ποΈ CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency CISA to its Known Exploited Vulnerabilities KEV catalog after reports emerged of active exploitation in the wild. The vulnerability is a case of authentication bypass that could permit an unauthenticated attacker to take over susceptible instances. It has.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two highseverity vulnerabilities are listed below CVE202453150 CVSS score 7.8 An outofbounds flaw in the USB subcomponent of Kernel that could result in information disclosure CVE202453197 CVSS score 7.8 A privilege escalation flaw in the USB subcomponent of Kernel.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π NIST Defers Pre-2018 CVEs to Tackle Growing Vulnerability Backlog π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
NIST marks CVEs pre2018 as Deferred in the NVD as agency focus shifts to managing emerging threats.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
NIST Defers Pre-2018 CVEs to Tackle Growing Vulnerability Backlog
NIST marks CVEs pre-2018 as βDeferredβ in the NVD as agency focus shifts to managing emerging threats
π Half of Firms Stall Digital Projects as Cyber Warfare Risk Surges π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Armis survey reveals that the growing threat of nationstate cyberattacks is disrupting digital transformation.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Half of Firms Stall Digital Projects as Cyber Warfare Risk Surges
Armis survey reveals that the growing threat of nation-state cyber-attacks is disrupting digital transformation
π CISA Warns of CrushFTP Vulnerability Exploitation in the Wild π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The US Cybersecurity and Infrastructure Security Agency CISA has added CVE202531161 to its Known Exploited Vulnerabilities KEV catalog.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
CISA Warns of CrushFTP Vulnerability Exploitation in the Wild
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-31161 to its Known Exploited Vulnerabilities (KEV) catalog
π Boards Urged to Follow New Cyber Code of Practice π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The British government has launched a new code of practice designed to boost corporate cyber governance.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Boards Urged to Follow New Cyber Code of Practice
The British government has launched a new code of practice designed to boost corporate cyber governance
π What Is EDR (Endpoint Detection and Response)? π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Endpoint detection and Response EDR is a cybersecurity technology that provides continuous endpoint monitoring to detect, investigate, and respond to threats. EDR solutions empower security teams to quickly identify, understand, and mitigate risks by providing realtime visibility, automated threat containment, and detailed insights into the entire attack lifecycle. How Does EDR Work? EDR software acts The post What Is EDR Endpoint Detection and Response? appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
What is EDR (Endpoint Detection and Response)?
What is endpoint detection and response (EDR), why is it essential for 24/7 cyber protection, and how can you benefit from EDR solutions?
π Google Releases April Android Update to Address Two Zero-Days π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Googles latest Android update fixes 62 flaws, including two zerodays previously used in limited targeted attacks.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Google Releases April Android Update to Address Two Zero-Days
Googleβs latest Android update fixes 62 flaws, including two zero-days previously used in limited targeted attacks
π΅οΈββοΈ 2 Android Zero-Day Bugs Under Active Exploit π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Neither security issue requires user interaction and one of the vulnerabilities was used to unlock a student activist's device in an attempt to install spyware.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
2 Android Zero-Day Bugs Under Active Exploit
Neither security issue requires user interaction, and one of the vulnerabilities was used to unlock a student activist's device in an attempt to install spyware.
ποΈ Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed details of a nowpatched security flaw in the Amazon EC2 Simple Systems Manager SSM Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution. The vulnerability could permit an attacker to create directories in unintended locations on the filesystem, execute arbitrary scripts with root privileges,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office. "One such project, officepackage, on the main website sourceforge.net, appears harmless enough, containing Microsoft Office addins copied from a.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE202448887, carries a CVSS score of 9.3 out of a maximum of 10.0. "An unverified password change vulnerability CWE620 in FortiSwitch GUI may allow a remote unauthenticated attacker to modify.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π΅οΈββοΈ 2 Android Zero-Day Bugs Under Active Exploit π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Neither security issue requires user interaction, and one of the vulnerabilities was used to unlock a student activist's device in an attempt to install spyware.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
2 Android Zero-Day Bugs Under Active Exploit
Neither security issue requires user interaction, and one of the vulnerabilities was used to unlock a student activist's device in an attempt to install spyware.
π΅οΈββοΈ UK Orgs Pull Back Digital Projects With Looming Threat of Cyberwarfare π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Artificial intelligence poses a significant concern when it comes to nationstate cyberthreats and AI's ability to supercharge attacks.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
UK Orgs Pull Back Digital Projects
Artificial intelligence poses a significant concern when it comes to nation-state cyberthreats and AI's ability to supercharge attacks.
