Patch Your GitHub Workflows ASAP
A security vulnerability (CVE-2025-30066) has been identified in a widely used third-party GitHub Action, tj-actions/changed files. This security flaw exposes sensitive information, including valid access…
Author: Cybernoz
Critical Synology Vulnerability Allows Remote Attackers to Execute Arbitrary Code
A critical vulnerability affecting Synology’s DiskStation Manager (DSM) has been disclosed, allowing remote attackers to execute arbitrary code on vulnerable systems. This severe issue, identified…
Browser search can land you into ransomware troubles
For years, ransomware attacks have targeted individuals, corporate networks, and government agencies. However, experts are now highlighting a new method of ransomware distribution — one…
Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems
Mar 19, 2025Ravie LakshmananVulnerability / Network Security Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition…
U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog Pierluigi Paganini March 19, 2025 U.S. Cybersecurity and Infrastructure Security Agency (CISA)…
CISA Warns of Fortinet FortiOS Authentication Bypass Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert highlighting a significant vulnerability in Fortinet’s FortiOS and FortiProxy systems, which threat…
Shifting to Decentralized Data Storage: The Key to Better Data Security and Privacy
In today’s digital world, data security and privacy are more critical than ever. With the increasing number of cyberattacks, data breaches, and privacy concerns, individuals…
Protecting your iCloud data after Apple’s Advanced Data Protection removal in the UK
Advanced Data Protection (ADP) secures iCloud data with end-to-end encryption. This ensures that no one, not even Apple, can access the encrypted data, which remains…
Windows File Explorer Vulnerability Enables Network Spoofing Attacks: PoC Released
A critical vulnerability in Windows File Explorer has been discovered, allowing attackers to capture NTLM hashes and potentially exploit them for network spoofing attacks. The…
Moving beyond checkbox security for true resilience
In this Help Net Security interview, William Booth, director, ATT&CK Evaluations at MITRE, discusses how CISOs can integrate regulatory compliance with proactive risk management, prioritize…
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
Mar 19, 2025Ravie LakshmananVulnerability / DevSecOps The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise…
DCCOM And SAFC4DC: Securing Singapore’s Digital Future
Singapore’s armed forces officially launched two new commands on March 18, 2025, to safeguard the country’s critical digital infrastructure. The Defence Cyber Command (DCCOM) and…