Massive NPM Supply Chain Attack Earned Attackers Only $600
A massive NPM supply chain attack that hit about 10% of all cloud environments yielded little for the hackers who engineered the compromise. That’s the…
Category: DarkReading
SAP Patches Critical CVE-2025-42944 In NetWeaver
SAP has released a new security update addressing a broad range of vulnerabilities across its product ecosystem. Among the most alarming is a critical vulnerability…
FTC Urged To Investigate Microsoft On Outdated RC4 Encryption And Kerberoasting Flaws
A fresh firestorm has erupted over Microsoft’s handling of cybersecurity risks, with U.S. Senator Ron Wyden (D-OR) calling on the Federal Trade Commission (FTC) to…
SonicWall SSL VPN Flaw CVE-2024-40766 Actively Exploited
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has issued an urgent alert regarding active exploitation of a critical security flaw identified as…
LockerGoga, MegaCortex, Nefilim Ransomware Mastermind On Europe’s Most Wanted List
The U.S. Department of Justice has unsealed charges against Ukrainian national for administering the LockerGoga, MegaCortex, and Nefilim ransomware operations, while the Europol has placed…
Apple Introduces Memory Integrity Enforcement In IPhone 17 To Fight Spyware Exploits
Apple has introduced Memory Integrity Enforcement (MIE), a system-wide security feature designed to crush one of the most persistent threats to iPhone users—that of Spyware.…
Critical Adobe Commerce Flaw CVE-2025-54236 Alert
Adobe has issued an urgent security advisory, specifically for CVE-2025-54236, also known as SessionReaper, affecting Adobe Commerce and Magento Open-Source platforms. This flaw has been…
Patch Tuesday September 2025 Fixes Risky Kernel Flaws
Three high-risk Windows kernel flaws were among the fixes included in Microsoft’s September 2025 Patch Tuesday updates released today. In all, the Patch Tuesday September…
New Linux Botnet Combines Cryptomining And DDoS Attacks
Cyble threat intelligence researchers have identified a sophisticated Linux botnet built for cryptocurrency mining, remote command execution, and dozens of DDoS attack types. Cyble Research…
Black Hat USA 2025 CISO Podcast Series Ep-6 Goes Live
Artificial Intelligence (AI) is no longer just a buzzword in cybersecurity—it has become a practical and powerful tool that enterprises are using to stay ahead…
Salesloft Drift Cyberattack Hits Major Tech Companies
A Salesloft Drift cyberattack has compromised the Salesforce environments of numerous organizations, exposing customer data and credentials in a growing software supply chain incident. Triggered…
Jaguar Land Rover Cyberattack Halts Global Production
Jaguar Land Rover (JLR) has been forced to extend the shutdown of its UK manufacturing operations following a cyberattack on August 31. The Jaguar Land…