Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing authentication. […]
SailPoint IPO Signals Bright Spot for Cybersecurity
In a signal move for the cybersecurity sector, identity and access management (IAM) vendor SailPoint has made its return to public markets.
The post SailPoint IPO Signals Bright Spot for Cybersecurity appeared first on SecurityWeek.
New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution
Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code execution within the Amazon Web Services (AWS) account.
“If executed at scale, this attack could be used to gain access to thousands of accounts,” Datadog Security Labs researcher Seth Art said in a report
“If executed at scale, this attack could be used to gain access to thousands of accounts,” Datadog Security Labs researcher Seth Art said in a report
Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers.
The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that’s associated with a profile named “
The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that’s associated with a profile named “
SonicWall firewall bug leveraged in attacks after PoC exploit release
Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code. […]
SonicWall firewall bug targeted in attacks after PoC exploit release
Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code. […]
Virginia Attorney General’s Office Struck by Cyberattack Targeting Attorneys’ Computer Systems
The chief deputy attorney general of the agency sent an email on Wednesday that said nearly all of is computer systems were offline.
The post Virginia Attorney General’s Office Struck by Cyberattack Targeting Attorneys’ Computer Systems appeared first on SecurityWeek.
Malicious PirateFi game infects Steam users with Vidar malware
A free-to-play game named PirateFi in the Steam store has been distributing the Vidar infostealing malware to unsuspecting users. […]
Sean Cairncross is Trump Nominee for National Cyber Director
Former RNC official Sean Cairncross has been nominated for the post of National Cyber Director to streamline the US cybersecurity strategy.
The post Sean Cairncross is Trump Nominee for National Cyber Director appeared first on SecurityWeek.
PostgreSQL flaw exploited as zero-day in BeyondTrust breach
Rapid7’s vulnerability research team says attackers exploited a PostgreSQL security flaw as a zero-day to breach the network of privileged access management company BeyondTrust in December. […]