New Zyxel Zero-Day Under Attack, No Patch Available 2025-01-29 at 18:21 By Ryan Naraine GreyNoise reports active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices. There are no patches available. The post New Zyxel Zero-Day Under Attack, No Patch Available appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View […]
New Zyxel Zero-Day Under Attack, No Patch Available Read More »
SimpleHelp Remote Access Software Exploited in Attacks 2025-01-29 at 12:48 By Ionut Arghire Threat actors have been exploiting SimpleHelp remote access software shortly after the disclosure of three vulnerabilities. The post SimpleHelp Remote Access Software Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
SimpleHelp Remote Access Software Exploited in Attacks Read More »
VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer 2025-01-28 at 23:03 By Ryan Naraine VMware warns that a malicious user with network access may be able to use specially crafted SQL queries to gain database access. The post VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer appeared
VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer Read More »
SonicWall Confirms Exploitation of New SMA Zero-Day 2025-01-28 at 13:33 By Eduard Kovacs SonicWall has confirmed that an SMA 1000 zero-day tracked as CVE-2025-23006 has been exploited in the wild. The post SonicWall Confirms Exploitation of New SMA Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
SonicWall Confirms Exploitation of New SMA Zero-Day Read More »
Apple Patches First Exploited iOS Zero-Day of 2025 2025-01-28 at 13:03 By Ionut Arghire Apple has released fixes for dozens of vulnerabilities in its mobile and desktop products, including an iOS zero-day exploited in attacks. The post Apple Patches First Exploited iOS Zero-Day of 2025 appeared first on SecurityWeek. This article is an excerpt from
Apple Patches First Exploited iOS Zero-Day of 2025 Read More »
Cracking the Giant: How ODAT Challenges Oracle, the King of Databases 2025-01-27 at 16:04 By Karl Biron In the past decade, Oracle Database (Oracle DB) has reigned supreme in the competitive arena of database engine popularity ranking as shown in Figure 1 and Figure 2. This pervasiveness has led Oracle Database to be trusted by
Cracking the Giant: How ODAT Challenges Oracle, the King of Databases Read More »
Git Vulnerabilities Led to Credentials Exposure 2025-01-27 at 14:49 By Ionut Arghire Vulnerabilities in Git’s credential retrieval protocol could have allowed attackers to compromise user credentials. The post Git Vulnerabilities Led to Credentials Exposure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Git Vulnerabilities Led to Credentials Exposure Read More »
CISA Warns of Old jQuery Vulnerability Linked to Chinese APT 2025-01-24 at 18:01 By Eduard Kovacs CISA has added the JQuery flaw CVE-2020-11023, previously linked to APT1, to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Warns of Old jQuery Vulnerability Linked to Chinese APT appeared first on SecurityWeek. This article is an excerpt
CISA Warns of Old jQuery Vulnerability Linked to Chinese APT Read More »
Trustwave SpiderLabs: Ransomware Attacks Against the Energy and Utilities Sector Up 80% 2025-01-22 at 16:15 By The energy sector is a cornerstone of national security, ensuring the delivery of critical infrastructure services and supporting transportation systems. Recognizing the importance of protecting this vital industry, Trustwave SpiderLabs has released the comprehensive 2025 Trustwave Risk Radar Report: Energy
Trustwave SpiderLabs: Ransomware Attacks Against the Energy and Utilities Sector Up 80% Read More »
Trustwave SpiderLabs 2025 Trustwave Risk Radar Report: Energy and Utilities Sector 2025-01-22 at 16:15 By The energy sector plays a crucial role in national security by ensuring the delivery of essential infrastructure services and supporting transportation systems. Acknowledging the need to safeguard this vital industry, Trustwave SpiderLabs has published the highly detailed 2025 Trustwave Risk Radar
Trustwave SpiderLabs 2025 Trustwave Risk Radar Report: Energy and Utilities Sector Read More »
