Slovak cybersecurity company ESET says a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited in attacks since March 2023. […]
Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits
The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX routers from Juniper Networks as part of a campaign designed to deploy custom backdoors, highlighting their ability to focus on internal networking infrastructure.
“The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script that
“The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script that
Browser-Based Data Leaks: 3 Biggest Data Security Challenges Today
Traditional Data Loss Prevention (DLP) solutions weren’t built for today’s browser-driven workplace. Now sensitive data moves moves through SaaS apps, AI tools, and personal accounts, bypassing legacy security controls. Learn from Keep Aware how real-time browser security can stop data leaks before they happen. […]
Chinese cyberspies backdoor Juniper routers for stealthy access
Chinese hackers are deploying custom backdoors on Juniper Networks Junos OS MX routers that have reached end-of-life (EoL) and no longer receive security updates. […]
China’s Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days
Dragos case study reveals that Volt Typhoon hacked the US electric grid and stole information on OT systems.
The post China’s Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days appeared first on SecurityWeek.
Fortinet Patches 18 Vulnerabilities
Fortinet has published 17 new advisories to inform customers about 18 vulnerabilities patched in its products.
The post Fortinet Patches 18 Vulnerabilities appeared first on SecurityWeek.
Trump Administration Halts Funding for Two Cybersecurity Efforts, Including One for Elections
The Trump administration has cut millions of dollars in federal funding from two cybersecurity initiatives, including one dedicated to helping state and local election officials.
The post Trump Administration Halts Funding for Two Cybersecurity Efforts, Including One for Elections appeared first on SecurityWeek.
Newly Patched Windows Zero-Day Exploited for Two Years
Microsoft on Tuesday patched a zero-day vulnerability in the Windows Win32 kernel that has been exploited since March 2023.
The post Newly Patched Windows Zero-Day Exploited for Two Years appeared first on SecurityWeek.
Statement on CISA’s Red Team
Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack
Threat intelligence firm GreyNoise is warning of a “coordinated surge” in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning multiple platforms.
“At least 400 IPs have been seen actively exploiting multiple SSRF CVEs simultaneously, with notable overlap between attack attempts,” the company said, adding it observed the activity on March 9, 2025.
The countries which
“At least 400 IPs have been seen actively exploiting multiple SSRF CVEs simultaneously, with notable overlap between attack attempts,” the company said, adding it observed the activity on March 9, 2025.
The countries which