58Articles
9Categories
2025-05-01Date
🚨 CISA KEV 2[−]
1 May KEVCommvault Shares IoCs After Zero-Day Attack Hits Azure EnvironmentCommvault provides indicators of compromise and mitigation guidance after a zero-day exploit targeting its Azure environment lands in CISA’s KEV catalog. The post Commvault Shares IoCs After Zero-Day Attack Hits Azure Environment appeared first on SecurityWeek .SECURITYWEEK.COM
1 May KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-38475 Apache HTTP Server Improper Escaping of Output Vulnerability CVE-2023-44221 SonicWall SMA100 Appliances OS Command Injection Vuln…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 7[−]
1 MayNew Research Reveals: 95% of AppSec Fixes Don’t Reduce RiskFor over a decade, application security teams have faced a brutal irony: the more advanced the detection tools became, the less useful their results proved to be. As alerts from static analysis tools, scanners, and CVE databases surged, the promise of better security grew more di…THEHACKERNEWS.COM
1 MayCommvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure BreachEnterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access. "This activity has affected a small number of cus…THEHACKERNEWS.COM
1 May KEVSonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance ModelsSonicWall has revealed that two now-patched security flaws impacting its SMA100 Secure Mobile Access (SMA) appliances have been exploited in the wild. The vulnerabilities in question are listed below - CVE-2023-44221 (CVSS score: 7.2) - Improper neutralization of special elements…THEHACKERNEWS.COM
1 MayAnalyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escapeMicrosoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared our findings with Apple and a fix was released for this vulnerability, now identified as CVE-2025-31191. We encourage macO…MICROSOFT.COM
1 MayHow Hackers Use Unlisted Vulns You’ll Never Hear AboutMost people think every security flaw gets a CVE… but that’s far from the truth. In this short, cybersecurity pros break down a huge misconception in the industry. Paul and Jeff dive into EPSS scoring, CVE assignment flaws, and why attackers often use unlisted vulnerabilities you…YOUTUBE.COM
1 May🚨 April 2025 Vulnerability Report is out! 🚨submitted by cm0002 to cybersecurity 5 points | 0 comments 🚨 April 2025 Vulnerability Report is out! 🚨 👉 vulnerability-lookup.org/…/vulnerability-report-a… The most prominent vulnerabilities affect the following products: Ivanti / ConnectSecure Erlang / OTP SAP / SAP NetWeaver Th…INFOSEC.PUB
1 May🚨 April 2025 Vulnerability Report is out! 🚨submitted by cm0002 to cybersecurity 4 points | 0 comments 🚨 April 2025 Vulnerability Report is out! 🚨 👉 vulnerability-lookup.org/…/vulnerability-report-a… The most prominent vulnerabilities affect the following products: Ivanti / ConnectSecure Erlang / OTP SAP / SAP NetWeaver Th…SH.ITJUST.WORKS
⚠️ VULNERABILITY DISCLOSURE 10[−]
1 MayWelcoming The Gambia National CSIRT to Have I Been PwnedPresently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing Today, we're happy to welcome the Gambia National CSIRT to Have I Been Pwned as the 38th government to be onboarded with full and free access to their gove…TROYHUNT.COM
1 MayClaude AI Exploited to Operate 100+ Fake Political Personas in Global Influence CampaignArtificial intelligence (AI) company Anthropic has revealed that unknown threat actors leveraged its Claude chatbot for an "influence-as-a-service" operation to engage with authentic accounts across Facebook and X. The sophisticated activity, branded as financially-motivated, is …THEHACKERNEWS.COM
1 MayCISA Releases Two Industrial Control Systems AdvisoriesCISA released two Industrial Control Systems (ICS) advisories on May 1, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-121-01 KUNBUS GmbH Revolution Pi   ICSMA-25-121-01 MicroDicom DICOM…CISA.GOV
1 MaySecuring Digital Transformation – CISO’s Resource HubIn today’s hyper-connected world, securing digital transformation is a technological upgrade and a fundamental reimagining of business models, processes, and customer engagement. Organizations are rapidly shifting to cloud platforms, embracing automation, and integrating digital …GBHACKERS.COM
1 May10 insights on the state of AI security from RSA ConferenceAs you walk around trying to avoid the 41,000 participants at RSA Conference in San Francisco, you become aware of the Waymo autonomous cars in the streets that always elicit an extra glance. Yes, there is no driver in that seat! Waymo cars aim to revolutionize transportation thr…CSOONLINE.COM
