China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March

Ivanti addressed a critical remote code execution flaw in Connect Secure, which has been exploited since at least mid-March 2025. Ivanti released security updates to address a critical Connect... Read more »

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)

A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure... Read more »

Europol-led operation shuts down CSAM platform Kidflix, leading to 79 arrests

An international law enforcement operation shuts down Kidflix, a child sexual abuse material (CSAM) streaming platform with 1.8M users. An international operation, codenamed Operation Stream, against child sexual exploitation... Read more »

Payment Fraud Detection and Prevention: Here’s All To Know

Here are the most common and latest advancements in payment fraud strategies and payment fraud prevention tools for protecting your business. Read more »

Bitsight Identity Intelligence provides visibility into compromised accounts

Bitsight launched Bitsight Identity Intelligence, a new, standalone threat intelligence module designed to help security teams detect compromised credentials, prevent unauthorized access, and proactively mitigate risk across their extended... Read more »

Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439)

CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, CISA has confirmed on Monday by adding the flaw to... Read more »

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp

The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity... Read more »

Phishers are increasingly impersonating electronic toll collection companies

Steam was the most imitated brands by phishers in the first quarter of 2025, followed by Microsoft and Facebook/Meta, Guardio researchers have revealed. “Historically, the #1 spot has been... Read more »

Helping Your Clients Achieve NIST Compliance: A Step by Step Guide for Service Providers

Introduction As the cybersecurity landscape evolves, service providers play an increasingly vital role in safeguarding sensitive data and maintaining compliance with industry regulations. The National Institute of Standards and... Read more »

Taking a ‘good enough’ approach with cloud security isn’t enough

In the wake of the January 2025 ‘Codefinger’ attacks against AWS S3 users, Thales Rob Elliss argues that many organisations are dropping the ball when it comes to their... Read more »
Subscribe to our Newsletter