29Articles
9Categories
2025-05-06Date
🚨 CISA KEV 2[−]
6 May KEVCritical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation EvidenceA recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation. The vulnerabili…THEHACKERNEWS.COM
6 May KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2025-27363 FreeType Out-of-Bounds Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
6 May KEVUpdate ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by AttackersGoogle has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild. The vulnerability in question is CVE-2025-27363 (CVSS score: 8.1), a high-severity flaw in the System component …THEHACKERNEWS.COM
6 May"Mirai" Now Exploits Samsung MagicINFO CMS (CVE-2024-7399), (Mon, May 5th)Last August, Samsung patched an arbitrary file upload vulnerability that could lead to remote code execution [1]. The announcement was very sparse and did not even include affected systems: ISC.SANS.EDU
6 May"Mirai" Now Exploits Samsung MagicINFO CMS (CVE-2024-7399)submitted by Pro to cybersecurity 4 points | 0 comments https://isc.sans.edu/diary/rss/31920INFOSEC.PUB
6 May"Mirai" Now Exploits Samsung MagicINFO CMS (CVE-2024-7399)submitted by Pro to security 2 points | 0 comments https://isc.sans.edu/diary/rss/31920PROGRAMMING.DEV
⚠️ VULNERABILITY DISCLOSURE 5[−]
6 MayHackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai BotnetThreat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) devices to corral them into a Mirai botnet for conducting distributed denial-of-service (DDoS) attacks. The activity, first observed by the Akamai Security …THEHACKERNEWS.COM
6 MayThird Parties and Machine Credentials: The Silent Drivers Behind 2025's Worst BreachesIt wasn't ransomware headlines or zero-day exploits that stood out most in this year's Verizon 2025 Data Breach Investigations Report (DBIR) — it was what fueled them. Quietly, yet consistently, two underlying factors played a role in some of the worst breaches: third-party expos…THEHACKERNEWS.COM
6 MayCISA Releases Three Industrial Control Systems AdvisoriesCISA released three Industrial Control Systems (ICS) advisories on May 6, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-126-01 Optigo Networks ONS NC600 ICSA-25-126-02 Milesight UG65-868M-EA…CISA.GOV
6 MayUnsophisticated Cyber Actor(s) Targeting Operational TechnologyCISA is increasingly aware of unsophisticated cyber actor(s) targeting ICS/SCADA systems within U.S. critical Infrastructure sectors (Oil and Natural Gas), specifically in Energy and Transportation Systems. Although these activities often include basic and elementary intrusion te…CISA.GOV
6 MayChina has found its assassin’s mace: high-altitude electromagnetic pulse (HEMP) weaponssubmitted by randomname to cybersecurity 15 points | 1 comments https://www.taipeitimes.com/News/editorials/archives/2025/05/06/2003836382 cross-posted from: scribe.disroot.org/post/2673818 [This is an op-ed by Tin Pak, visiting academic at the National Defense University and a r…INFOSEC.PUB
📢 SECURITY ADVISORIES 1[−]
6 MayItaly: New decree prioritizes NATO countries in public tenders, sidelining Chinese and Russian tech suppliers in a bid to enhance national securitysubmitted by Hotznplotzn to cybersecurity 10 points | 0 comments https://decode39.com/10677/italy-launches-buy-transatlantic-tech-procurement-law cross-posted from: lemmy.sdf.org/post/33999334 Archived Under the new rules, tenders will award bonus scores to offers that deploy cyb…INFOSEC.PUB
🔥 INCIDENT REPORTING 2[−]
6 May158: MalwareTechMalwareTech was an anonymous security researcher, until he accidentally stopped WannaCry, one of the largest ransomware attacks in history. That single act of heroism shattered his anonymity and pulled him into a world he never expected. https://malwaretech.com Sponsors Support f…DARKNETDIARIES.COM
6 MayThreat Actor Bypass SentinelOne EDR to Deploy Babuk Ransomwaresubmitted by cm0002 to cybersecurity 6 points | 0 comments https://cybersecuritynews.com/threat-actor-bypass-sentinelone-edr/INFOSEC.PUB
🕵️ THREAT INTELLIGENCE 9[−]
