🚨 CISA KEV 2[−]
5 May KEVCommvault CVE-2025-34028 Added to CISA KEV After Active Exploitation ConfirmedThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw impacting Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog, a little over a week after it was publicly disclosed. The vulnerability in question…THEHACKERNEWS.COM
5 May KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2025-3248 Langflow Missing Authentication Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and po…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
5 MayCanary Exploit Tool for CVE-2025-30065 Apache Parquet Avro VulnerabilityInvestigating a schema parsing concern in the parquet-avro module of Apache Parquet Java.F5.COM
5 MayCanary Exploit Tool for CVE-2025-30065 Apache Parquet Avro VulnerabilityInvestigating a schema parsing concern in the parquet-avro module of Apache Parquet Java.F5.COM
5 MayCanary Exploit Tool for CVE-2025-30065 Apache Parquet Avro VulnerabilityInvestigating a schema parsing concern in the parquet-avro module of Apache Parquet Java.F5.COM
⚠️ VULNERABILITY DISCLOSURE 6[−]
5 MayAnother Move in the Deepfake Creation/Detection Arms RaceDeepfakes are now mimicking heartbeats In a nutshell Recent research reveals that high-quality deepfakes unintentionally retain the heartbeat patterns from their source videos, undermining traditional detection methods that relied on detecting subtle skin color changes linked to …SCHNEIER.COM
5 MaySignal Version Used In National Security Scandal Has FlawsCybersecurity Today: Disney Data Theft, Signal Gate, and Major Apple Vulnerability In this episode of Cybersecurity Today, host David Shipley discusses several key security incidents. Hacker 'Null Bulge,' real name Ryan Kramer, pleads guilty to stealing over 1.1 TB of data from D…CYBERSECURITYTODAY.LIBSYN.COM
5 MayMultiple Vulnerabilities in SonicWall Secure Mobile Access (SMA) 100 Series Management Interface Could Allow for Remote Code ExecutionMultiple v ulnerabilities have been discovered in SonicWall Secure Mobile Access (SMA) 100 Management Interface, which could allow for remote code execution. SonicWall Secure Mobile Access (SMA) is a unified secure access gateway used by organizations to provide employees access …CISECURITY.ORG
5 MayWormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-FiCybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple's AirPlay protocol that, if successfully exploited, could enable an attacker to take over susceptible devices supporting the proprietary wireless technology. The shortcomings have b…THEHACKERNEWS.COM
5 MayTeleMessage, a modified Signal clone used by US government officials, has been hackedA hacker has exploited a vulnerability in TeleMessage, which provides modded versions of encrypted messaging apps such as Signal, Telegram, and WhatsApp, to extract archived messages and other data relating to U.S. government officials and companies who used the tool, 404 Media r…TECHCRUNCH.COM
5 MayMY TAKE: RSAC 2025’s big takeaway — GenAI is growing up fast, but still needs human directionSAN FRANCISCO — The cybersecurity industry showed up here in force last week: 44,000 attendees, 730 speakers, 650 exhibitors and 400 members of the media flooding Moscone Convention Center in the City by the Bay. Related: RSAC 2025 by the … (more…) The post MY TAKE: RSAC 20…LASTWATCHDOG.COM
📢 SECURITY ADVISORIES 2[−]
5 MaySmall Businesses Create Big Impact: NIST Celebrates 2025 National Small Business WeekThis week we’re celebrating National Small Business Week—which recognizes and celebrates the small and medium-sized business (SMB) community’s significant contributions to the nation. SMBs are a substantial and critical part of the U.S. and global economic and cybersecurity infra…NIST.GOV
5 MayYour KnowBe4 Compliance Plus Fresh Content Updates from April 2025Check out the April updates in Compliance Plus so you can stay on top of featured compliance training content.KNOWBE4.COM
🔥 INCIDENT REPORTING 2[−]
5 May⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain BackdoorsWhat if attackers aren't breaking in—they're already inside, watching, and adapting? This week showed a sharp rise in stealth tactics built for long-term access and silent control. AI is being used to shape opinions. Malware is hiding inside software we trust. And old threats are…THEHACKERNEWS.COM
5 MayGlobalX, airline used for Trump deportations, gets hacked: ReportHackers claiming to be part of the hacktivist group Anonymous claimed the data breach.TECHCRUNCH.COM
🕵️ THREAT INTELLIGENCE 9[−]
5 MayPasskeys for Normal PeoplePresently sponsored by: Join Snyk's May 15th event to discover how to establish a Security Champions program, bridging security and development Let me start by very simply explaining the problem we're trying to solve with passkeys. Imagine you're logging on to a website…TROYHUNT.COM
5 MayGolden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet DataThe threat actors known as Golden Chickens have been attributed to two new malware families dubbed TerraStealerV2 and TerraLogger, suggesting continued development efforts to fine-tune and diversify their arsenal. "TerraStealerV2 is designed to collect browser credentials, crypto…THEHACKERNEWS.COM
5 MayISC Stormcast For Monday, May 5th, 2025 https://isc.sans.edu/podcastdetail/9436, (Mon, May 5th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
5 MayMicrosoft partners with Global Anti-Scam Alliance to fight cybercrimeIn 2024 alone, scammers drained the global economy of more than $1.03 trillion. Together, Microsoft and the other members of GASA hope to stem these losses going forward. The post Microsoft partners with Global Anti-Scam Alliance to fight cybercrime appeared first on Microsoft Se…MICROSOFT.COM
5 MayINTRODUCING: LastWatchdog strategic LinkedIN reels – insights from the ground floor at RSAC 2025Every year at RSAC, the cybersecurity conversation swells with new terms, emerging threats, and fresh takes on familiar problems. What exactly is ‘agentic AI?’ At RSAC 2025, the volume knob turned to AI — its potential, its peril, and its … (more…) The post INTR…LASTWATCHDOG.COM
5 MayEnhancing UK Government Operations with Emerging TechnologyPublic sector needs to adapt to cybersecurity changes. Prisma Access Browser is a key solution for controlled access, remote work and visibility. The post Enhancing UK Government Operations with Emerging Technology appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
5 MayThe North Korea worker problem is bigger than you thinksubmitted by TacoButtPlug to securitynews 32 points | 4 comments https://cyberscoop.com/north-korea-technical-workers-full-time-jobs/ Financially motivated by salaries now, but what’s next? For now, North Korean technical workers are focused on attaining employment, doing those j…INFOSEC.PUB
5 MayMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 3 points | 1 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
5 MayAll things infostealers. Week 18, 2025 – Kinda Blog by CryptoLeksubmitted by CryptoLek to cybersecurity 4 points | 0 comments https://cryptolek.info/2025/05/04/all-things-infostealers-week-18-2025/ A brief look at all things infostealers for the week 18, 2025 (28.04.2025–04.05.2025). This week observed updates from LummaC2 and StealC infostea…INFOSEC.PUB
📡 INFOSEC NEWS 2[−]
5 MayPerfection is a Myth. Leverage Isn't: How Small Teams Can Secure Their Google WorkspaceLet’s be honest: if you're one of the first (or the first) security hires at a small or midsize business, chances are you're also the unofficial CISO, SOC, IT Help Desk, and whatever additional roles need filling. You’re not running a security department. You are THE security dep…THEHACKERNEWS.COM
5 MayApple beefs up parental controls: what it means for kids | Kaspersky official blogApple has updated parental controls on its devices. We explore how the new features work, what vulnerabilities there are, and whether you need additional protection.KASPERSKY.COM