Cybersecurity News Hero

Combing the world for the cybersecurity stories you need to know.

Cybersecurity News
VSPC Veeam vulnerabilities
Critical Flaws in Veeam Service Provider Console Demand Urgent Action
January 17, 2025
Veeam, a provider of data replication and protection software, released critical security patches to fix severe vulnerabilities affecting its Service Provider Console (VSPC). One of the vulnerabilities is rated as critical (9.9/10 on the CVSS…
Read More >
China-based threat actors
Inside the Four-Month Espionage Campaign by Suspected Chinese Threat Actors
January 16, 2025
In mid-2024, a large U.S. organization with sizeable operations in China was targeted by a persistent attack thought to originate from Chinese actors. The reported intrusion lasted four months, from April to August, with the…
Read More >
Cloak ransomware Halcyon
Cloak Ransomware: The Rising Threat with Advanced Disruption Techniques
January 15, 2025
The Cloak ransomware group emerged in late 2022 and has quickly become a major cybersecurity threat. By targeting small- to medium-sized businesses (SMBs) across Europe and Asia, Cloak has made a significant impact with its…
Read More >
Black Basta ransomware
The Evolution of Black Basta’s Ransomware Tactics
January 14, 2025
Ransomware continues to evolve as one of the most significant threats in the entire cybersecurity landscape, and not surprisingly, the industry is now seeing an increase in the total number of ransomware groups. Recent research…
Read More >
CISA CWE Top 25 vulnerabilities
Breaking Down the 2024 CWE Top 25: Addressing the Most Dangerous Software Weaknesses
January 10, 2025
A new year is a time for reflection. Looking at what happened in the prior year and setting goals for the future year. This applies to all activities, including software weaknesses. The Cybersecurity and Infrastructure…
Read More >
Rockstar 2FA MFA phishing
Rockstar 2FA: The New Face of Phishing-as-a-Service and MFA Exploitation
January 08, 2025
Phishing-as-a-service (PhaaS) has turned phishing from a niche skill into a scalable, accessible business model. Rockstar 2FA, a new entrant in this market, takes things further by employing adversary-in-the-middle (AiTM) techniques to bypass multi-factor authentication…
Read More >
Geico Travelers insurance data breach fraud
Geico and Travelers Fined $11M for Data Breaches
January 08, 2025
In November, Geico and Travelers were fined a combined $11 million for data breaches that exposed the personal information of more than 120,000 individuals and contributed to COVID-19 fraud. The New York Office of the…
Read More >
CVE-2014-2120 Cisco ASA vulnerability
Cisco ASA Vulnerability Resurfaces as Active Threat
January 07, 2025
A security vulnerability from ten years ago has recently been exploited in the wild again: CVE-2014-2120, first recognized in March 2014, is a vulnerability in Cisco Adaptive Security Appliance’s (ASA) WebVPN login page. In November…
Read More >
DocuSign API security phishing scam
DocuSign Impersonation Attacks Exploit Trust in Government Communications
January 02, 2025
DocuSign is the centerpiece of an alarming new wave of phishing scams. These schemes mimic communications from government agencies, such as state licensing boards and municipal offices, preying on the trust businesses place in these…
Read More >
SLED cyber resilience
US SLED Leaders Struggle to Find Balance Between Innovation and Risk
December 30, 2024
Managed security service provider LevelBlue has released the 2024 LevelBlue Futures Report: Cyber Resilience in U.S. State and Local Government and Higher Education (SLED), exploring the state of cyber resilience in U.S. SLED institutions. The…
Read More >
needrestart Ubuntu Linux
Decade-Old Vulnerabilities in Ubuntu's 'needrestart' Utility Exposed
December 29, 2024
“How did I not see that?” is the refrain when something new is discovered after the fifth watching of a movie. Software security vulnerability researchers also have those moments. For over a decade, five critical…
Read More >
Finastra data security breach
Finastra's Secure File Transfer Platform Breached: 400GB of Data at Risk
December 28, 2024
Finastra is a leading financial technology firm that serves over 8,000 institutions across the globe, providing software and services to 45 of the world’s top 50 banks. Reporting $1.9 billion in revenue last year, Finastra…
Read More >
Smokeloader
Old Exploits, New Threats: How SmokeLoader Continues to Haunt Vulnerable Systems
December 18, 2024
What is old is new again. That could be the mantra for cybersecurity vulnerabilities. The focus is on discovering new vulnerabilities before attackers can use them, but according to an August 2023 cybersecurity advisory published…
Read More >
Microsoft AD CVE-2024-49019
Privilege Escalation Time Bomb: Microsoft AD CS Vulnerability Puts Domains at Risk
December 17, 2024
A newly uncovered flaw in Microsoft’s Active Directory Certificate Services (AD CS), CVE-2024-49019, exposes enterprise domains to significant risk. By exploiting misconfigured certificate templates, attackers can escalate privileges to Domain Administrator, gaining unrestricted control over…
Read More >
New Year 9253766 1280
From Insider Risks to Hacker Wars: The Trends Redefining Cybersecurity in 2025
December 16, 2024
Earlier this month, Experian released its 12th Annual Data Breach Industry Forecast, which outlines several predictions for cybersecurity trends to watch in 2025. The report also reveals a sobering new reality: the very technologies designed…
Read More >
Faucet 1684902 1280
The Hidden Cyber Threats Endangering U.S. Drinking Water Systems
December 13, 2024
In January of 2024, several water and wastewater plants in Texas were targeted by hackers, later linked to a Russian group, who gained access to certain supervisory control and data acquisition (SCADA) systems. Fortunately, consequences…
Read More >
Code 820275 1280
New Report Warns of AppSec Fatigue and AI Overconfidence Threatening Open Source Software Security
December 12, 2024
The 2024 State of Open Source Security report reveals a troubling new trend: “AppSec fatigue,” where open source development teams are increasingly overwhelmed by the high volume of security vulnerabilities they must address to develop…
Read More >
Jet 2736962 1280
The Dream Job Scam: Iranian Hackers Target Aerospace Sector with Sophisticated Cyber Espionage
December 11, 2024
The promise of a dream job is a powerful lure. For employees in the aerospace and defense industries, it’s also become a dangerous one. An advanced cyber-espionage campaign, dubbed the Iranian "Dream Job" scam, has…
Read More >
Subscribe for the Latest News

"*" indicates required fields

Consent*
This field is for validation purposes and should be left unchanged.
Webinars
Beyond Golden Images: How to Build Secure Container Images at Scale
Register Now
Bridge the Cybersecurity Skills Gap with Managed Security Services
Register Now
Mastering Third-party Risk Management: Strategies for Enhanced Cybersecurity
Register Now