More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.
The post Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed appeared first on SecurityWeek.
Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility
Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center.
The two critical-rated vulnerabilities in question are listed below –
The two critical-rated vulnerabilities in question are listed below –
CVE-2024-20439 (CVSS score: 9.8) – The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to an
Veeam RCE bug lets domain users hack backup servers, patch now
Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. […]
CISA tags NAKIVO backup flaw as actively exploited in attacks
CISA has warned U.S. federal agencies to secure their networks against attacks exploiting a high-severity vulnerability in NAKIVO’s Backup & Replication software. […]
VSCode extensions found downloading early-stage ransomware
Two malicious VSCode Marketplace extensions were found deploying in-development ransomware from a remote server, exposing critical gaps in Microsoft’s review process. […]
Critical Cisco Smart Licensing Utility flaws now exploited in attacks
Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. […]
Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing
Analysis reveals a 140% increase in browser phishing, including a 130% increase in zero-hour phishing attacks.
The post Browser Security Under Siege: The Alarming Rise of AI-Powered Phishing appeared first on SecurityWeek.
RansomHub ransomware uses new Betruger ‘multi-function’ backdoor
Security researchers have linked a new backdoor dubbed Betruger, deployed in several recent ransomware attacks, to an affiliate of the RansomHub operation. […]
UK urges critical orgs to adopt quantum cryptography by 2035
The UK’s National Cyber Security Centre (NCSC) has published specific timelines on migrating to post-quantum cryptography (PQC), dictating that critical organizations should complete migration by 2035. […]
Dataminr Raises $85 Million for AI-Powered Information Platform
Real-time event and risk detection firm Dataminr has raised $85 million from NightDragon and HSBC to accelerate AI development.
The post Dataminr Raises $85 Million for AI-Powered Information Platform appeared first on SecurityWeek.