A new multi-platform ransomware-as-a-service (RaaS) operation named VanHelsing has emerged, targeting Windows, Linux, BSD, ARM, and ESXi systems. […]
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet.
The vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974 ), assigned a CVSS score of
The vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974 ), assigned a CVSS score of
Cyberattack takes down Ukrainian state railway’s online services
Ukrzaliznytsia, Ukraine’s national railway operator, has been hit by a massive cyberattack that disrupted online services for buying tickets both through mobile apps and the website. […]
DrayTek routers worldwide go into reboot loops over weekend
Many Internet service providers (ISPs) worldwide are alerting customers of an outage that started Saturday night and triggered DrayTek router connectivity problems. […]
Chinese Weaver Ant hackers spied on telco network for 4 years
A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers. […]
Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks
Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser.
The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence (GenAI) apps like OpenAI ChatGPT, Google Gemini, and DeepSeek. The list will be expanded over time to
The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence (GenAI) apps like OpenAI ChatGPT, Google Gemini, and DeepSeek. The list will be expanded over time to
Police arrests 300 suspects linked to African cybercrime rings
African law enforcement authorities have arrested 306 suspects as part of ‘Operation Red Card,’ an INTERPOL-led international crackdown targeting cross-border cybercriminal networks. […]
Critical flaw in Next.js lets hackers bypass authorization
A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. […]
NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD
The effects of the backlog is already being felt in vulnerability management circles where NVD data promises an enriched source of truth.
The post NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD appeared first on SecurityWeek.
Oracle Denies Cloud Breach After Hacker Offers to Sell Data
Oracle has denied that Cloud systems have been breached after a hacker claimed to have stolen millions of records.
The post Oracle Denies Cloud Breach After Hacker Offers to Sell Data appeared first on SecurityWeek.