Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution

Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution.
The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been described as a case of prototype pollution.
“Prototype pollution in Kibana leads to

The Hacker News – ​Read More

Nigerian Accused of Hacking Tax Preparation Firms Extradited to US

Matthew Akande was extradited to the US to face charges for his role in hacking into Massachusetts tax preparation firms’ networks.

The post Nigerian Accused of Hacking Tax Preparation Firms Extradited to US appeared first on SecurityWeek.

SecurityWeek – ​Read More

Outsmarting Cyber Threats with Attack Graphs

Cyber threats are growing more sophisticated, and traditional security approaches struggle to keep up. Organizations can no longer rely on periodic assessments or static vulnerability lists to stay secure. Instead, they need a dynamic approach that provides real-time insights into how attackers move through their environment.
This is where attack graphs come in. By mapping potential attack paths

The Hacker News – ​Read More

UK quietly scrubs encryption advice from government websites

The UK is no longer recommending the use of encryption for at-risk groups following its iCloud backdoor demands

© 2024 TechCrunch. All rights reserved. For personal use only.

Security News | TechCrunch – ​Read More

Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access

Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors.
“Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed,” c/side researcher Himanshu Anand said in a Wednesday analysis.
The malicious JavaScript code has been found to be served via cdn.csyndication[

The Hacker News – ​Read More

AIceberg Gets $10 Million in Seed Funding for AI Security Platform

AIceberg has launched a solution that helps governments and enterprises with the safe, secure and compliant adoption of AI. 

The post AIceberg Gets $10 Million in Seed Funding for AI Security Platform appeared first on SecurityWeek.

SecurityWeek – ​Read More

Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks

Scans show that tens of thousands of VMware ESXi instances are affected by CVE-2025-22224 and other vulnerabilities disclosed recently as zero-days.

The post Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks appeared first on SecurityWeek.

SecurityWeek – ​Read More

U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations

The U.S. Department of Justice (DoJ) has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally.
The individuals include two officers of the People’s Republic of China’s (PRC) Ministry of Public Security (MPS), eight employees of an ostensibly private PRC company, Anxun

The Hacker News – ​Read More

Ransomware Attacks Build Against Saudi Construction Firms

Cybercriminals are ramping up their efforts in the Kingdom and targeting more than just petroleum firms; now, they’re aiming for Middle East organizations in the IT, government, construction, and real estate sectors too.

darkreading – ​Read More

Espionage Actor ‘Lotus Blossom’ Targets South East Asia

The threat actor, of unknown origin, is deploying a proprietary backdoor malware known as “Sagerunex” against critical infrastructure in Hong Kong, Philippines, Taiwan, and Vietnam.

darkreading – ​Read More