Explosive Growth of Non-Human Identities Creating Massive Security Blind Spots
Apr 09, 2025The Hacker NewsSecrets Management / DevOps GitGuardian’s State of Secrets Sprawl report for 2025 reveals the alarming scale...
Read more →Category: TheHackerNews
CISA Warns of CentreStack’s Hard-Coded MachineKey Vulnerability Enabling RCE Attacks
Apr 09, 2025Ravie LakshmananApplication Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical...
Read more →
PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware
Apr 09, 2025Ravie LakshmananVulnerability / Ransomware Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File...
Read more →
Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability
Apr 09, 2025Ravie LakshmananEndpoint Security / Vulnerability Microsoft has released security fixes to address a massive set of 126 flaws...
Read more →
Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered
Apr 09, 2025Ravie LakshmananSoftware Security / Vulnerability Adobe has released security updates to fix a fresh set of security flaws,...
Read more →
Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings
Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software...
Read more →
Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw
Apr 08, 2025Ravie LakshmananNetwork Security / Vulnerability Fortinet has released security updates to address a critical security flaw impacting FortiSwitch...
Read more →
Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal
Apr 08, 2025Ravie LakshmananCloud Security / Vulnerability Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon...
Read more →
UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with...
Read more →
Agentic AI in the SOC
Security Operations Centers (SOCs) today face unprecedented alert volumes and increasingly sophisticated threats. Triaging and investigating these alerts are costly,...
Read more →
CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation
Apr 08, 2025Ravie LakshmananCyber Attack / Vulnerability A recently disclosed critical security flaw impacting CrushFTP has been added by the...
Read more →
Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities
Apr 08, 2025Ravie LakshmananMobile Security / Vulnerability Google has shipped patches for 62 vulnerabilities, two of which it said have...
Read more →