1 MayThe 14 most valuable cybersecurity certificationsCybersecurity certifications can be as volatile as stocks. Their popularity can rise and fall, they can decline in quality, and they can quickly lose relevance if they don’t keep pace with evolving threats and technologies. Even if a credential remains technically relevant, a cer…CSOONLINE.COM
1 MayCyberRiskTV Live Coverage from RSAC 2025 - Day 4CyberRisk Alliance's Security Weekly broadcasting live from the CyberRiskTV Studio in Broadcast Alley at Moscone West! Schedule (PT): 8:40am - Daily Intro 9:10am - Modernizing AppSec for the Vibe Coding Era ft. Shahar Man, CEO and co-founder at Backslash Security 9:40am - Phishin…YOUTUBE.COM
1 MayPatchception: Microsoft’s Infinite Loop of Fixes 🔁Microsoft has always been a prime target for hackers—but what if the biggest vulnerability is in their never-ending patch cycle? In this short, Doug White breaks down the bizarre loop of patches… for patches… of patches. From Windows 3.0 to the latest security updates, it’s a wil…YOUTUBE.COM
1 MayApache Tomcat Vulnerability Let Attackers Bypass Rules & Trigger DoS Conditionsubmitted by cm0002 to cybersecurity 11 points | 0 comments https://cybersecuritynews.com/apache-tomcat-vulnerability-let-bypass-rules/INFOSEC.PUB
1 MayMillions of Apple Airplay-enabled devices can be hacked via Wi-Fi - Ars Technicasubmitted by Kissaki to security 31 points | 1 comments https://arstechnica.com/security/2025/04/millions-of-apple-airplay-enabled-devices-can-be-hacked-via-wi-fi/ Source: Oligo SecurityPROGRAMMING.DEV
📢 SECURITY ADVISORIES 3[−]
1 MayMicrosoft appoints Deputy CISO for Europe to reassure European IT leadersMicrosoft on Wednesday announced that it will be creating a new position: a Deputy CISO for Europe. Who that Deputy CISO will ultimately be is unclear. Wednesday’s statement simply said that Microsoft CISO Igor Tsyganskiy is “appointing a new Deputy CISO for Europe as part of the…CSOONLINE.COM
1 MayCybersecurity Shouldn’t Be Political… But It Is!When Jeff Man asked if cybersecurity should be a federal responsibility or left to individual states, the response sparked a firestorm 💥. In this short, cybersecurity experts drop hard truths about decentralization, cost efficiency, and the potential chaos of having “50 NISTs.” G…YOUTUBE.COM
1 MayCan We Fix AI Bias Before It’s Too Late?Can AI really be trusted? 🚨 The truth is, AI is only as reliable as the data it learns from— and that data isn’t always fair. Companies are scrambling to fix bias, toxicity, and compliance issues before it’s too late. But can they actually make AI trustworthy? 🤔 Watch until the e…YOUTUBE.COM
🔥 INCIDENT REPORTING 9[−]
1 MayUkrainian extradited to US for Nefilim ransomware attacksA Ukrainian national has been extradited from Spain to the United States to face charges over allegedly conducting Nefilim ransomware attacks against companies. [...]BLEEPINGCOMPUTER.COM
1 MayHarrods the next UK retailer targeted in a cyberattackLondon's iconic department store, Harrods, has confirmed it was targeted in a cyberattack, becoming the third major UK retailer to report cyberattacks in a week following incidents at M&S and the Co-op. [...]BLEEPINGCOMPUTER.COM
1 MayMalicious PyPI packages abuse Gmail, websockets to hijack systemsSeven malicious PyPi packages were found using Gmail's SMTP servers and WebSockets for data exfiltration and remote command execution. [...]BLEEPINGCOMPUTER.COM
1 MayCanadian Electric Utility Hit by CyberattackNova Scotia Power and Emera are responding to a cybersecurity incident that impacted IT systems and networks. The post Canadian Electric Utility Hit by Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
1 MayEmail Remains the Top Attack Vector for CyberattacksEmail is still the most common attack vector for cyber threats, according to a new report from Barracuda.KNOWBE4.COM
1 MayManaging Shadow IT Risks – CISO’s Practical ToolkitManaging Shadow IT risks has become a critical challenge for Chief Information Security Officers (CISOs), as the use of unauthorized technology within organizations continues to grow. With 40% of employees admitting to using unsanctioned tools and one-third of security breaches l…GBHACKERS.COM
1 MayTehetségKapu - 54,357 breached accountsIn March 2025, almost 55k records were breached from the Hungarian education office website TehetségKapu . The data was subsequently published to a popular hacking forum and included email addresses, names and usernames.HAVEIBEENPWNED.COM