π1
π Google Cloud: China Achieves βCyber Superpowerβ Status π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Google Clouds Sandra Joyce said that Chinese state actors advanced techniques and ability to stay undetected pose huge challenges.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Google Cloud: China Achieves βCyber Superpowerβ Status
Google Cloudβs Sandra Joyce said that Chinese state actorsβ advanced techniques and ability to stay undetected pose huge challenges
π¦
ICS Vulnerability Report: Energy, Manufacturing Device Fixes Urged by Cyble π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
ICS Vulnerability Report " dataimagecaption"ICS Vulnerability Report " datamediumfile"httpscyble.comwpcontentuploads202504ICSVulnerabilityReport300x150.png" datalargefile"httpscyble.comwpcontentuploads202504ICSVulnerabilityReport1024x512.png" title"ICS Vulnerability Report Energy, Manufacturing Device Fixes Urged by Cyble 1" Overview The Cyble report, part of the latest ICS Vulnerability Report, examined 70 ICS, Operational Technology OT, and Supervisory Control and Data Acquisition SCADA vulnerabilities identified in 16 recent advisories issued by the U.S. Cybersecurity and Infrastructure Security Agency CISA. Cyble highlighted several critical industrial control system ICS vulnerabilities in recent reports to clients, with the most severe vulnerabilities reaching 9.8 to 9.9 ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
ICS Vulnerability Report: Energy, Manufacturing Fixes Urged
Explore Cybleβs ICS Vulnerability Report uncovering critical flaws in energy, manufacturing & OT systems. Learn how to mitigate ICS cyber risks effectively.
π¦
ICS Vulnerability Report: Energy, Manufacturing Device Fixes Urged by Cyble π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
ICS Vulnerability Report " dataimagecaption"ICS Vulnerability Report " datamediumfile"httpscyble.comwpcontentuploads202504ICSVulnerabilityReport300x150.png" datalargefile"httpscyble.comwpcontentuploads202504ICSVulnerabilityReport1024x512.png" title"ICS Vulnerability Report Energy, Manufacturing Device Fixes Urged by Cyble 1" Overview The Cyble report, part of the latest ICS Vulnerability Report, examined 70 ICS, Operational Technology OT, and Supervisory Control and Data Acquisition SCADA vulnerabilities identified in 16 recent advisories issued by the U.S. Cybersecurity and Infrastructure Security Agency CISA. Cyble highlighted several critical industrial control system ICS vulnerabilities in recent reports to clients, with the most severe vulnerabilities reaching 9.8 to 9.9 ...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
ICS Vulnerability Report: Energy, Manufacturing Fixes Urged
Explore Cybleβs ICS Vulnerability Report uncovering critical flaws in energy, manufacturing & OT systems. Learn how to mitigate ICS cyber risks effectively.
π¦Ώ Can VPNs Be Tracked by the Police? π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
VPNs are popular due to the fact they add security and privacy to what are otherwise fairly open WiFi and public internet channels. But can VPNs be tracked by the police?.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Can VPNs Be Tracked by the Police?
VPNs are popular because they add security to fairly open Wi-Fi and public internet channels. But can VPNs be tracked by the police?
π Google Cloud: CISOs Demand Simplified Security Tools Amid Growing Tech Complexity π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Google Cloud announced a number of security products designed to reduce complexity for security leaders.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Google Cloud: CISOs Demand Simplified Security Tools Amid Growing Tech Complexity
Google Cloud announced a number of security products designed to reduce complexity for security leaders
π Over 40% of UK Businesses Faced Cybersecurity Breaches in 2024 π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The Cyber Security Breaches Survey 2025 has been released by the UK Home Office and DSIT today, reporting a slight decline in incidents compared to 2024 report.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Over 40% of UK Businesses Faced Cybersecurity Breaches in 2024
The Cyber Security Breaches Survey 2025 has been released by the UK Home Office and DSIT today, reporting a slight decline in incidents compared to 2024 report
π’ Seized database helps Europol snare botnet customers in βOperation Endgameβ follow-up sting π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Europol has detained several people believed to be involved in a botnet operation as part of a followup to a major takedown last year.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Seized database helps Europol snare botnet customers in βOperation Endgameβ follow-up sting
Customers of the SmokeLoader malware have been detained