19Articles
6Categories
2025-04-25Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
25 AprNew Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel FrameworkThreat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution.  "The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 o…THEHACKERNEWS.COM
25 AprResearchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby ServersCybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions. The vulnerabilit…THEHACKERNEWS.COM
25 AprDslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan AttacksCybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS). The malware, along with a web shell, were "installed by exploiting a zero-day vulnerability at tha…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 4[−]
25 AprA Vulnerability in SAP NetWeaver Visual Composer Could Allow for Remote Code ExecutionA vulnerability has been discovered in SAP NetWeaver Visual Composer, which could allow for remote code execution. SAP NetWeaver Visual Composer is SAP’s web-based software modelling tool. It enables business process specialists and developers to create business application compo…CISECURITY.ORG
25 Apr KEVAnton’s Security Blog Quarterly Q1 2025Amazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before , this covers both Anton on Security and my posts from Google Cloud blog , and our Cloud Security Podcast ( subscribe ). Dall-E security blogging image Top 10 posts with the most lifetim…MEDIUM.COM
25 AprRSAC Fireside Chat: Attackers are exploiting gaps in business logic created by proliferation of APIsAPIs have become foundational to digital business operations, serving as the behind-the-scenes glue that connects apps, platforms and partners. Related: OWASP’s Top 10 Web App Security Risks But this growing reliance has opened a new front in cybersecurity—one where attackers …LASTWATCHDOG.COM
25 AprDeepfake 'doctors' take to TikTok to peddle bogus curesLook out for AI-generated 'TikDocs' who exploit the public's trust in the medical profession to drive sales of sketchy supplementsWELIVESECURITY.COM
🔥 INCIDENT REPORTING 3[−]
25 AprRecord-Breaking Cybercrime Losses and Data Breaches in 2024In this episode of Cybersecurity Today, host David Shipley discusses the FBI's report on cybercrime losses in 2024, which reached a record $16.6 billion, marking a 33% increase from the previous year. The report highlights major types of cyber crimes such as phishing, spoofing, e…CYBERSECURITYTODAY.LIBSYN.COM
25 AprData breach at Connecticut’s Yale New Haven Health affects over 5 millionConnecticut's largest healthcare provider said it was hit by ransomware in March.TECHCRUNCH.COM
25 AprHackers access sensitive SIM card data at South Korea’s largest telecoms companyMobile network operator SK Telecom, which serves approximately 34 million subscribers in South Korea, has confirmed that it suffered a cyber attack earlier this month that saw malware infiltrate its internal systems, and access data related to customers' SIM cards. Read more in m…BITDEFENDER.COM
🕵️ THREAT INTELLIGENCE 7[−]
25 AprFriday Squid Blogging: Squid Facts on Your PhoneText “SQUID” to 1-833-SCI-TEXT for daily squid facts . The website has merch. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.SCHNEIER.COM
25 AprCryptocurrency Thefts Get PhysicalLong story of a $250 million cryptocurrency theft that, in a complicated chain events, resulted in a pretty brutal kidnapping.SCHNEIER.COM
25 AprNorth Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview LuresNorth Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. "In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry – Blo…THEHACKERNEWS.COM
25 Apr​​Explore practical best practices to secure your data with Microsoft Purview​​Microsoft presents best practices for securing data and optimizing Microsoft Purview implementation, emphasizing the integration of people, processes, and technology. The post ​​Explore practical best practices to secure your data with Microsoft Purview​​ appeared first on Micros…MICROSOFT.COM
25 AprEarth Kurma APT Campaign Targets Southeast Asian Government, Telecom SectorsAn APT group dubbed Earth Kurma is actively targeting government and telecommunications organizations in Southeast Asia using advanced malware, rootkits, and trusted cloud services to conduct cyberespionage.TRENDMICRO.COM
25 AprDeliver Exceptional User Experience with ADEM Now Available on NGFWADEM expands trusted visibility and remediation capabilities from Prisma SASE to NGFW, empowering IT teams for unified network control and performance. The post Deliver Exceptional User Experience with ADEM Now Available on NGFW appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
25 Apr‘Vibe coding’ using LLMs susceptible to most common security flawssubmitted by neme to security 102 points | 16 comments https://www.scworld.com/news/vibe-coding-using-llms-susceptible-to-most-common-security-flawsPROGRAMMING.DEV
🌐 CYBER THREAT LANDSCAPE 1[−]
25 AprTriada: a Trojan pre-installed on Android smartphones out of the box | Kaspersky official blogAn updated version of the Triada mobile Trojan is built into the firmware of smartphones offered by online stores. It steals everything it can: from cryptocurrency to Telegram, WhatsApp, and other social media accounts.KASPERSKY.COM
📡 INFOSEC NEWS 1[−]
25 AprWhy NHIs Are Security's Most Dangerous Blind SpotWhen we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt. But lurking beneath the surface is a growing threat that does not involve human credentials at all, as we witness the exponential growth of Non-Human Identities…THEHACKERNEWS.COM