74Articles
8Categories
2025-05-02Date
🚨 CISA KEV 1[−]
2 May KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2025-34028 Commvault Command Center Path Traversal Vulnerability CVE-2024-58136 Yiiframework Yii Improper Protection of Alternate Path Vulne…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
2 MayNVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious CodeNVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in its popular TensorRT-LLM framework, urging all users to update to the latest version (0.18.2) to safeguard their systems against potential attacks. Overview of the Vuln…GBHACKERS.COM
2 May KEVCISA Issues Alert on Actively Exploited Apache HTTP Server Escape VulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a newly discovered and actively exploited vulnerability in the widely used Apache HTTP Server. The flaw, catalogued as CVE-2024-38475, affects the server’s mod_rewrite module and pose…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 12[−]
2 MayCybersecurity News Roundup: Book Deals, Retail Attacks, Apple Spyware Alerts, and MoreIn this episode, host Jim Love discusses various cybersecurity topics including a book deal from CRC Press for those interested in cybersecurity, auditing, and leadership. Major cyber incidents involving two UK retailers, Co-op and Marks & Spencer's, are detailed, highlighting th…CYBERSECURITYTODAY.LIBSYN.COM
2 MayMicrosoft makes all new accounts passwordless by defaultMicrosoft has announced that all new Microsoft accounts will be "passwordless by default" to secure them against password attacks such as phishing, brute force, and credential stuffing. [...]BLEEPINGCOMPUTER.COM
2 MayIn Other News: NullPoint Source Code Leak, $17,500 for iPhone Flaw, BreachForums DownNoteworthy stories that might have slipped under the radar: NullPoint Stealer source code leaked, researcher earns $17,500 from Apple for vulnerability, BreachForums down after zero-day exploitation by police. The post In Other News: NullPoint Source Code Leak, $17,500 for iPhone…SECURITYWEEK.COM
2 MayThe Have I Been Pwned Alpine Grand TourPresently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing I love a good road trip. Always have, but particularly during COVID when international options were somewhat limited, one road trip ended up, well, "extens…TROYHUNT.COM
2 MayHow to Automate CVE and Vulnerability Advisory Response with TinesRun by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform’s Community Edition. A recent standout is a workflow tha…THEHACKERNEWS.COM
2 MaySeven Malicious Packages Exploit Gmail SMTP to Run Harmful CommandsA major supply chain security incident has rocked the Python open-source community as researchers at Socket’s Threat Research Team uncovered seven interconnected malicious packages published on the Python Package Index (PyPI). These packages Coffin-Codes-Pro, Coffin-Codes-N…GBHACKERS.COM
2 MayCISA Issues New ICS Advisories Addressing Critical Vulnerabilities and ExploitsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical vulnerabilities found in widely used Industrial Control Systems (ICS). Released on May 1, 2025, the advisories spotlight severe security risks affecting KUNBUS GmbH’s Revo…GBHACKERS.COM
2 May KEVMehr Assets – mehr Angriffsfläche – mehr Risikoloading="lazy" width="400px"> Unternehmen sollten ihre Angriffsflächen genau kennen. ozalpvahid – shutterstock.com Nur wer seine Angriffsflächen kennt, kann diese wirksam verteidigen. Was eine Binsenweisheit scheint, scheint vielen Unternehmen jedoch Probleme zu bereiten. Laut ei…CSOONLINE.COM
2 MayWhat is EDR? An analytical approach to endpoint securityEndpoint detection and response (EDR) security tools monitor end-user hardware devices across a network for a range of suspicious activities and behavior, reacting automatically to block perceived threats and saving forensics data for further investigation. Endpoint here generall…CSOONLINE.COM
2 MayNeurohacks to outsmart stress and make better cybersecurity decisionsCybersecurity is one of the most high-stress professions in the world — and it’s only worsening. According to ISACA’s 2024 State of Cybersecurity survey , 60% of cybersecurity professionals say their role is more stressful than five years ago. The biggest cause? A more complex th…CSOONLINE.COM
2 MayCISOs should re-consider using Microsoft RDP due to password flaw, says expertCISOs allowing remote access to Windows machines through Remote Desktop Protocol (RDP) should re-think their strategy after the discovery that changed or revoked passwords can still work, says an expert. “I was unpleasantly surprised” to hear about the vulnerability, David Shiple…CSOONLINE.COM
2 MayCrushFTP’s 10-Day Delay: A Hacker’s Dream?When a critical vulnerability was exposed in CrushFTP, the company waited 10 days before publishing the official CVE... and the cybersecurity world is not happy. 😳 Experts like Adrian Sanabria and Katie dive into how this delay gave hackers a golden opportunity to exploit unpatch…YOUTUBE.COM
