Security Affairs

NOVEMBER 7, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog. There are indications that the following may be under limited, targeted exploitation. that allows an attacker to achieve remote code execution via a crafted HTTP request.

IT 316

IT Authentication Cybersecurity Risk 316

Krebs on Security

DECEMBER 19, 2024

But on closer inspection they discovered the address contained an HTML title of “ Araneida Customer Panel ,” and found they could search on that text string to find dozens of unique addresses hosting the same service. Araneida Scanner’s Telegram channel bragging about how customers are using the service for cybercrime.

IT 232

IT Data breaches Cloud Passwords 232

Security Affairs

MARCH 5, 2025

The Polish space agency POLSA announced it has disconnected its network from the internet following a cyberattack. The Polish space agency POLSA was forced to disconnect its network from the internet in response to a cyberattack. “A cybersecurity incident has occurred at POLSA. It is a member of the European Space Agency.

IT 244

IT Ransomware Cybersecurity Security 244

Security Affairs

APRIL 15, 2025

Meta announced that it will use public EU user data to train AI, resuming plans paused last year over Irish data protection concerns. Meta will start training its AI models using public data from adults in the EU, after pausing the plan last year over data protection concerns raised by Irish regulators. ” reads a post published by the company.

IT 203

IT Artificial Intelligence Information Security Privacy 203

Security Affairs

JANUARY 24, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA1000 vulnerability to its Known Exploited Vulnerabilities catalog. This week, SonicWall warned customers of a critical security vulnerability, tracked as CVE-2025-23006 (CVSS score of 9,8) impacting its Secure Mobile Access (SMA) 1000 Series appliances.

IT 228

IT Authentication Cybersecurity Access 228

Security Affairs

DECEMBER 29, 2024

notifies customers of credit card data breach, after threat actors hacked a third-party app from its e-commerce provider. disclosed a data breach that exposed its customers’ credit card data after threat actors hacked a third-party application from its e-commerce providerBigCommerce.

Data breaches 206

Data breaches IT Computer and Electronics Access 206

Security Affairs

FEBRUARY 6, 2025

In a single-node deployment, new devices will not be able to authenticate during the reload time.” ” The IT giant warns that there are no workarounds that solve these flaws. The company recommends customers to upgrade to an appropriate fixed software release : Cisco ISE Software Releases First Fixed Release 3.0 Not vulnerable.

IT 183

IT Authentication Information Security Security 183

Security Affairs

MARCH 5, 2025

Microsoft warns that China-backed APT Silk Typhoon linked to US Treasury hack, is now targeting global IT supply chains, using IT firms to spy and move laterally. Microsoft reported that China-linked APT group Silk Typhoon has shifted tactics to target IT solutions like remote management tools and cloud apps for initial access.

Energy and Utilities 158

Energy and Utilities IT Cloud Passwords 158

Security Affairs

MARCH 12, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds six Microsoft Windowsflaws to its Known Exploited Vulnerabilities catalog. CISA orders federal agencies to fix this vulnerability byApril 1st, 2025. A few days ago, U.S. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,CISA)

IT 172

IT Cybersecurity Access Security 172

Security Affairs

FEBRUARY 23, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Power Pages vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added a Microsoft Power Pages vulnerability, tracked as CVE-2025-24989 , to its Known Exploited Vulnerabilities (KEV) catalog.

IT 168

IT Cybersecurity Risk Access 168

WIRED Threat Level

MARCH 31, 2025

An unsecured database used by a generative AI app revealed prompts and tens of thousands of explicit imagessome of which are likely illegal. The company deleted its websites after WIRED reached out.

IT 353

IT Security 353

Security Affairs

MARCH 20, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds Edimax IC-7100 IP Camera, NAKIVO,and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog.

IT 181

IT Cybersecurity Risk Security 181

WIRED Threat Level

JANUARY 31, 2025

Security researchers tested 50 well-known jailbreaks against DeepSeeks popular new AI chatbot. It didnt stop a single one.

IT 352

IT Security Artificial Intelligence 352

Collaboration 2.0

MARCH 25, 2025

Signal is in the news for all the wrong reasons. Here's what to know about it and why it remains a top choice for protecting conversations.

IT 303

IT Security 303

Collaboration 2.0

APRIL 10, 2025

The Light Phone's third iteration swaps the E Ink display for a sharp AMOLED screen and adds a color camera, all while staying true to its minimalist philosophy.

