A new “Bring Your Own Installer” EDR bypass technique is exploited in attacks to bypass SentinelOne’s tamper protection feature, allowing threat actors to disable endpoint detection and response (EDR) agents to install the Babuk ransomware. […]
Microsoft finds default Kubernetes Helm charts can expose data
Microsoft warns about the security risks posed by default configurations in Kubernetes deployments, particularly those using out-of-the-box Helm charts, which could publicly expose sensitive data. […]
Unofficial Signal app used by Trump officials investigates hack
TeleMessage, an Israeli company that sells an unofficial Signal message archiving tool used by some U.S. government officials, has suspended all services after reportedly being hacked. […]
Darcula PhaaS steals 884,000 credit cards via SMS phishing texts
The Darcula phishing-as-a-service (PhaaS) platform stole 884,000 credit cards from 13 million clicks on malicious links sent via text messages to targets worldwide. […]
Darcula PhaaS steals 884,000 credit cards via phishing texts
The Darcula phishing-as-a-service (PhaaS) platform stole 884,000 credit cards from 13 million clicks on malicious links sent via text messages to targets worldwide. […]
Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi
Cybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple’s AirPlay protocol that, if successfully exploited, could enable an attacker to take over susceptible devices supporting the proprietary wireless technology.
The shortcomings have been collectively codenamed AirBorne by Israeli cybersecurity company Oligo.
“These vulnerabilities can be chained by
The shortcomings have been collectively codenamed AirBorne by Israeli cybersecurity company Oligo.
“These vulnerabilities can be chained by
Microsoft is killing Skype today, pushes users to Teams
The Skype video call and messaging service is shutting down today, 14 years after replacing Microsoft’s Windows Live Messenger. […]
Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw impacting Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog, a little over a week after it was publicly disclosed.
The vulnerability in question is CVE-2025-34028 (CVSS score: 10.0), a path traversal bug that affects 11.38 Innovation Release, from versions
The vulnerability in question is CVE-2025-34028 (CVSS score: 10.0), a path traversal bug that affects 11.38 Innovation Release, from versions
White House Proposal Slashes Half-Billion from CISA Budget
The proposed $491 million cut is being positioned as a “refocusing”of CISA on its core mission “while eliminating weaponization and waste.”
The post White House Proposal Slashes Half-Billion from CISA Budget appeared first on SecurityWeek.
UK shares security tips after major retail cyberattacks
Following three high-profile cyberattacks impacting major UK retailers, the country’s National Cyber Security Centre (NCSC) has published guidance that all companies are advised to follow to strengthen their cybersecurity defenses. […]