Oregon’s environmental agency won’t say if a group of hackers stole data in a cyberattack that was first announced earlier this month.
The post Oregon Agency Won’t Say If Hackers Stole Data in Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More
Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access.
The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities –
CVE-2024-58136 (CVSS score: 9.0) – An improper protection of alternate path flaw in the Yii PHP
The Hacker News – Read More
4chan is partly back online after a hack took the infamous image-sharing site down for nearly two weeks. The site first went down on April 14, with the person responsible for the hack apparently leaking data including a list of moderators and “janitors” (one janitor told TechCrunch they were “confident” that the leaked data was […]
Security News | TechCrunch – Read More
Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year.
“The attack involves the use of AzureChecker.exe, a Command Line Interface (CLI) tool that is being used by a wide range of threat actors,” the Microsoft Threat Intelligence team said in an analysis.
The tech giant noted that
The Hacker News – Read More
Perhaps no one in the world has made such catastrophic tech flubs this year as U.S. Secretary of Defense Pete Hegseth. The saga started when the editor-in-chief of The Atlantic, Jeffrey Goldberg, reported that he had been mistakenly added to an unauthorized Signal group chat by U.S. National Security Advisor Michael Waltz, where numerous high-ranking […]
Security News | TechCrunch – Read More
Immersive security researchers discovered critical vulnerabilities in Planet Technology network management and switch products, allowing full device control.…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
A critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer puts systems at risk of full compromise. Learn how…
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Cynomi announced a new $37 million Series B funding to grow its AI-powered vCISO platform for MSPs and MSSPs.
The post Cynomi Raises $37 Million Series B to Expand Its vCISO Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS.
The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN).
“LAGTOY can be
The Hacker News – Read More
Plus: Cybercriminals stole a record-breaking fortune from US residents and businesses in 2024, and Google performs its final flip-flop in its yearslong quest to kill tracking cookies.
Security Latest – Read More