A researcher dives into Chinese reports attributing cyberattacks on Northwestern Polytechnical University to the NSA’s TAO division.
The post How China Pinned University Cyberattacks on NSA Hackers appeared first on SecurityWeek.
CISA Warns of Attacks Exploiting Craft CMS Vulnerability
CISA has added a Craft CMS flaw tracked as CVE-2025-23209 to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Warns of Attacks Exploiting Craft CMS Vulnerability appeared first on SecurityWeek.
Webinar: Learn How to Identify High-Risk Identity Gaps and Slash Security Debt in 2025
In today’s rapidly evolving digital landscape, weak identity security isn’t just a flaw—it’s a major risk that can expose your business to breaches and costly downtime.
Many organizations are overwhelmed by an excess of user identities and aging systems, making them vulnerable to attacks. Without a strategic plan, these security gaps can quickly turn into expensive liabilities.
Join us for “
Many organizations are overwhelmed by an excess of user identities and aging systems, making them vulnerable to attacks. Without a strategic plan, these security gaps can quickly turn into expensive liabilities.
Join us for “
Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls
Palo Alto Networks is warning customers that a second vulnerability patched in February is being exploited in attacks.
The post Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls appeared first on SecurityWeek.
AI-Powered Deception is a Menace to Our Societies
Wherever there’s been conflict in the world, propaganda has never been far away. Travel back in time to 515 BC and read the Behistun Inscription, an autobiography by Persian King Darius that discusses his rise to power. More recently, see how different newspapers report on wars, where it’s said, ‘The first casualty is the truth.’
While these forms of communication
While these forms of communication
Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies.
“The threat actor then demonstrated their ability to persist in target environments across equipment from multiple
“The threat actor then demonstrated their ability to persist in target environments across equipment from multiple
CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks
A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was addressed by the
The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was addressed by the
Apiiro unveils free scanner to detect malicious code merges
Security researchers at Apiiro have released two free, open-source tools designed to detect and block malicious code before they are added to software projects to curb supply chain attacks. […]
Black Basta ransomware gang’s internal chat logs leak online
An unknown leaker has released what they claim to be an archive of internal Matrix chat logs belonging to the Black Basta ransomware operation. […]
US healthcare org pays $11M settlement over alleged cybersecurity lapses
Health Net Federal Services (HNFS) and its parent company, Centene Corporation, have agreed to pay $11,253,400 to settle allegations that HNFS falsely certified compliance with cybersecurity requirements under its Defense Health Agency (DHA) TRICARE contract. […]