breaking news – Page 28 – MCYSEKA-Maritime Cyber Security Knowledge Archive

U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SAP NetWeaver flaw, tracked as CVE-2025-31324, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, researchers warned that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is […]

April 30, 2025

0 comment

SentinelOne warns of threat actors targeting its systems and high-value clients

SentinelOne warns China-linked APT group PurpleHaze attempted reconnaissance on its systems and high-value clients. Cybersecurity firm SentinelOne warns that a China-linked APT group, tracked as PurpleHaze, attempted to conduct reconnaissance on its infrastructure and high-value clients. The activity suggests targeted cyberespionage efforts aimed at gathering information for potential future attacks. SentinelOne first identified PurpleHaze’s activity […]

April 29, 2025

0 comment

Google Threat Intelligence Group (GTIG) tracked 75 actively exploited zero-day flaws in 2024

Google tracked 75 zero-day flaws exploited in 2024, down from 98 in 2023, according to its Threat Intelligence Group’s latest analysis. In 2024, Google tracked 75 exploited zero-day vulnerabilities, down from 98 in 2023 but up from 63 in 2022. The researchers from Google Threat Intelligence Group (GTIG) observed that most targeted are end-user platforms, […]

April 29, 2025

0 comment

VeriSource data breach impacted 4M individuals

VeriSource breach exposed data of 4M people in Feb 2024; stolen info includes personal details from an employee benefits services provider. VeriSource is alerting 4 million people after a February 2024 breach that exposed personal information. The data was stolen on February 27, 2024, and the incident was discovered on February 28, 2024. The company […]

April 29, 2025

0 comment

U.S. CISA adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are […]

April 29, 2025

0 comment

The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning

BreachForums, a major data leak marketplace, shut down on April 15 after a MyBB 0-day exploit allowed law enforcement infiltration. On April 15, BreachForums, one of the top marketplaces for stolen data, abruptly shut down, fueling widespread speculation. Rumors ranged from FBI raids and the arrest of the administrator. In the aftermath, several alternative forums […]

April 28, 2025

0 comment

Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia

Earth Kurma APT carried out a sophisticated campaign against government and telecommunications sectors in Southeast Asia. Trend Research exposed the Earth Kurma APT campaign targeting Southeast Asia’s government and telecom sectors. Threat actors use custom malware, rootkits, and cloud storage for espionage, credential theft, and data exfiltration, posing a high business risk with advanced evasion […]

April 28, 2025

0 comment

A large-scale phishing campaign targets WordPress WooCommerce users

A large-scale phishing campaign targets WordPress WooCommerce users with a fake security alert urging them to download a ‘critical patch’ hiding a backdoor. Patchstack researchers uncovered a large-scale phishing campaign targeting WordPress WooCommerce users with a fake security alert. Threat actors urge recipients to download a “critical patch” that hides a backdoor. The experts noted […]

April 28, 2025

0 comment

PoC rootkit Curing evades traditional Linux detection systems

Researchers created a PoC rootkit called Curing that uses Linux’s io_uring feature to evade traditional system call monitoring. Armo researchers have demonstrated a proof-of-concept (PoC) rootkit named Curing that relies on Linux asynchronous I/O mechanism io_uring to bypass traditional system call monitoring. “Curing is a POC of a rootkit that uses io_uring to perform different tasks without using any syscalls, […]

April 28, 2025

0 comment

Attackers chained Craft CMS zero-days attacks in the wild

Orange Cyberdefense’s CSIRT reported that threat actors exploited two vulnerabilities in Craft CMS to breach servers and steal data. Orange Cyberdefense’s CSIRT warns that threat actors chained two Craft CMS vulnerabilities in recent attacks. Orange experts discovered the flaws while investigating a server compromise. The two vulnerabilities, tracked as CVE-2025-32432 and CVE-2024-58136, are respectively a […]

April 28, 2025

0 comment

1 … 26 27 28 29 30 … 209