Internet Security

Veeam fixed critical Backup & Replication flaw CVE-2025-23120

March 20, 2025 add comment
Veeam released security patches for a critical Backup & Replication vulnerability that could let attackers remotely execute code. Veeam addressed a critical security vulnerability, tracked as CVE-2025-23120 (CVSS score of... Read more »

U.S. CISA adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog

March 20, 2025 add comment
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure... Read more »

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

March 20, 2025 add comment
CERT-UA warns of a cyber campaign using Dark Crystal RAT to target Ukraine’s defense sector, including defense industry employees and Defense Forces members. The Computer Emergency Response Team of... Read more »

WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware

March 20, 2025 add comment
WhatsApp fixed a zero-click, zero-day vulnerability used to install Paragon’s Graphite spyware on the devices of targeted individuals. WhatsApp has addressed a zero-click, zero-day vulnerability exploited to install Paragon’s... Read more »

California Cryobank, the largest US sperm bank, disclosed a data breach

March 19, 2025 add comment
California Cryobank, the largest US sperm bank, suffered a data breach exposing customer information. California Cryobank (CCB) is the largest sperm bank in the U.S., providing frozen donor sperm... Read more »

Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks

March 19, 2025 add comment
The Rules File Backdoor attack targets AI code editors like GitHub Copilot and Cursor, making them inject malicious code via a supply chain vulnerability. Pillar Security researchers uncovered a... Read more »

U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog

March 19, 2025 add comment
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities... Read more »

Nation-state actors and cybercrime gangs abuse malicious .lnk files for espionage and data theft

March 18, 2025 add comment
11 state-sponsored APTs exploit malicious .lnk files for espionage and data theft, with ZDI uncovering 1,000 such files used in attacks. At least 11 state-sponsored threat groups have been... Read more »

ChatGPT SSRF bug quickly becomes a favorite attack vector

March 18, 2025 add comment
Threat actors exploit a server-side request forgery (SSRF) flaw, tracked as CVE-2024-27564, in ChatGPT, to target US financial and government organizations. Cybersecurity firm Veriti reports that threat actors are... Read more »

GitHub Action tj-actions/changed-files was compromised in supply chain attack

March 18, 2025 add comment
The GitHub Action tj-actions/changed-files was compromised, enabling attackers to extract secrets from repositories using the CI/CD workflow. Researchers reported that threat actors compromised the GitHub Action tj-actions/changed-files, allowing the... Read more »
Subscribe to our Newsletter