40766)
Ddos September 11, 2025 The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has issued an alert on the active…
CVE-2025-58063: CoreDNS Vulnerability Could Disrupt DNS Updates
Ddos September 11, 2025 The CoreDNS project has disclosed a vulnerability in its etcd plugin, tracked as CVE-2025-58063 (CVSS 7.1), which…
Akira ransomware crims abusing trifecta of SonicWall security holes for extortion attacks
Affiliates of the Akira ransomware gang are again exploiting a critical SonicWall vulnerability abused last summer, after a suspected zero-day…
DDoS defender targeted in 1.5 Bpps denial-of-service attack
A DDoS mitigation service provider in Europe was targeted in a massive distributed denial-of-service attack that reached 1.5 billion…
Microsoft waives fees for Windows devs publishing to Microsoft Store
Microsoft announced that, starting today, individual Windows developers will no longer have to pay for publishing their applications on the…
Hackers left empty-handed after massive NPM supply-chain attack
The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but…
Chinese APT Hits Philippine Military Firm with New EggStreme Fileless Malware
Bitdefender uncovers EggStreme, a fileless malware by a China-based APT targeting the Philippine military and APAC organisations.…
New Fileless Malware Attack Uses AsyncRAT for Credential Theft
LevelBlue Labs has published new research on a recent attack that used a fileless loader to deliver AsyncRAT, a well-known Remote Access…
Pixel 10 fights AI fakes with new Android photo verification tech
Google is integrating C2PA Content Credentials into the Pixel 10 camera and Google Photos, to help users distinguish between authentic,…
Cursor AI editor lets repos “autorun” malicious code on devices
A weakness in the Cursor code editor exposes developers to the risk of automatically executing tasks in a malicious repository as soon as…
Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems
An advanced persistent threat (APT) group from China has been attributed to the compromise of a Philippines-based military company using a…
Amp’ed RF BT-AP 111 Bluetooth Access Point Vulnerability Let Attackers Gain Full Admin Access
A critical security vulnerability has been discovered in the Amp’ed RF BT-AP 111 Bluetooth Access Point, exposing organizations to…
Jaguar Land Rover confirms data theft after recent cyberattack
Jaguar Land Rover (JLR) confirmed today that attackers also stole “some data” during a recent cyberattack that forced it to…
More Than Sales… How Brokers Can Play a Critical Role in Strengthening the USA’s National Cybersecurity
As cyber threats continue to rise, enterprises can rely on unexpected allies for support: their insurance brokers. Brokers are not only able…
KillSec Ransomware Hits Brazilian Healthcare IT Vendor
A ransomware attack claimed by the group KillSec has disrupted MedicSolution, a software provider serving Brazil’s healthcare sector. On…