CISA has added CVE-2025-61757 to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability appeared first on SecurityWeek.
CrowdStrike Insider Helped Hackers Falsely Claim System Breach
The company has confirmed that it terminated an insider who shared screenshots of his computer with cybercriminals.
The post CrowdStrike Insider Helped Hackers Falsely Claim System Breach appeared first on SecurityWeek.
New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions
Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures.
The security defects “allow attackers to bypass authentication, perform path traversal, achieve remote code execution, cause denial-of-service conditions, and manipulate tags,” Oligo Security said in
The security defects “allow attackers to bypass authentication, perform path traversal, achieve remote code execution, cause denial-of-service conditions, and manipulate tags,” Oligo Security said in
SCCM and WSUS in a Hybrid World: Why It’s Time for Cloud-native Patching
Hybrid work exposes the limits of SCCM and WSUS, with remote devices often missing updates and WSUS now deprecated. Action1’s cloud-native patching keeps devices updated from any location, strengthening compliance and security. […]
Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub
Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign. […]
Harvard University discloses data breach affecting alumni, donors
Harvard University disclosed over the weekend that its Alumni Affairs and Development systems were compromised in a voice phishing attack, exposing the personal information of students, alumni, donors, staff, and faculty members. […]
Microsoft Highlights Security Risks Introduced by New Agentic AI Feature
Without proper security controls, AI agents could perform malicious actions, such as data exfiltration and malware installation.
The post Microsoft Highlights Security Risks Introduced by New Agentic AI Feature appeared first on SecurityWeek.
Microsoft tests File Explorer preloading for faster performance
Microsoft is testing a new optional feature that preloads File Explorer in the background to improve launch times on Windows 11 systems. […]
Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that’s reminiscent of the Shai-Hulud attack.
The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, Koi Security, Socket, and Wiz.
“The campaign introduces a new variant that executes malicious
The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, Koi Security, Socket, and Wiz.
“The campaign introduces a new variant that executes malicious
Mazda Says No Data Leakage or Operational Impact From Oracle Hack
The Cl0p ransomware group has listed Mazda and Mazda USA as victims of the Oracle EBS campaign on its leak website.
The post Mazda Says No Data Leakage or Operational Impact From Oracle Hack appeared first on SecurityWeek.