6 MayFake Student Fraud in Community CollegesReporting on the rise of fake students enrolling in community college courses: The bots’ goal is to bilk state and federal financial aid money by enrolling in classes, and remaining enrolled in them, long enough for aid disbursements to go out. They often accomplish this by…SCHNEIER.COM
6 MayNew Investment Scams Use Facebook Ads, RDGA Domains, and IP Checks to Filter VictimsCybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal their activity through traffic distribution systems (TDSes). The activity clusters have been codenamed Reckless Rabbit and Ruthl…THEHACKERNEWS.COM
6 MayISC Stormcast For Tuesday, May 6th, 2025 https://isc.sans.edu/podcastdetail/9438, (Tue, May 6th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
6 MayRSAC Strategic Reel: Cyber experts on the front lines unpack ‘Shadow AI,’ ‘Ground Truth’The response to our first LastWatchdog Strategic Reel has been energizing — and telling. Related: What is a cyber kill chain? The appetite for crisp, credible insight is alive and well. As the LinkedIn algo picked up steam and auto-captioning … (more…) The post RSAC Strateg…LASTWATCHDOG.COM
6 MayBenchmarks Q&A: What the finance sector’s new X9 PKI standard signals for other industriesAs organizations brace for the rising tide of machine identities and prepare for a post-quantum cryptographic era, a quiet but crucial shift is underway in the financial sector: the deployment of a new, private PKI standard designed specifically to meet … (more…) The post B…LASTWATCHDOG.COM
6 MayInterSECt — The Fast Lane to a Secure Future Starts HereInterSECt is a 2-hour virtual event unveiling the network security future with industry leaders, Palo Alto Networks advancements and product demos. The post InterSECt — The Fast Lane to a Secure Future Starts Here appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
6 MayBasic analysis of Kidflix users’ passwords – Kinda Blog by CryptoLeksubmitted by CryptoLek to cybersecurity 8 points | 0 comments https://cryptolek.info/2025/05/02/basic-analysis-of-kidflix-users-passwords/ Blogged a bit about Kidflix login credentials and tried to make some basic password analysis. Originally the bulk of the post was written in …INFOSEC.PUB
6 MayBONUS INTERVIEW: Senator Mark Warner on Signalgate, Volt Typhoon and tariffsIn this extended interview the Vice Chair of the Senate Select Committee on Intelligence, Senator Mark Warner, joins Risky Business host Patrick Gray to talk about: The latest developments in the Signalgate scandal Why America needs to be more aggressive in responding to Volt Typ…RISKY.BIZ
🌐 CYBER THREAT LANDSCAPE 2[−]
6 MayPython InfoStealer with Embedded Phishing Webserver, (Tue, May 6th)Infostealers are everywhere for a while now. If this kind of malware is not aggressive, their impact can be much more impacting to the victim. Attackers need always more and more data to be sold or reused in deeper scenarios. A lot of infostealers are similar and have the followi…ISC.SANS.EDU
6 MayNSO Group must pay more than $167 million in damages to WhatsApp for spyware campaignThe five-year legal battle between the Meta-owned company and the most notorious spyware maker in the world ends with a huge win for WhatsApp.TECHCRUNCH.COM
🎙️ PODCASTS 1[−]
6 MayThe AI Fix #49: The typo from hellIn episode 49 of The AI Fix, OpenAI kills off a sycophantic bot, our hosts are introduced to a prophetic Bosnian rock band, Meta puts an electric fence around its llamas, Mark reveals he's never tried covering a robot with olive oil, and Graham leaves a stern message for his grea…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 3[−]
6 MayMicrosoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data LeaksMicrosoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations and leak valuable data. "While these 'plug-and-play' options greatly simplify the setup process, they often prioritize ea…THEHACKERNEWS.COM
6 MayEntra ID Data Protection: Essential or Overkill?Microsoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role — man…THEHACKERNEWS.COM
6 MayToll road scams are in overdrive: Here’s how to protect yourselfHave you received a text message about an unpaid road toll? Make sure you’re not the next victim of a smishing scam.WELIVESECURITY.COM