Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk

/in

More than 5,000 Ivanti Connect Secure appliances are vulnerable to attacks exploiting CVE-2025-22457, which has been used by Chinese hackers.

The post Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk appeared first on SecurityWeek.

SecurityWeek – ​Read More

CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation

/in

A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog after reports emerged of active exploitation in the wild.
The vulnerability is a case of authentication bypass that could permit an unauthenticated attacker to take over susceptible instances. It has

The Hacker News – ​Read More

Threat Actors Setting Up Persistent Access to Hosts Hacked in CrushFTP Attacks

/in

Huntress has shared details on the post-exploitation activities of threat actors targeting the recent CrushFTP vulnerability.

The post Threat Actors Setting Up Persistent Access to Hosts Hacked in CrushFTP Attacks appeared first on SecurityWeek.

SecurityWeek – ​Read More

Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities

/in

Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild.
The two high-severity vulnerabilities are listed below –

CVE-2024-53150 (CVSS score: 7.8) – An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure
CVE-2024-53197 (CVSS score: 7.8) – A privilege escalation flaw in the USB sub-component of Kernel

The Hacker News – ​Read More

Neptune RAT Variant Spreads via YouTube to Steal Windows Passwords

/in

A new Neptune RAT variant is being shared via YouTube and Telegram, targeting Windows users to steal passwords and deliver additional malware components.

Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News – ​Read More

$115 million just poured into this startup that makes engineering 1,000x faster — and Bezos, Altman, and Nvidia are all betting on its success

/in

Credit: VentureBeat made with Midjourney

Rescale secures $115 million in Series D funding to accelerate AI physics technology that speeds up engineering simulations by 1000x, backed by tech luminaries including Bezos and Altman.Read More

Security News | VentureBeat – ​Read More

Google’s Sec-Gemini v1 Takes on Hackers & Outperforms Rivals by 11%

/in

Sec-Gemini v1 has access to real-time cybersecurity data from trusted sources including Google Threat Intelligence, Mandiant’s attack reports, and the Open Source Vulnerabilities database.

Security | TechRepublic – ​Read More

ToddyCat APT Targets ESET Bug to Load Silent Malware

/in

Researchers found the threat actor attempting to use the now-patched flaw to load and execute a malicious dynamic link library on infected systems.

darkreading – ​Read More

NIST to Implement ‘Deferred’ Status to Dated Vulnerabilities

/in

The changes will go into effect over the next several days to reflect which CVEs are being prioritized in the National Vulnerability Database (NVD).

darkreading – ​Read More

PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry

/in

As PCI DSS 4.0.1 comes into force, it shows the power of industry collaboration in cybersecurity.

The post PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry appeared first on SecurityWeek.

SecurityWeek – ​Read More