Ascension is notifying over 100,000 people that their personal information was stolen in a data breach potentially linked to the Cleo hack.
The post Ascension Discloses Data Breach Potentially Linked to Cleo Hack appeared first on SecurityWeek.
SentinelOne Targeted by North Korean IT Workers, Ransomware Groups, Chinese Hackers
SentinelOne has shared some information on the types of threat actors that have targeted the security firm recently.
The post SentinelOne Targeted by North Korean IT Workers, Ransomware Groups, Chinese Hackers appeared first on SecurityWeek.
Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach
Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access.
“This activity has affected a small number of customers we have in common with Microsoft, and we are working with those customers to provide assistance,” the company
“This activity has affected a small number of customers we have in common with Microsoft, and we are working with those customers to provide assistance,” the company
SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models
SonicWall has revealed that two now-patched security flaws impacting its SMA100 Secure Mobile Access (SMA) appliances have been exploited in the wild.
The vulnerabilities in question are listed below –
The vulnerabilities in question are listed below –
CVE-2023-44221 (CVSS score: 7.2) – Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to
Hackers abuse IPv6 networking feature to hijack software updates
A China-aligned APT threat actor named “TheWizards” abuses an IPv6 networking feature to launch adversary-in-the-middle (AitM) attacks that hijack software updates to install Windows malware. […]
WordPress plugin disguised as a security tool injects backdoor
A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it. […]
WhatsApp unveils ‘Private Processing’ for cloud-based AI features
WhatsApp has announced the introduction of ‘Private Processing,’ a new technology that enables users to utilize advanced AI features by offloading tasks to privacy-preserving cloud servers. […]
SonicWall: SMA100 VPN vulnerabilities now exploited in attacks
Cybersecurity company SonicWall has warned customers that several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited in attacks. […]
Commvault says recent breach didn’t impact customer backup data
Commvault, a leading provider of data protection solutions, says a nation-state threat actor who breached its Azure environment didn’t gain access to customer backup data. […]
FBI shares massive list of 42,000 LabHost phishing domains
The FBI has shared 42,000 phishing domains tied to the LabHost cybercrime platform, one of the largest global phishing-as-a-service (PhaaS) platforms that was dismantled in April 2024. […]