📢 SECURITY ADVISORIES 30[−]
2 MayNCSC Guidance on “Advanced Cryptography”The UK’s National Cyber Security Centre just released its white paper on “Advanced Cryptography,” which it defines as “cryptographic techniques for processing encrypted data, providing enhanced functionality over and above that provided by traditional cryp…SCHNEIER.COM
2 MayUK NCSC: Cyberattacks impacting UK retailers are a wake-up callThe United Kingdom's National Cyber Security Centre warned that ongoing cyberattacks impacting multiple UK retail chains should be taken as a "wake-up call." [...]BLEEPINGCOMPUTER.COM
2 MayTikTok fined €530 million for sending European user data to ChinaThe Irish Data Protection Commission (DPC) has fined TikTok €530 million (over $601 million) for illegally transferring the personal data of users in the European Economic Area (EEA) to China, violating the European Union's GDPR data protection regulations. [...]BLEEPINGCOMPUTER.COM
2 MayTikTok Slammed With €530 Million GDPR Fine for Sending E.U. Data to ChinaIreland's Data Protection Commission (DPC) on Friday fined popular video-sharing platform TikTok €530 million ($601 million) for infringing data protection regulations in the region by transferring European users' data to China. "TikTok infringed the GDPR regarding its transfers …THEHACKERNEWS.COM
2 MayDutch Services Disrupted by DDoS Attacks From Russian-Affiliated HacktivistsMultiple Dutch organizations have experienced significant service disruptions this week due to a series of coordinated Distributed Denial-of-Service (DDoS) attacks. These attacks, which have also targeted other European organizations, are believed to be the work of a pro-Russian …GBHACKERS.COM
🔥 INCIDENT REPORTING 4[−]
2 MayUS indicts Black Kingdom ransomware admin for Microsoft Exchange attacksA 36-year-old Yemeni national, who is believed to be the developer and primary operator of 'Black Kingdom' ransomware, has been indicted by the United States for conducting 1,500 attacks on Microsoft Exchange servers. [...]BLEEPINGCOMPUTER.COM
2 MayUK Retailers Co-op, Harrods and M&S Struggle With CyberattacksMajor UK retailers Co-op, Harrods, and M&S are scrambling to restore services that were affected by cyberattacks. The post UK Retailers Co-op, Harrods and M&S Struggle With Cyberattacks appeared first on SecurityWeek .SECURITYWEEK.COM
2 MayNova Scotia Power Says Hackers Stole Customer InformationNova Scotia Power’s investigation has shown that the recent cyberattack resulted in the theft of some customer information. The post Nova Scotia Power Says Hackers Stole Customer Information appeared first on SecurityWeek .SECURITYWEEK.COM
2 MayUkrainian Nefilim Ransomware Affiliate Extradited to USUkrainian national Artem Stryzhak was extradited to the US and charged with using Nefilim ransomware in attacks on large businesses. The post Ukrainian Nefilim Ransomware Affiliate Extradited to US appeared first on SecurityWeek .SECURITYWEEK.COM
🕵️ THREAT INTELLIGENCE 17[−]
2 MayRaytheon, Nightwing to Pay $8.4 Million in Settlement Over Cybersecurity FailuresThe US government says defense contractor Raytheon and Nightwing agreed to pay $8.4 million to settle False Claims Act allegations. The post Raytheon, Nightwing to Pay $8.4 Million in Settlement Over Cybersecurity Failures appeared first on SecurityWeek .SECURITYWEEK.COM
2 MayRSA Conference 2025 Announcement Summary (Day 3)Hundreds of companies showcased their products and services this week at the 2025 edition of the RSA Conference in San Francisco. The post RSA Conference 2025 Announcement Summary (Day 3) appeared first on SecurityWeek .SECURITYWEEK.COM
2 MayMicrosoft Accounts Go Passwordless by DefaultMicrosoft is prioritizing passwordless sign-in and sign-up methods, and is making new accounts passwordless by default. The post Microsoft Accounts Go Passwordless by Default appeared first on SecurityWeek .SECURITYWEEK.COM
2 MayISC Stormcast For Friday, May 2nd, 2025 https://isc.sans.edu/podcastdetail/9434, (Fri, May 2nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
2 MayYour KnowBe4 Fresh Content Updates from April 2025Check out the 21 new pieces of training content added in April, alongside the always fresh content update highlights, new features and events. KNOWBE4.COM
2 MayDisney Hacker Admits Guilt After Stealing 1.1TB of Internal DataA 25-year-old man from Santa Clarita, California, has agreed to plead guilty to hacking into the personal computer of a Walt Disney Company employee and stealing a massive amount of sensitive internal data last year. Ryan Mitchell Kramer faces charges related to unauthorized comp…GBHACKERS.COM
