Engineering firm Smiths Group has disclosed a cyberattack that forced it to take some systems offline and activate business continuity plans.
The post Smiths Group Scrambling to Restore Systems Following Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More
A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances.
The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a maximum of 10.0.
“Due to a flaw in the multi-line SNMP result parser, authenticated users can inject
The Hacker News – Read More
Threat actors have been exploiting SimpleHelp remote access software shortly after the disclosure of three vulnerabilities.
The post SimpleHelp Remote Access Software Exploited in Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total.
This breach shows just how deeply ransomware
The Hacker News – Read More
Frenos, a company that has developed an autonomous OT security assessment platform, has raised $3.88 million in seed funding.
The post Frenos Raises $3.88M in Seed Funding for OT Security Assessment Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access.
The vulnerability, tracked as CVE-2025-22217 (CVSS score: 8.6), has been described as an unauthenticated blind SQL injection.
“A malicious user with network access may be able to use specially crafted SQL queries to gain database
The Hacker News – Read More
Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild.
“Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration,” GreyNoise researcher Glenn Thorpe said in an alert
The Hacker News – Read More
The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE.
“This research focuses on completing the picture of UAC-0063’s operations, particularly documenting their expansion beyond their initial focus on Central Asia,
The Hacker News – Read More
MGM Resorts International agreed to pay $45 million to settle multiple class action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023.
The Record from Recorded Future News – Read More
The now-fixed vulnerability involved a major travel services company that’s integrated with dozens of airline websites worldwide.
darkreading – Read More