Ruby on Rails Vulnerability Let Bypass CSRF Protections
Security experts revealed a critical vulnerability in Ruby on Rails that allows attackers to bypass Cross-Site Request Forgery (CSRF) protections. The flaw, disclosed on April…
Latest Cybersecurity News — Page 2097
View all →
The Quantum Threat Is Closer Than You Think: Why Critical Infrastructure Must Act Now
For decades, our digital world has relied on cryptography to keep secrets safe. From the passwords we type into banking apps to the encrypted communications…
Is the Investigatory Powers Tribunal powerless?
According to a recent finding by a panel of five tribunal judges, the Investigatory Powers Tribunal (IPT) has no statutory powers to impose financial sanctions…
Hive0117 group targets Russian firms with new variant of DarkWatchman malware
Hive0117 group targets Russian firms with new variant of DarkWatchman malware Pierluigi Paganini May 01, 2025 Hive0117 targets Russian firms in multiple sectors with phishing…
Oracle VirtualBox Vulnerability Exposes Systems to Privilege Escalation Attacks
A critical security flaw in Oracle VM VirtualBox (CVE-2024-21113) has been patched after researchers discovered it could allow local attackers to escalate privileges and compromise…
Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach
May 01, 2025Ravie LakshmananZero-Day / Threat Intelligence Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment…
Two SonicWall SMA100 flaws actively exploited in the wild
Two SonicWall SMA100 flaws actively exploited in the wild Pierluigi Paganini May 01, 2025 SonicWall confirmed that threat actors actively exploited two vulnerabilities impacting its…
How CISOs Can Balance Innovation and Security in a Digital-First World
In today’s fast-paced digital landscape, CISOs play a pivotal role in organizational success, navigating the critical balance of innovation vs security in a digital-first world.…
FBI Uncovers 42,000 Phishing Domains Tied to LabHost PhaaS Operation
The Federal Bureau of Investigation (FBI) has revealed the existence of 42,000 phishing domains associated with the notorious LabHost phishing-as-a-service (PhaaS) platform. This operation, which…
SonicWall OS Command Injection Vulnerability Exploited in the Wild
SonicWall has issued an urgent warning to customers that threat actors are actively exploiting a high-severity command injection vulnerability in its Secure Mobile Access (SMA)…
North Korea Stole Your Job
Even security experts can be fooled. In July 2024, Knowbe4, a Florida-based company that offers security training, discovered that a new hire known as “Kyle”…
Apache ActiveMQ Vulnerability Lets Remote Hackers Execute Arbitrary Code
A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered, enabling remote attackers to execute arbitrary code on unpatched systems. Tracked…