1 MayWhy Identity Management Is Failing Most Companies 🛑Most companies think their systems are secure—but they’re ignoring a silent threat hiding in plain sight. In this eye-opening short, cybersecurity expert Doug White reveals how outdated identity management is leaving countless businesses exposed. From inactive accounts belonging …YOUTUBE.COM
1 MayNova Scotia Power cybersecurity breachsubmitted by CoolThingAboutMe to cybersecurity 18 points | 0 comments https://industrialcyber.co/utilities-energy-power-water-waste/emera-nova-scotia-power-respond-to-cybersecurity-breach-incident-response-teams-mobilized/ "There remains no disruption to any of our Canadian …SH.ITJUST.WORKS
🕵️ THREAT INTELLIGENCE 16[−]
1 MayUS as a Surveillance StateTwo essays were just published on DOGE’s data collection and aggregation, and how it ends with a modern surveillance state. It’s good to see this finally being talked about.SCHNEIER.COM
1 MayYear of the Twin Dragons: Developers Must Slay the Complexity and Security Issues of AI Coding ToolsThe advantages AI tools deliver in speed and efficiency are impossible for developers to resist. But the complexity and risk created by AI-generated code can’t be ignored. The post Year of the Twin Dragons: Developers Must Slay the Complexity and Security Issues of AI Coding Tool…SECURITYWEEK.COM
1 MaySteganography Analysis With pngdump.py: Bitstreams, (Thu, May 1st)A friend asked me if my pngdump.py tool can extract individual bits from an image (cfr. diary entry " Steganography Analysis With pngdump.py "). ISC.SANS.EDU
1 MayISC Stormcast For Thursday, May 1st, 2025 https://isc.sans.edu/podcastdetail/9432, (Thu, May 1st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
1 MayPushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-insCelebrate World Passkey Day with Microsoft! Join us in embracing passkeys for secure, passwordless sign-ins. Learn more about our commitment to a safer digital future. The post Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins appeared first on Micr…MICROSOFT.COM
1 MayExciting Leadership Updates at KnowBe4To our valued KnowBe4 customers, partners, and community. I wanted to share some exciting developments happening at KnowBe4.KNOWBE4.COM
1 MayXfinity Scam Might Explain Similar ScamsRecently, I covered a T-Mobile scam where a friend of mine narrowly avoided losing money. In that scam, the attackers called up pretending to be from T-Mobile offering him a cannot-pass-up 30% discount on future T-Mobile bills.KNOWBE4.COM
1 MayHundreds of Fortune 500 companies have hired North Korean operatives.Cyberwire wrote: " WIRED has published a   report   on North Korea's efforts to obtain remote IT positions at foreign companies, noting that these fraudulent workers are now using AI tools to cheat on coding tests and technical interviews. The threat actors are also usi…KNOWBE4.COM
1 MayApplication Security In 2025 – CISO’s Priority GuideApplication security in 2025 has become a defining concern for every Chief Information Security Officer (CISO) as organizations accelerate their digital transformation journeys. The explosion of cloud-native applications, microservices, and APIs has created a complex web of inter…GBHACKERS.COM
1 MayPreparing for Quantum Cybersecurity Risks – CISO InsightsQuantum cybersecurity risks represent a paradigm shift in cybersecurity, demanding immediate attention from Chief Information Security Officers worldwide. While practical quantum computers capable of breaking current encryption standards may still be years away, the threat is alr…GBHACKERS.COM
1 MayMY TAKE: RSAC 2025 – Conversing with vendors hanging out in the Marriott Marquis mezzanineSAN FRANCISCO — Sometimes, the best insights come not from the keynote stage, but from the hotel lobby. Related: RSAC 2025 top takeaways In between sessions at RSAC 2025 , I slipped over to the Marriott lobby and held quick, … (more…) The post MY TAKE: RSAC 2025 – Conversin…LASTWATCHDOG.COM
1 MayExploring PLeak: An Algorithmic Method for System Prompt LeakageWhat is PLeak, and what are the risks associated with it? We explored this algorithmic technique and how it can be used to jailbreak LLMs, which could be leveraged by threat actors to manipulate systems and steal sensitive data.TRENDMICRO.COM
1 MayAI Tips, Tricks, and Traps! - PSW #872The PSW crew discusses tips, tricks, and traps for using AI and LLMs. We discuss a wide range of AI-related topics, including how to utilize AI tools for writing, coding, data analysis, website design, and more! Some key takeaways include: * AI has rapidly shifted from novelty to…YOUTUBE.COM