2 MayStrategien für eine sichere digitale Zukunft von der RSAAuf der RSA Conference wurden zentrale Strategien diskutiert, wie Unternehmen KI sicher und wirkungsvoll einsetzen können. Gorodenkoff – Shutterstock.com Künstliche Intelligenz (KI) wird künftig eine noch größere Rolle für CISOs spielen. Angesichts Herausforderungen wie dem Fachk…CSOONLINE.COM
2 MayMicrosoft ernennt Deputy-CISO für EuropaMicrosoft ernennt einen Deputy-CISO für Europa. MacroEcon – shutterstock.com Die immer lauter werdenden Rufe nach einer digitalen Souveränität Europas angesichts des erratisch agierenden Mannes im Weißen Haus lassen Microsoft um seine Geschäfte bangen. Der jüngste Coup nach der A…CSOONLINE.COM
2 MayYour Data Won’t Survive the Next Global Cyber WarAs geopolitical tensions rise, cybersecurity expert Katie warns that no company is immune to the next wave of digital warfare. In this short, she breaks down why traditional threat models are outdated—and why every business must prepare for nation-state level attacks. From critic…YOUTUBE.COM
2 MayOff-Topic Fridaysubmitted by shellsharks to cybersecurity 2 points | 1 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
2 MayA Flaw With the Security Level Slider in Tor Browsersubmitted by Pro to cybersecurity 2 points | 0 comments https://www.privacyguides.org/articles/2025/05/02/tor-security-slider-flaw/INFOSEC.PUB
2 MayA Flaw With the Security Level Slider in Tor Browsersubmitted by Pro to security 2 points | 0 comments https://www.privacyguides.org/articles/2025/05/02/tor-security-slider-flaw/PROGRAMMING.DEV
2 MayA Flaw With the Security Level Slider in Tor Browsersubmitted by Pro to cybersecurity 11 points | 1 comments https://www.privacyguides.org/articles/2025/05/02/tor-security-slider-flaw/SH.ITJUST.WORKS
2 MayFriday Squid Blogging: Pyjama SquidThe small pyjama squid ( Sepioloidea lineolata ) produces toxic slime, “a rare example of a poisonous predatory mollusc.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.SCHNEIER.COM
2 MayPrivacy for Agentic AISooner or later, it’s going to happen. AI systems will start acting as agents, doing things on our behalf with some degree of autonomy. I think it’s worth thinking about the security of that now, while its still a nascent idea. In 2019, I joined Inrupt, a company that…SCHNEIER.COM
2 MayWeekly Update 450Presently sponsored by: Join Snyk's May 15th event to discover how to establish a Security Champions program, bridging security and development Looking back at this week's video, it's the AI discussion that I think about most. More specifically, the view amongst some th…TROYHUNT.COM
2 MayHow NSA Can Spy on Air-Gapped Networks? Meet FIREWALKsubmitted by kugmo to cybersecurity 5 points | 0 comments https://youtu.be/e8uT53Srk_E cross-posted from: sh.itjust.works/post/37162345 Came out in 2008 and leaked in 2013, the glowies have been able to send out malicious packets from air-gapped networks for exuberant prices.INFOSEC.PUB
🌐 CYBER THREAT LANDSCAPE 2[−]
2 MayMintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth AttacksThe malware loader known as MintsLoader has been used to deliver a PowerShell-based remote access trojan called GhostWeaver. "MintsLoader operates through a multi-stage infection chain involving obfuscated JavaScript and PowerShell scripts," Recorded Future's Insikt Group said in…THEHACKERNEWS.COM
2 MayWhy Cybersecurity Experts Always Go Back to Basics 🔒Cybersecurity is evolving faster than ever, but experts keep running into the same problem—most people still struggle with the fundamentals! While new technologies, AI, and cutting-edge defenses emerge, end users continue making simple mistakes that leave them vulnerable. Just li…YOUTUBE.COM
📡 INFOSEC NEWS 6[−]
2 MayMicrosoft fixes Exchange Online bug flagging Gmail emails as spam​Microsoft has resolved an issue with a machine learning model that mistakenly flagged emails from Gmail accounts as spam in Exchange Online. [...]BLEEPINGCOMPUTER.COM
2 MayxAI Dev Leaks API Key for Private SpaceX, Tesla LLMsA employee at Elon Musk's artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk's c…KREBSONSECURITY.COM
2 MayMicrosoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless SupportA year after Microsoft announced passkeys support for consumer accounts, the tech giant has announced a big change that pushes individuals signing up for new accounts to use the phishing-resistant authentication method by default. "Brand new Microsoft accounts will now be 'passwo…THEHACKERNEWS.COM
2 MayDating app Raw exposed users’ location data and personal informationThe app claims it uses end-to-end encryption, but spilled its users' dating preferences and granular location data to the open web.TECHCRUNCH.COM
2 MayRSAC 2025 wrap-up – Week in security with Tony AnscombeFrom the power of collaborative defense to identity security and AI, catch up on the event's key themes and discussionsWELIVESECURITY.COM