Oracle has confirmed suffering a data breach but the tech giant is apparently trying to downplay the impact of the incident.
The post Oracle Confirms Cloud Hack appeared first on SecurityWeek.
Critical Apache Parquet Vulnerability Leads to Remote Code Execution
A critical vulnerability in Apache Parquet can be exploited to execute arbitrary code remotely, leading to complete system compromise.
The post Critical Apache Parquet Vulnerability Leads to Remote Code Execution appeared first on SecurityWeek.
Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack
Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.
The post Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack appeared first on SecurityWeek.
Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure that has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2025-22457 (CVSS score: 9.0), concerns a case of a stack-based buffer overflow that could be exploited to execute arbitrary code on affected systems.
“A stack-based buffer overflow in Ivanti Connect
The vulnerability, tracked as CVE-2025-22457 (CVSS score: 9.0), concerns a case of a stack-based buffer overflow that could be exploited to execute arbitrary code on affected systems.
“A stack-based buffer overflow in Ivanti Connect
CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed that no less than three cyber attacks were recorded against state administration bodies and critical infrastructure facilities in the country with an aim to steal sensitive data.
The campaign, the agency said, involved the use of compromised email accounts to send phishing messages containing links pointing to legitimate
The campaign, the agency said, involved the use of compromised email accounts to send phishing messages containing links pointing to legitimate
Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code
A maximum severity security vulnerability has been disclosed in Apache Parquet’s Java Library that, if successfully exploited, could allow a remote attacker to execute arbitrary code on susceptible instances.
Apache Parquet is a free and open-source columnar data file format that’s designed for efficient data processing and retrieval, providing support for complex data, high-performance
Apache Parquet is a free and open-source columnar data file format that’s designed for efficient data processing and retrieval, providing support for complex data, high-performance
Max severity RCE flaw discovered in widely used Apache Parquet
A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. […]
Hunters International shifts from ransomware to pure data extortion
The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to date theft and extortion-only attacks. […]
Microsoft starts testing Windows 11 taskbar icon scaling
Microsoft is testing a new taskbar icon scaling feature that automatically scales down Windows taskbar icons to show more apps when it gets too overcrowded. […]
CISA warns of Fast Flux DNS evasion used by cybercrime gangs
CISA, the FBI, the NSA, and international cybersecurity agencies are calling on organizations and DNS providers to mitigate the “Fast Flux” cybercrime evasion technique used by state-sponsored threat actors and ransomware gangs. […]