Companies Warned of Commvault Vulnerability Exploitation
The ongoing exploitation of a Commvault vulnerability that was targeted as a zero-day is likely part of a broader campaign against software-as-a-service (SaaS) solutions, the…
Category: SecurityWeek
Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks
A China-linked threat actor exploited a Trimble Cityworks zero-day vulnerability in attacks against local government entities in the US, Cisco Talos reports. Tracked as CVE-2025-0994…
DanaBot Botnet Disrupted, 16 Suspects Charged
The notorious DanaBot botnet has been severely disrupted as part of an international law enforcement operation, which also involved charges and arrest warrants targeting over…
Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors
A China-linked cyberespionage group has been exploiting two recent Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities in attacks targeting critical sectors in Europe, North America, and…
Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw
Akamai’s security team kicked off a new spat in the vulnerability disclosure world by publishing full exploitation details for “BadSuccessor,” an unpatched privilege-escalation flaw in…
Security Theater or Real Defense? The KPIs That Tell the Truth
A critical step in maturing any cybersecurity program is the ability to measure and report on its performance. Yet measuring cybersecurity remains notoriously difficult, often…
Marlboro-Chesterfield Pathology Data Breach Impacts 235,000 People
Marlboro-Chesterfield Pathology (MCP), a full service anatomic pathology lab in North Carolina, was recently targeted in a ransomware attack that resulted in many personal information…
Marks & Spencer Expects Ransomware Attack to Cost $400 Million
UK retailer Marks & Spencer (MKS.L) has shared another update on the impact of the recent cyberattack, and the company estimates that the incident will…
Taming the Hacker Storm: Why Millions in Cybersecurity Spending Isn’t Enough
According to the AV-TEST Institute, more than 450,000 new malicious applications are found every day, illustrating the rapid rate of malware spread. Despite substantial investments…
Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities
Cisco on Wednesday published 10 security advisories detailing over a dozen vulnerabilities across its products, including two high-severity flaws in its Identity Services Engine (ISE)…
GitLab, Atlassian Patch High-Severity Vulnerabilities
GitLab and Atlassian this week announced the release of patches for over a dozen vulnerabilities across their product portfolios, including multiple high-severity bugs. On Tuesday,…
CISA Says Russian Hackers Targeting Western Supply-Lines to Ukraine
The US government’s cybersecurity agency CISA is sounding the alarm over what it calls an “elevated threat” from Russia’s military-intelligence hackers, warning that Unit 26165…