Mar 20, 2025Ravie LakshmananVulnerability / Software Update Veeam has released security updates to address a critical security flaw impacting its Backup & Replication software that could lead to remote code execution. The vulnerability, tracked as CVE-2025-23120, carries a CVSS score… Read More "Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems"
Mar 20, 2025Ravie LakshmananSpyware / Mobile Security The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are likely customers of spyware developed by Israeli company Paragon Solutions, according to a new report from The Citizen Lab. Paragon, founded in… Read More "Six Governments Likely Use Israeli Paragon Spyware to Hack IM Apps and Harvest Data"
Mar 20, 2025Ravie LakshmananCybercrime / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a new campaign that targets the defense sectors with Dark Crystal RAT (aka DCRat). The campaign, detected earlier this month, has been found… Read More "Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages"
Mar 19, 2025The Hacker NewsSaaS Security / Threat Detection Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats,… Read More "5 Identity Threat Detection & Response Must-Haves for Super SaaS Security"
Mar 19, 2025Ravie LakshmananThreat Intelligence / Cryptojacking Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT. The vulnerability, assigned the CVE identifier CVE-2024-4577, refers to an argument… Read More "Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners"
Mar 19, 2025Ravie LakshmananCybercrime / Threat Intelligence The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities. The leak, containing over 200,000 messages… Read More "Leaked Black Basta Chats Suggest Russian Officials Aided Leader’s Escape from Armenia"
Mar 19, 2025Ravie LakshmananCloud Security / Web Security The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer. ClearFake, first… Read More "ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers"
Mar 19, 2025The Hacker NewsIdentity Security / Webinar In today’s digital world, security breaches are all too common. Despite the many security tools and training programs available, identity-based attacks—like phishing, adversary-in-the-middle, and MFA bypass—remain a major challenge. Instead of accepting… Read More "Watch This Webinar to Learn How to Eliminate Identity-Based Attacks—Before They Happen"
Mar 19, 2025Ravie LakshmananVulnerability / Network Security Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious actors to take… Read More "Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems"
Mar 19, 2025Ravie LakshmananVulnerability / DevSecOps The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog. The high-severity flaw,… Read More "CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise"
