The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems. “Threat actors are increasingly using open source tools in their arsenals for cost-effectiveness and obfuscation to save money and, in […]
Google is rolling out a new security mechanism on Android devices that will automatically reboot locked, unused devices after three consecutive days of inactivity, restoring memory to an encrypted state. […]
A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change. The flaw, assigned the CVE identifier CVE-2025-24859, carries a CVSS score of 10.0, indicating maximum severity. It affects all versions of Roller up to and […]
Microsoft warned Windows users of increased CPU usage when typing while using recent versions of the classic Outlook email client. […]
15
Apr
Apr
When you’re searching on Google, we aim to provide the most useful information, and many times that includes providing locally relevant search results. Historically, as …
Everybody knows browser extensions are embedded into nearly every user’s daily workflow, from spell checkers to GenAI tools. What most IT and security people don’t know is that browser extensions’ excessive permissions are a growing risk to organizations. LayerX today announced the release of the Enterprise Browser Extension Security Report 2025, This report is the […]
Originally published by VikingCloud. Written by Natasja Bolton. If your business processes payment card data, you’ve likely been working on transitioning from PCI DSS v3.2.1 to PCI DSS v4.x—but the work isn’t over yet. While the initial readiness deadline for PCI DSS v4.0 was March 31, 2024, many of the most critical security changes […]
The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks […]
A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks
Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union, nearly a year after it paused its efforts due to data protection concerns from Irish regulators. “This training will better support millions of people and businesses in Europe, […]