Experts say the European Vulnerability Database, or EUVD, should be a good resource, but only if ENISA manages to maintain it properly.
The post EU Cybersecurity Agency ENISA Launches European Vulnerability Database appeared first on SecurityWeek.
Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns
A cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors.
Cybersecurity firm Trend Micro said the first wave, codenamed VENOM, mainly targeted software service providers, while
Cybersecurity firm Trend Micro said the first wave, codenamed VENOM, mainly targeted software service providers, while
Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team
Organizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and cloud-based enterprises. Verizon’s recently released 2025 Data Breach Investigations Report found an 18% YoY increase in confirmed breaches, with the exploitation of vulnerabilities as an initial access step growing by 34%.
As attacks rise
As attacks rise
Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails
Cybersecurity researchers have discovered a new phishing campaign that’s being used to distribute malware called Horabot targeting Windows users in Latin American countries like Mexico, Guatemala, Colombia, Peru, Chile, and Argentina.
The campaign is “using crafted emails that impersonate invoices or financial documents to trick victims into opening malicious attachments and can steal email
The campaign is “using crafted emails that impersonate invoices or financial documents to trick victims into opening malicious attachments and can steal email
Vulnerabilities Patched by Juniper, VMware and Zoom
Juniper Networks, VMware, and Zoom have announced patches for dozens of vulnerabilities across their products.
The post Vulnerabilities Patched by Juniper, VMware and Zoom appeared first on SecurityWeek.
Fortinet Patches Zero-Day Exploited Against FortiVoice Appliances
Fortinet has patched a dozen vulnerabilities, including a critical flaw exploited in the wild against FortiVoice instances.
The post Fortinet Patches Zero-Day Exploited Against FortiVoice Appliances appeared first on SecurityWeek.
Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server
Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild.
Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rated Low in severity. Twenty-eight of these vulnerabilities lead to remote code execution, 21 of them
Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rated Low in severity. Twenty-eight of these vulnerabilities lead to remote code execution, 21 of them
Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers
Ivanti has released patches for two EPMM vulnerabilities that have been chained in the wild for remote code execution.
The post Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers appeared first on SecurityWeek.
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact
Industrial giants Siemens, Schneider Electric and Phoenix Contact have released ICS security advisories on the May 2025 Patch Tuesday.
The post ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact appeared first on SecurityWeek.
Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems
Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems.
The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0.
“A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to
The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0.
“A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to