IT 297

IT 297

Collaboration 2.0

APRIL 17, 2025

The AI tool allows Copilot to describe what it sees on your screen in Edge. But it doesn't always get it right.

IT 253

IT 253

Collaboration 2.0

APRIL 11, 2025

With Recall now in preview mode for Windows Insiders on Copilot+ PCs, Microsoft is testing the waters for an official release.

IT 312

IT 312

Security Affairs

NOVEMBER 26, 2024

Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. The code is now available on GitHub. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more. concludes the report.

Archiving 360

Archiving Encryption Passwords IT 360

WIRED Threat Level

JANUARY 23, 2025

Now-fixed web bugs allowed hackers to remotely unlock and start millions of Subarus. More disturbingly, they could also access at least a year of cars location historiesand Subaru employees still can.

IT 361

IT Security Access Privacy 361

Security Affairs

OCTOBER 23, 2024

However, the proliferation of such workloads and the data within creates a complex web of data sprawl that is challenging to navigate and manage. To add to the difficulty, the advent of Generative AI (GenAI) has brought unprecedented security and privacy risks. Where is it located? Who has access to it? What is its security posture?

Data Privacy 316

Data Privacy Privacy GDPR Compliance 316

Security Affairs

APRIL 13, 2025

The ransomware group has since leaked the stolen data on its dark web leak site. The gang claimed the theft of 2 TB of data. Compromised data includes full names, contact details, ID numbers, banking information, drivers license numbers, medical records and passport details. ” states the company. ” states the company.

Data breaches 323

Data breaches Unstructured data Ransomware Cybersecurity 323

Security Affairs

NOVEMBER 12, 2024

Apple iOS supports a new feature that reboots locked devices after extended inactivity, aiming to enhance data security for users. Apple ‘quietly’ implemented a new security feature that automatically reboots a locked device if it has not been used for several days. The new feature was introduced with the release of iOS 18.1

Encryption 323

Encryption Passwords Security Communications 323

Security Affairs

APRIL 6, 2025

Researcher Kevin Beaumont said that Oracle has only issued verbal breach notifications to cloud customers, with no written communication provided. “Oracle Corp. has told customers that a hacker broke into a computer system and stole old client log-in credentials, according to two people familiar with the matter. ” reported Bloomberg.

Data breaches 315

Data breaches Cloud Encryption Communications 315

Security Affairs

OCTOBER 28, 2024

. “He seems to be rather a victim given initial allegations and the negative outcome of the search conducted” The criminal activity was allegedly carried out by prominent Italian individuals, including a former high-profile policeman. ” reported Reuters citing a source with the knowledge on the matter.

Computer and Electronics 341

Computer and Electronics Access Communications Marketing 341

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Researchers from Gen Digital who discovered the threat, believe it is in its early development phase. ” reads the report published by Gen Digital.

Encryption 294

Encryption File names Phishing Passwords 294

Security Affairs

OCTOBER 22, 2024

VMware failed to fully address a remote code execution flaw, tracked as CVE-2024-38812 (CVSS score: 9.8), in its vCenter Server platform. In September, Broadcom released security updates to the vulnerability CVE-2024-38812. vCenter Server is a critical component in VMware virtualization and cloud computing software suite. reads the advisory.

Government 354

Government Cloud Access IT 354

Security Affairs

DECEMBER 5, 2024

Amidst an already overstretched cybersecurity workforce— ISC2 estimated in 2023 that there was a 4 million gap between supply and demand—it’s enormously important that we address this problem. But it doesn’t have to be this way. The Reality of SOC Burnout SOC analysts have it rough. And right now, they’re not. We can only hope that they do.

Cybersecurity 340

Cybersecurity Artificial Intelligence Risk Data collection 340

Security Affairs

JANUARY 10, 2025

Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures.

Archiving 303

Archiving Phishing Encryption Passwords 303

Security Affairs

OCTOBER 31, 2024

Peruvian Interbank confirmed a data breach after threat actors accessed its systems and leaked stolen information online. Interbank , formally the Banco Internacional del Perú Service Holding S.A.A. is a leading Peruvian provider of financial services has over 2 million customers.

Data breaches 323

Data breaches Financial Services Passwords Security 323

Collaboration 2.0

FEBRUARY 21, 2025

If you've gotten cash from an ATM, you've interacted with a COBOL-based system. Here's why this old programming language will probably outlive us all.

Government 354

Government IT 354