More results...
Veeam released security patches for a critical Backup & Replication vulnerability that could let attackers remotely execute code. Veeam addressed a critical security vulnerability, tracked as CVE-2025-23120 (CVSS score of 9.9), impacting its Backup & Replication software that could lead to remote code execution. The vulnerability impacts 12.3.0.310 and all earlier version 12 builds, it was […]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: In early March, 2025, US CISA warned that multiple botnets are exploiting a […]
CERT-UA warns of a cyber campaign using Dark Crystal RAT to target Ukraine’s defense sector, including defense industry employees and Defense Forces members. The Computer Emergency Response Team of Ukraine (CERT-UA) uncovered a new cyber espionage campaign targeting employees of defense-industrial complex enterprises and representatives of the Defense Forces of Ukraine with Dark Crystal RAT. […]
WhatsApp fixed a zero-click, zero-day vulnerability used to install Paragon’s Graphite spyware on the devices of targeted individuals. WhatsApp has addressed a zero-click, zero-day vulnerability exploited to install Paragon’s Graphite spyware on the devices of targeted individuals. WhatsApp blocked a spyware campaign by Paragon targeting journalists and civil society members after reports of the Citizen […]
California Cryobank, the largest US sperm bank, suffered a data breach exposing customer information. California Cryobank (CCB) is the largest sperm bank in the U.S., providing frozen donor sperm and reproductive services, including egg and embryo storage. It operates in all 50 states and over 30 countries worldwide, helping individuals and couples with fertility treatments. […]
The Rules File Backdoor attack targets AI code editors like GitHub Copilot and Cursor, making them inject malicious code via a supply chain vulnerability. Pillar Security researchers uncovered a dangerous new supply chain attack vector called ‘Rules File Backdoor.’ Threat actors could use the technique to silently compromise AI-generated code by injecting malicious code. The attack […]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: In February, Fortinet warned that threat actors were exploiting a new zero-day vulnerability, tracked as CVE-2025-24472 (CVSS score of 8.1), in […]
11 state-sponsored APTs exploit malicious .lnk files for espionage and data theft, with ZDI uncovering 1,000 such files used in attacks. At least 11 state-sponsored threat groups have been abusing Windows shortcut files for espionage and data theft, according to an analysis by Trend Micro’s Zero Day Initiative (ZDI). Trend ZDI researchers discovered 1,000 malicious […]
Threat actors exploit a server-side request forgery (SSRF) flaw, tracked as CVE-2024-27564, in ChatGPT, to target US financial and government organizations. Cybersecurity firm Veriti reports that threat actors are exploiting a server-side request forgery (SSRF) vulnerability, tracked as CVE-2024-27564 (CVSS score of 6.5), in ChatGPT to target financial and government organizations in the US. The […]
The GitHub Action tj-actions/changed-files was compromised, enabling attackers to extract secrets from repositories using the CI/CD workflow. Researchers reported that threat actors compromised the GitHub Action tj-actions/changed-files, allowing the leak of secrets from repositories using the continuous integration and continuous delivery CI/CD workflow. The tj-actions/changed-files GitHub Action is used in over 23,000 repositories, it automates workflows by […]