Week in review

Week in review: Botnet hits M365 accounts, PoC for Ivanti Endpoint Manager vulnerabilities released 2025-03-02 at 11:06 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Massive botnet hits Microsoft 365 accounts A recently discovered botnet of over 130,000 compromised devices is launching coordinated password-spraying […]

React to this headline:

Week in review: PostgreSQL 0-day exploited in US Treasury hack, top OSINT books to learn from 2025-02-23 at 12:41 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) The suspected Chinese state-sponsored hackers who

React to this headline:

Week in review: Microsoft fixes two actively exploited 0-days, PAN-OS auth bypass hole plugged 2025-02-16 at 11:04 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) February 2025 Patch Tuesday is here, and Microsoft has delivered fixes

React to this headline:

Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play 2025-02-09 at 11:11 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip

React to this headline:

Week in review: Apple 0-day used to target iPhones, DeepSeek’s popularity exploited by scammers 2025-02-02 at 11:03 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) Apple has shipped a fix for a zero-day vulnerability (CVE-2025-24085)

React to this headline:

Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams 2025-01-26 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 48,000+ internet-facing Fortinet firewalls still open to attack Despite last week’s confirmation of and warnings about long-standing exploitation

React to this headline:

Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked 2025-01-19 at 11:06 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are encrypting AWS S3 data without using ransomware A ransomware gang dubbed Codefinger is encrypting data stored

React to this headline:

Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast 2025-01-12 at 11:02 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) Ivanti has fixed two vulnerabilities affecting Ivanti Connect Secure, Policy Secure and ZTA gateways,

React to this headline:

Week in review: MUT-1244 targets both security workers and threat actors, Kali Linux 2024.4 released 2024-12-22 at 11:03 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: MUT-1244 targeting security researchers, red teamers, and threat actors A threat actor tracked as MUT-1244 by DataDog researchers

React to this headline:

Week in review: Microsoft fixes exploited 0-day, top cybersecurity books for your holiday gift list 2024-12-15 at 20:30 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes exploited zero-day (CVE-2024-49138) On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of

React to this headline:

Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast 2024-12-08 at 11:03 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449) Veeam has fixed two vulnerabilities in Veeam Service Provider Console (VSPC),

React to this headline:

Week in review: Exploitable flaws in corporate VPN clients, malware loader created with gaming engine 2024-12-01 at 11:03 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Researchers reveal exploitable flaws in corporate VPN clients Researchers have discovered vulnerabilities in the update process of Palo

React to this headline:

Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified 2024-11-24 at 11:03 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 2,000 Palo Alto Networks devices compromised in latest attacks Attackers have compromised around 2,000 Palo Alto Networks firewalls

React to this headline:

Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked 2024-11-17 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for

React to this headline:

Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability 2024-11-10 at 11:03 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) Synology has released fixes for an unauthenticated “zero-click” remote

React to this headline:

Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams 2024-11-03 at 11:03 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Patching problems: The “return” of a Windows Themes spoofing vulnerability Despite two patching attempts, a security issue that may allow

React to this headline:

Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE 2024-10-27 at 11:19 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Fortinet releases patches for publicly undisclosed critical FortiManager vulnerability In the last couple of days, Fortinet has released critical security

React to this headline:

Week in review: 87k+ Fortinet devices still open to attack, red teaming tool used for EDR evasion 2024-10-20 at 11:10 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) Last week, CISA added

React to this headline:

Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools 2024-10-13 at 11:03 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) For October 2024 Patch Tuesday, Microsoft has

React to this headline:

Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast 2024-10-06 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: October 2024 Patch Tuesday forecast: Recall can be recalled October arrived, and Microsoft started the month by announcing the release of Windows

React to this headline: