Starting mid-March 2025, Microsoft will start prompting users of its Microsoft 365 apps for Windows to back up their files to OneDrive. […]
Over 37,000 VMware ESXi servers vulnerable to ongoing attacks
Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. […]
Free vCISO Course: Turning MSPs and MSSPs into Cybersecurity Powerhouses
The vCISO Academy is a free learning platform to equip service providers with training needed to build and expand their vCISO offerings. Learn more from Cynomi on how the Academy helps you launch or expand your vCISO services. […]
Malicious Chrome extensions can spoof password managers in new attack
A newly devised “polymorphic” attack allows malicious Chrome extensions to morph into browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information. […]
Federal Contractor Cybersecurity Bill Passes House
The House of Representatives has passed a bill aimed at requiring federal contractors to have a Vulnerability Disclosure Policy (VDP).
The post Federal Contractor Cybersecurity Bill Passes House appeared first on SecurityWeek.
Nigerian Accused of Hacking Tax Preparation Firms Extradited to US
Matthew Akande was extradited to the US to face charges for his role in hacking into Massachusetts tax preparation firms’ networks.
The post Nigerian Accused of Hacking Tax Preparation Firms Extradited to US appeared first on SecurityWeek.
Financial Organizations Urge CISA to Revise Proposed CIRCIA Implementation
A group of financial organizations is asking CISA to rescind and reissue its proposed implementation of CIRCIA.
The post Financial Organizations Urge CISA to Revise Proposed CIRCIA Implementation appeared first on SecurityWeek.
Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution.
The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been described as a case of prototype pollution.
“Prototype pollution in Kibana leads to
The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been described as a case of prototype pollution.
“Prototype pollution in Kibana leads to
BadBox Botnet Powered by 1 Million Android Devices Disrupted
A second iteration of the BadBox botnet that affected over one million Android devices has been partially disrupted.
The post BadBox Botnet Powered by 1 Million Android Devices Disrupted appeared first on SecurityWeek.
EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing
The financially motivated threat actor known as EncryptHub has been observed orchestrating sophisticated phishing campaigns to deploy information stealers and ransomware, while also working on a new product called EncryptRAT.
“EncryptHub has been observed targeting users of popular applications, by distributing trojanized versions,” Outpost24 KrakenLabs said in a new report shared with The
“EncryptHub has been observed targeting users of popular applications, by distributing trojanized versions,” Outpost24 KrakenLabs said in a new report shared with The