Sam’s Club investigating attack claim linked to Clop ransomware

The prolific gang is linked to the exploitation of critical flaws in Cleo file transfer software.

By David Jones • April 1, 2025

Critical vulnerability in CrushFTP file transfer software under attack

Questions and confusion surround the authentication bypass vulnerability, which was privately disclosed to customers on March 21.

By Rob Wright • April 1, 2025

CISA warns new malware targeting Ivanti zero-day vulnerability

CVE-2025-0282, a critical vulnerability that affects Ivanti’s Connect Secure, Policy Secure and ZTA Gateway products, was disclosed and patched in January.

By Rob Wright • March 31, 2025

Cybersecurity firms brace for impact of potential Oracle Cloud breach

As evidence continues to pile up, security providers warn customers to secure networks.

By David Jones • March 28, 2025

Solar power gear vulnerable to remote sabotage

Security flaws underscore the risk of cyber threat actors commandeering parts of the electric grid.

By Eric Geller, Contributing Reporter • March 28, 2025

Threat actor in Oracle Cloud breach may have gained access to production environments

Researchers from CloudSEK are analyzing a data sample from a threat actor that claimed a massive breach involving 6 million records. 

By David Jones • March 27, 2025

DrayTek routers face active exploitation of older vulnerabilities

The company’s devices are also randomly rebooting in connection with additional CVEs disclosed earlier this month.

By David Jones • March 26, 2025

Russian threat actor weaponized Microsoft Management Console flaw

A threat actor known as “EncryptHub” began exploiting the zero-day vulnerability before it was patched earlier this month.

By Elizabeth Montalbano, Contributing Reporter • Updated March 26, 2025

Critical vulnerabilities put Kubernetes environments in jeopardy

Wiz researchers warned that several CVEs in Ingress NGINX Controller for Kubernetes make nearly half of all cloud environments at risk of takeover.

By Rob Wright • Updated March 25, 2025

Critical Apache Tomcat RCE vulnerability exploited

Attack attempts via CVE-2025-24813 are underway, but successful attacks require specific, non-default configurations, according to GreyNoise.

By Rob Wright • March 24, 2025

How ASPM gives you control over complex architectures

ASPM gives organizations control by unifying risk data, automating threat analysis, and prioritizing vulnerabilities based on their business impact.

By Sohail Iqbal, Chief Information Security Officer, Veracode • March 24, 2025

Coinbase originally targeted during GitHub Action supply chain attack

Researchers from Palo Alto Networks said the hackers likely planned to leverage an open source project of the company for additional attacks.

By David Jones • March 21, 2025

GitHub Action compromise linked to previously undisclosed attack

Researchers uncovered a March 11 incident that may have led to the larger supply chain attack.  

By David Jones • March 20, 2025

Cisco Smart Licensing Utility flaws under attack

The SANS Internet Storm Center reported exploitation attempts against two critical vulnerabilities, which were initially disclosed in September.

By Rob Wright • March 20, 2025

11 nation-state groups exploit unpatched Microsoft zero-day

The tech giant has yet to address a vulnerability that allows for malicious payloads to be delivered via Windows shortcut files and has been under active attack for eight years.

By Elizabeth Montalbano, Contributing Reporter • March 19, 2025

AI project failure rates are on the rise: report

The share of businesses scrapping most of their AI initiatives increased to 42% this year, up from 17% last year, according to S&P Global Market Intelligence. 

By Lindsey Wilkinson • March 18, 2025

Supply chain attack against GitHub Action triggers massive exposure of secrets

The incident highlights ongoing security concerns in the software supply chain.

By David Jones • March 17, 2025

SuperBlack ransomware used to exploit Fortinet vulnerabilities

A report by Forescout Research points to a threat actor with ties to LockBit.

By David Jones • March 14, 2025

Juniper MX routers targeted by China-nexus threat group using custom backdoors

The devices have reached end-of-life status and need to be upgraded, as the company has issued in a security advisory.

By David Jones • March 12, 2025

CISA: 3 Ivanti endpoint vulnerabilities exploited in the wild

Researchers last month published a proof-of-concept exploit for the critical flaws in Endpoint Manager.

By Rob Wright • March 11, 2025

Critical PHP vulnerability under widespread cyberattack

Telemetry data shows spikes in exploits of CVE-2024-4577 across several countries in recent months.

By Rob Wright • March 10, 2025

Eleven11bot estimates revised downward as researchers point to Mirai variant

The botnet has been involved in DDoS activity targeting telecom companies and gaming platforms.

By David Jones • March 7, 2025

37K+ VMware ESXi instances vulnerable to critical zero-day

Some customers have been unable to download the patches for three VMware zero-day vulnerabilities due to an issue with the Broadcom Support Portal.

By Rob Wright • March 6, 2025

Broadcom urges customers to patch 3 zero-day VMware flaws

Cyberattackers with administrative access are actively exploiting vulnerabilities in ESXi, Workstation and Fusion products.

By Elizabeth Montalbano, Contributing Reporter • March 5, 2025

Microsoft-signed driver used in ransomware attacks

Threat actors are exploiting a privilege escalation flaw in Paragon Partition Manager for “bring your own vulnerable driver” (BYOVD) attacks.

By Rob Wright • March 3, 2025