Microsoft announced it will begin disabling all ActiveX controls in Windows versions of Microsoft 365 and Office 2024 applications later this month. […]
Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers
Lemonade says the Incident is not material and that its operations were not compromised, nor was its customer data targeted.
The post Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers appeared first on SecurityWeek.
Microsoft: Exchange 2016 and 2019 reach end of support in six months
Microsoft warned that Exchange 2016 and Exchange 2019 will reach the end of support six months from now, on October 14. […]
Kidney Dialysis Services Provider DaVita Hit by Ransomware
DaVita has not named the ransomware group behind the incident or share details on the attacker’s ransom demands.
The post Kidney Dialysis Services Provider DaVita Hit by Ransomware appeared first on SecurityWeek.
Conduent Says Names, Social Security Numbers Stolen in Cyberattack
The business services provider confirms personal information such as names and Social Security numbers was stolen in a January cyberattack.
The post Conduent Says Names, Social Security Numbers Stolen in Cyberattack appeared first on SecurityWeek.
2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches
In fresh filings, Landmark Admin and Young Consulting say data breaches back in 2024 impacted more people than initially estimated.
The post 2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches appeared first on SecurityWeek.
Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool
The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems.
“Threat actors are increasingly using open source tools in their arsenals for cost-effectiveness and obfuscation to save money and, in this case, plausibly blend in with the pool of
“Threat actors are increasingly using open source tools in their arsenals for cost-effectiveness and obfuscation to save money and, in this case, plausibly blend in with the pool of
Google adds Android auto-reboot to block forensic data extractions
Google is rolling out a new security mechanism on Android devices that will automatically reboot locked, unused devices after three consecutive days of inactivity, restoring memory to an encrypted state. […]
Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence
A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change.
The flaw, assigned the CVE identifier CVE-2025-24859, carries a CVSS score of 10.0, indicating maximum severity. It affects all versions of Roller up to and including 6.1.4.
The flaw, assigned the CVE identifier CVE-2025-24859, carries a CVSS score of 10.0, indicating maximum severity. It affects all versions of Roller up to and including 6.1.4.
Microsoft warns of CPU spikes when typing in classic Outlook
Microsoft warned Windows users of increased CPU usage when typing while using recent versions of the classic Outlook email client. […]