Progress Software has addressed multiple high-severity security flaws in its LoadMaster software that could be exploited by malicious actors to execute arbitrary system commands or download any file from the system.
Kemp LoadMaster is a high-performance application delivery controller (ADC) and load balancer that provides availability, scalability, performance, and security for business-criticalView the full article
Gcore’s latest DDoS Radar report analyzes attack data from Q3–Q4 2024, revealing a 56% YoY rise in the total number of DDoS attacks with the largest attack peaking at a record 2 Tbps. The financial services sector saw the most dramatic increase, with a 117% rise in attacks, while gaming remained the most-targeted industry. This *******’s findings emphasize the need for robust, adaptive DDoSView the full article
Imagine you're considering a new car for your family. Before making a purchase, you evaluate its safety ratings, fuel efficiency, and reliability. You might even take it for a test drive to ensure it meets your needs. The same approach should be applied to software and hardware products before integrating them into an organization's environment. Just as you wouldn’t buy a car without knowing itsView the full article
Threat actors have observed the increasingly common ClickFix technique to deliver a remote access ******* named NetSupport RAT since early January 2025.
NetSupport RAT, typically propagated via bogus websites and fake browser updates, grants attackers full control over the victim's host, allowing them to monitor the device's screen in real-time, control the keyboard and mouse, upload and downloadView the full article
Source: The Nation
A coordinated law enforcement operation has taken down the dark web data leak and negotiation sites associated with the 8Base ransomware gang.
Visitors to the data leak site are now greeted with a seizure banner that says: "This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public ProsecutorView the full article
Apple on Monday released out-of-band security updates to address a security flaw in iOS and iPadOS that it said has been exploited in the wild.
Assigned the CVE identifier CVE-2025-24200, the vulnerability has been described as an authorization issue that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack.
ThisView the full article
Threat actors have been observed leveraging Google Tag Manager (GTM) to deliver credit card skimmer malware targeting Magento-based e-commerce websites.
Website security company Sucuri said the code, while appearing to be a typical GTM and Google Analytics script used for website analytics and advertising purposes, contains an obfuscated ********* capable of providing attackers with persistentView the full article
In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket—each one seems minor until it becomes the entry point for an attack.
This week, we’ve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system is too small to be targeted. The questionView the full article
Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture.
With over 18,000 customers, Okta serves as the cornerstone of identity governance and security forView the full article
Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware.
"It is likely that the campaign is financially motivated since redirecting users to ******** gambling websites shows that attackers deploy BadIIS for profit," Trend Micro researchers Ted Lee andView the full article
Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions.
The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affectingView the full article
Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems.
The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrimeView the full article
Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection.
"The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of the file," ReversingLabs researcher Karlo Zanki said in a report shared with The Hacker News. "View the full article
A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks.
The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user andView the full article
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution.
"This couldView the full article
The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It’s the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution.
This article explores how these changes are impacting business, and how cybersecurity leaders can respond.
Impersonation attacks:View the full article
Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers' pathway.
The tech giant's threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NETView the full article
India's central bank, the Reserve Bank of India (RBI), said it's introducing an exclusive "bank.in" internet domain for banks in the country to combat digital financial fraud.
"This initiative aims to reduce cyber security threats and malicious activities like phishing; and, streamline secure financial services, thereby enhancing trust in digital banking and payment services," the RBI said in aView the full article
Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp's Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack.
The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in aView the full article
Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access ******* called ValleyRAT.
The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting ********-speaking regions like Hong Kong, Taiwan, and Mainland China.
"This actor has increasingly targeted key rolesView the full article
Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023.
The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by about 3.94%.
"The number of ransomware events increased into H2, but on-chain payments declined,View the full article
A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets.
The attacks leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to a command-and-control (C2) server,View the full article
Privileged Access Management (PAM) has emerged as a cornerstone of modern cybersecurity strategies, shifting from a technical necessity to a critical pillar in leadership agendas. With the PAM market projected to reach $42.96 billion by 2037 (according to Research Nester), organizations invest heavily in PAM solutions.
Why is PAM climbing the ranks of leadership priorities? While GartnerView the full article
The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC).
The attacks commence with phishing emails containing a Windows shortcut (LNK) file that's disguised as a Microsoft Office or PDF document.View the full article
You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: "Pay $2 million in Bitcoin within 48 hours or lose everything."
And the worst part is that even after paying, there’s no guarantee you’ll get your data back. Many victims hand over the money, only to receive nothing in return, or worse, getView the full article
Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.
