A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks. “Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE),” EclecticIQ researcher Arda Büyükkaya said in an analysis published today. Targets of the campaign
Category Archives: News
A new “Branch Privilege Injection” flaw in all modern Intel CPUs allows attackers to leak sensitive data from memory regions allocated to privileged software like the operating system kernel. […]
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 […]
Microsoft has backtracked on its plan to end support for Office apps on Windows 10 later this year and announced that it will continue providing security updates for three more years, until 2028. […]
Red teams uncover what others miss — but they can’t be everywhere, all the time. Adversarial Exposure Validation combines BAS + Automated Pentesting to extend red team impact, uncover real attack paths, and validate defenses continuously. Learn more from Picus Security on how AEV can help protect your network. […]
Marks and Spencer (M&S) confirms that customer data was stolen in a cyberattack last month, when ransomware was used to encrypt servers. […]
Originally published by Vanta. Written by Jess Munday. Trust is critical to the success of every business. And in 2024, we saw that building, scaling, and demonstrating trust is getting more difficult for organizations. Vanta’s second annual State of Trust Report uncovered key trends across security, compliance, and the future of trust. Based on a survey […]
Originally published by CheckRed. Written by Amardip Deshpande, Senior Security Researcher at CheckRed. Cyberattacks on critical infrastructure have become a growing concern, with sectors like water supply, energy, and other essential utilities increasingly in the crosshairs of cybercriminals and nation-state actors. The recent cyberattack on American Water proves that these vital services are not immune […]
The cybersecurity landscape has been dramatically reshaped by the advent of generative AI. Attackers now leverage large language models (LLMs) to impersonate trusted individuals and automate these social engineering tactics at scale. Let’s review the status of these rising attacks, what’s fueling them, and how to actually prevent, not detect, them. The Most Powerful Person […]
The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor’s targeting beyond Russia. Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on the “trajectory of the Russian invasion.” “The group’s interest in Ukraine […]