The New Face of Ransomware: Key Players and Emerging Tactics of 2024 2025-01-21 at 16:03 By Serhii Melnyk As we step into 2025, the high-impact, financially motivated ransomware landscape continues to evolve, shaped by a combination of law enforcement actions, shifting affiliate dynamics, advancements in defensive approaches, and broader economic and geopolitical influences. This article
The New Face of Ransomware: Key Players and Emerging Tactics of 2024 Read More »
JoCERT Issues Warning on Exploitable Command Injection Flaws in HPE Aruba Products 2025-01-21 at 15:32 By daksh sharma Overview JoCERT has issued an alert regarding critical command injection vulnerabilities discovered in HPE Aruba’s 501 Wireless Client Bridge. The vulnerabilities, tracked as CVE-2024-54006 and CVE-2024-54007, allow authenticated attackers with administrative privileges to execute arbitrary commands on
JoCERT Issues Warning on Exploitable Command Injection Flaws in HPE Aruba Products Read More »
How Generative AI is Shaping the Future of Cybersecurity: Key Insights for CISOs and Enterprises 2025-01-15 at 23:19 By The increasing adoption of generative artificial intelligence platforms by threat actors, cyber defenders, and the average organization will present enterprises with an unprecedented number of cybersecurity issues in the coming years, according to a new Gartner®
CVE-2024-55591: Fortinet FortiOS/FortiProxy Zero Day 2025-01-14 at 21:07 By In late November and December 2024, Artic Wolf observed evidence of a mass compromise of Fortinet FortiGate. While the initial attack vector was unknown at the time, evidence of compromise (with new users and SSL profiles) was consistent across compromised devices. This article is an excerpt from SpiderLabs
CVE-2024-55591: Fortinet FortiOS/FortiProxy Zero Day Read More »
Why Vulnerability Scanning Alone Isn’t Enough: The Case for Penetration Testing 2025-01-10 at 16:11 By Grayson Lenik Organizations today face a rapidly evolving threat landscape, and as they plan their cybersecurity strategy and budgets, many may struggle with a key question: If I’m conducting regular vulnerability scans, and patching the vulnerabilities I identify, do I
Why Vulnerability Scanning Alone Isn’t Enough: The Case for Penetration Testing Read More »
The State of Magecart: A Persistent Threat to E-Commerce Security 2025-01-09 at 16:04 By Phil Hay, Rodel Mendrez Trustwave SpiderLabs first blogged about Magecart back in 2019; fast forward five years and it is still here going strong. This article is an excerpt from SpiderLabs Blog View Original Source
The State of Magecart: A Persistent Threat to E-Commerce Security Read More »
Trustwave’s 2025 Cybersecurity Predictions: The Era of End-to-End AI Cyberattacks is Here 2025-01-07 at 21:48 By Craig Searle As 2024 has wrapped up, we went around the room and asked some of Trustwave’s top executives what cybersecurity issues and technology they saw playing a prominent role in 2025. This article is an excerpt from Trustwave
Why Companies Need to Extend Penetration Testing to OT Environments 2025-01-02 at 20:08 By Allen Numerick As companies continue to integrate their operational technology (OT) and IT environments, they’re coming to grips with the fact that this move opens them up to new avenues for cyber threats. This article is an excerpt from Trustwave Blog
Why Companies Need to Extend Penetration Testing to OT Environments Read More »
Analyzing Salt Typhoon: Telecom Attacker 2024-12-12 at 23:34 By Unveiling Salt Typhoon: A New Wave in Cyber EspionageDiscover how this advanced Chinese-speaking threat actor targets telecom giants, using sophisticated tools like SparrowDoor and Demodex to breach and exfiltrate sensitive data. The Who, What, and Why of Salt Typhoon’s AttacksGain insights into Salt Typhoon’s history, tactics,
Analyzing Salt Typhoon: Telecom Attacker Read More »
‘Tis the Season for Artificial Intelligence-Generated Fraud Messages 2024-12-10 at 16:19 By The FBI issued an advisory on December 3rd warning the public of how threat actors use generative AI to more quickly and efficiently create messaging to defraud their victims, echoing earlier warnings issued by Trustwave SpiderLabs. This article is an excerpt from Trustwave Blog
‘Tis the Season for Artificial Intelligence-Generated Fraud Messages Read More »