Attackers chained Craft CMS zero-days attacks in the wild
Attackers chained Craft CMS zero-days attacks in the wild Pierluigi Paganini April 28, 2025 Orange Cyberdefense’s CSIRT reported that threat actors exploited two vulnerabilities in…
Month: April 2025
Viasat Modems Zero-Day Vulnerabilities Let Attackers Execute Remote Code
A severe zero-day vulnerability has been uncovered in multiple Viasat satellite modem models, including the RM4100, RM4200, EM4100, RM5110, RM5111, RG1000, RG1100, EG1000, and EG1020.…
Critical FastCGI Library Flaw Exposes Embedded Devices to Code Execution
A severe vulnerability (CVE-2025-23016) in the FastCGI library-a core component of lightweight web server communication been disclosed, threatening countless embedded and IoT devices with remote…
WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors
Apr 28, 2025Ravie LakshmananWebsite Security / Malware Cybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging…
A Key Weapon in the Ongoing War Between Hackers and Defenders
Obfuscation stands as a powerful weapon for attackers seeking to shield their malicious code from defenders. This technique, which deliberately makes code hard to understand…
Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised
Apr 28, 2025Ravie LakshmananWeb Application Security / Vulnerability Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day…
FTC Announces New, Stricter Children’s Privacy Rule
After years of consideration and public comment, the Federal Trade Commission (FTC) has officially updated its Children’s Online Privacy Protection Act (COPPA) rule, which will…
React Router Vulnerabilities Allow Attackers to Spoof Content and Alter Values
Why Application Security is Non-Negotiable The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak…
Iluka Resources picks control system for rare earths refinery
Iluka Resources will implement a Honeywell-made distributed control system at its Eneabba rare earths refinery, which is scheduled for commissioning in 2027. The refinery will work…
Securing Agentic AI and Beyond — API Security
We recently released The Rise of Agentic AI, our API ThreatStats report for Q1 2025, finding that evolving API threats are fueled by the rise of…
New iOS Critical Vulnerability That Could Brick iPhones With a Single Line of Code
A critical vulnerability in iOS could allow malicious applications to disable iPhones with just a single line of code permanently. The vulnerability, assigned CVE-2025-24091, leverages…
Three IXON VPN Client Vulnerabilities let Attackers Escalate Privileges
Security researchers at Shelltrail have discovered three significant vulnerabilities in the IXON VPN client that could allow attackers to escalate privileges on both Windows and…