Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers. […]
Author Archives: [email protected]
Offensive Security warned Kali Linux users to manually install a new Kali repository signing key to avoid experiencing update failures. […]
Bringing your security solutions and Edge for Business together For the first time ever, we’re introducing the Edge for Business security connector framework. This new feature lets you easily connect the browser to your authentication, data loss prevention and reporting solutions. At Microsoft, we believe that it is fundamentally important to be security-first, which is […]
Microsoft is working on fully mitigating issues causing Outlook on the web and SharePoint Online users to experience delays or failures when searching. […]
Internet services giant Cloudflare says it mitigated a record number of DDoS attacks in 2024, recording a massive 358% year-over-year jump and a 198% quarter-over-quarter increase. […]
What happens when cybercriminals no longer need deep skills to breach your defenses? Today’s attackers are armed with powerful tools that do the heavy lifting — from AI-powered phishing kits to large botnets ready to strike. And they’re not just after big corporations. Anyone can be a target when fake identities, hijacked infrastructure, and insider […]
Not every security vulnerability is high risk on its own – but in the hands of an advanced attacker, even small weaknesses can escalate into major breaches. These five real vulnerabilities, uncovered by Intruder’s bug-hunting team, reveal how attackers turn overlooked flaws into serious security incidents. 1. Stealing AWS Credentials with a Redirect Server-Side Request […]
Government and telecommunications sectors in Southeast Asia have become the target of a “sophisticated” campaign undertaken by a new advanced persistent threat (APT) group called Earth Kurma since June 2024. The attacks, per Trend Micro, have leveraged custom malware, rootkits, and cloud storage services for data exfiltration. The Philippines, Vietnam, Thailand, and Malaysia are among […]
Cybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a “critical patch” but deploy a backdoor instead. WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to […]
Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access. The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities – CVE-2024-58136 (CVSS score: 9.0) – An improper protection of alternate path flaw […]