Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could allow for remote code execution.
The vulnerability, rated a CVSS score of 9.4, enables "attackers to potentially execute arbitrary commands with root privileges" by exploiting a hidden URL parameter, application security firm Noma said in aView the full article
The job of a SOC analyst has never been easy. Faced with an overwhelming flood of daily alerts, analysts (and sometimes IT teams who are doubling as SecOps) must try and triage thousands of security alerts—often false positives—just to identify a handful of real threats. This relentless, 24/7 work leads to alert fatigue, desensitization, and increased risk of missing critical security incidents.View the full article
Buzzy ******** artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data.
The ClickHouse database "allows full control over database operations, including the ability to access internal data," Wiz security researcher GalView the full article
Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances.
"When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server," Sonar researcher Yaniv Nizry said in a write-up published earlier this week.
TheView the full article
A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks.
The vulnerability in question is CVE-2024-41710 (CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actorView the full article
The North Korean threat actor known as the Lazarus Group has been observed leveraging a "web-based administrative platform" to oversee its command-and-control (C2) infrastructure, giving the adversary the ability to centrally supervise all aspects of their campaigns.
"Each C2 server hosted a web-based administrative platform, built with a React application and a Node.js API," SecurityScorecard'sView the full article
Curious about the buzz around AI in cybersecurity? Wonder if it's just a shiny new toy in the tech world or a serious game changer? Let's unpack this together in a not-to-be-missed webinar that goes beyond the hype to explore the real impact of AI on cybersecurity.
Join Ravid Circus, a seasoned pro in cybersecurity and AI, as we peel back the layers of AI in cybersecurity through a revealingView the full article
A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome.
The attacks have been codenamed Data Speculation Attacks via Load Address Prediction on Apple Silicon (SLAP) and Breaking theView the full article
Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total.
This breach shows just how deeply ransomwareView the full article
A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances.
The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a maximum of 10.0.
"Due to a flaw in the multi-line SNMP result parser, authenticated users can injectView the full article
The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE.
"This research focuses on completing the picture of UAC-0063's operations, particularly documenting their expansion beyond their initial focus on Central Asia,View the full article
Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access.
The vulnerability, tracked as CVE-2025-22217 (CVSS score: 8.6), has been described as an unauthenticated blind SQL injection.
"A malicious user with network access may be able to use specially crafted SQL queries to gain databaseView the full article
Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild.
"Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration," GreyNoise researcher Glenn Thorpe said in an alertView the full article
A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany.
The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a previously undocumented ********* dubbed TorNet that's delivered by means of PureCrypter. TorNet is soView the full article
Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals.
"By exploiting this flaw, attackers can gain unauthorized access to any user’s account within the system, effectively allowing them to impersonate the victim and perform an array of actions on their behalf – includingView the full article
For verified travel tips and real support, visit: [Hidden Content]
Triaging and investigating alerts is central to security operations. As SOC teams strive to keep up with ever-increasing alert volumes and complexity, modernizing SOC automation strategies with AI has emerged as a critical solution. This blog explores how an AI SOC Analyst transforms alert management, addressing key SOC challenges while enabling faster investigations and responses.
SecurityView the full article
Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar.
"ESXi appliances, which are unmonitored, are increasingly exploited as a persistence mechanism and gateway to access corporate networks widely," SygniaView the full article
While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity. Hashing, however, remains a non-negotiable. Even long secure passphrases should be hashed to prevent themView the full article
The Council of the European Union has sanctioned three individuals for allegedly carrying out "malicious cyber activities" against Estonia.
The three Russian nationals – Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov – are officers of the General Staff of the Armed Forces of the Russian Federation (GRU) Unit 29155, it said.
Per the council decision, all theView the full article
DeepSeek, the ******** AI startup that has captured much of the artificial intelligence (AI) buzz in recent days, said it's restricting registrations on the service, citing malicious attacks.
"Due to large-scale malicious attacks on DeepSeek's services, we are temporarily limiting registrations to ensure continued service," the company said in an incident report page. "Existing users can log inView the full article
Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild.
The vulnerability, tracked as CVE-2025-24085, has been described as a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges.
"Apple isView the full article
Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user's Git credentials.
"Git implements a protocol called Git Credential Protocol to retrieve credentials from the credential helper," GMO Flatt Security researcher Ry0taK, who discovered the flawsView the full article
Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, we’re breaking down the sophisticated world of AI-driven threats, key updates in regulations, and some urgent vulnerabilities in healthcare tech that need our attention.
As we unpack these complex topics, we'll equip you with sharp insights toView the full article
The Open Web Application Security Project has recently introduced a new Top 10 project - the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists.
Non-human identity security represents an emergingView the full article
A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities.
The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and PseudoGamaredon.View the full article
Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.