1 MayCyberRiskTV Live Coverage from RSAC 2025 - Day 3CyberRisk Alliance's Security Weekly broadcasting live from the CyberRiskTV Studio in Broadcast Alley at Moscone West! Schedule: 8:40am - Daily Intro ft. Jeff Man & TBD 9:10am - Mitigating Access Risks in Critical Infrastructure Organizations ft. Joel Burleson-Davis, SVP of Engin…YOUTUBE.COM
1 MayNew Anker NVR Security System with automatic threat detection arrivessubmitted by cm0002 to securitynews 4 points | 1 comments https://www.notebookcheck.net/New-Anker-NVR-Security-System-with-automatic-threat-detection-arrives.1007211.0.htmlINFOSEC.PUB
1 MayWindows RDP lets you log in using revoked passwords. Microsoft is OK with that. - Ars Technicasubmitted by Kissaki to security 15 points | 2 comments https://arstechnica.com/security/2025/04/windows-rdp-lets-you-log-in-using-revoked-passwords-microsoft-is-ok-with-that/ Even after users change their account password, however, it remains valid for RDP logins indefinitely. I…PROGRAMMING.DEV
🌐 CYBER THREAT LANDSCAPE 2[−]
1 MayFake Security Plugin on WordPress Enables Remote Admin Access for AttackersCybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name "WP-antymalwary-bot.php," comes with a variety of features to maintain access, hide itself from the admin dash…THEHACKERNEWS.COM
1 MayDarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade TacticsRussian companies have been targeted as part of a large-scale phishing campaign that's designed to deliver a known malware called DarkWatchman. Targets of the attacks include entities in the media, tourism, finance and insurance, manufacturing, retail, energy, telecom, transport,…THEHACKERNEWS.COM
🎙️ PODCASTS 1[−]
1 MayTwo Venomous Snakes, Killer Birds... and One Brave DogOn a remote island swarming with danger, a tiny 8-pound dachshund somehow managed to survive 16 months surrounded by two species of venomous snakes and wedge-tailed eagles—massive birds that can lift prey heavier than her. In this cybersecurity podcast-turned-wilderness mystery, …YOUTUBE.COM
📡 INFOSEC NEWS 8[−]
1 MaySophos Firewall v21.5: Entra ID SSO for Sophos ConnectHow to make the most of the new features in Sophos Firewall v21.5.SOPHOS.COM
1 MayHacker 'NullBulge' pleads guilty to stealing Disney's Slack dataA California man who used the alias "NullBulge" has pleaded guilty to illegally accessing Disney's internal Slack channels and stealing over 1.1 terabytes of internal company data. [...]BLEEPINGCOMPUTER.COM
1 MayPro-Russia hacktivists bombard Dutch public orgs with DDoS attacksRussia-aligned hacktivists persistently target key public and private organizations in the Netherlands with distributed denial of service (DDoS) attacks, causing access problems and service disruptions. [...]BLEEPINGCOMPUTER.COM
1 MayWhy top SOC teams are shifting to Network Detection and ResponseSecurity Operations Center (SOC) teams are facing a fundamentally new challenge — traditional cybersecurity tools are failing to detect advanced adversaries who have become experts at evading endpoint-based defenses and signature-based detection systems. The reality of thes…THEHACKERNEWS.COM
1 MayDownload the ‘AI-Savvy IT Leadership Strategies’ Enterprise SpotlightDownload the May 2025 issue of the Enterprise Spotlight from the editors of CIO, Computerworld, CSO, InfoWorld, and Network World.US.RESOURCES.CSOONLINE.COM
1 MayWhy Every Cybersecurity CEO Needs This Kind of Wingman 🧠⚔️When a cybersecurity CEO has a bold vision, who's the one turning it into reality? In this clip, Jason breaks down the yin and yang dynamic behind every high-performing security team — where vision meets flawless execution. CEOs may cast the vision, but it's the trusted second-in…YOUTUBE.COM
1 MayHow to Run a Server That No One Can Detect! 🕵️This IT expert just revealed how to run a completely undetectable server! 🤯 Instead of relying on the cloud, he built a self-hosted system that could be hidden anywhere—even in a bunker! 🏴‍☠️ With a Bitwarden server on a NAS or Docker container, there's no outside access, no trac…YOUTUBE.COM
1 MayWhy "Time to Value" Is Your New Security SuperpowerWhen cybersecurity pros talk about tool success, they’re not just looking at flashy features—they want instant impact. In this short, Adrian Sanabria and Ayman Elsawah break down why “time to value” has become a non-negotiable in modern security stacks. If a tool can’t deliver va…YOUTUBE.COM