Security Operations Centers (SOCs) today face unprecedented alert volumes and increasingly sophisticated threats. Triaging and investigating these alerts are costly, cumbersome, and increases analyst fatigue, burnout, and attrition. While artificial intelligence has emerged as a go-to solution, the term “AI” often blurs crucial distinctions. Not all AI is built equal, especially in the SOC. Many
Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk
More than 5,000 Ivanti Connect Secure appliances are vulnerable to attacks exploiting CVE-2025-22457, which has been used by Chinese hackers.
The post Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk appeared first on SecurityWeek.
UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware.
The activity is aimed at military formations, law enforcement agencies, and local self-government bodies, particularly those located near Ukraine’s eastern border, the agency said.
The attacks involve distributing phishing emails
The activity is aimed at military formations, law enforcement agencies, and local self-government bodies, particularly those located near Ukraine’s eastern border, the agency said.
The attacks involve distributing phishing emails
Android Update Patches Two Exploited Vulnerabilities
Android’s latest security update resolves two exploited Kernel vulnerabilities, as well as critical-severity bugs.
The post Android Update Patches Two Exploited Vulnerabilities appeared first on SecurityWeek.
Threat Actors Setting Up Persistent Access to Hosts Hacked in CrushFTP Attacks
Huntress has shared details on the post-exploitation activities of threat actors targeting the recent CrushFTP vulnerability.
The post Threat Actors Setting Up Persistent Access to Hosts Hacked in CrushFTP Attacks appeared first on SecurityWeek.
CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation
A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog after reports emerged of active exploitation in the wild.
The vulnerability is a case of authentication bypass that could permit an unauthenticated attacker to take over susceptible instances. It has
The vulnerability is a case of authentication bypass that could permit an unauthenticated attacker to take over susceptible instances. It has
Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities
Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild.
The two high-severity vulnerabilities are listed below –
The two high-severity vulnerabilities are listed below –
CVE-2024-53150 (CVSS score: 7.8) – An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure
CVE-2024-53197 (CVSS score: 7.8) – A privilege escalation flaw in the USB sub-component of Kernel
EncryptHub’s dual life: Cybercriminal vs Windows bug-bounty researcher
EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research. […]
Microsoft delays WSUS driver sync deprecation indefinitely
Microsoft announced today that, based on customer feedback, it will indefinitely delay removing driver synchronization in Windows Server Update Services (WSUS). […]
PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry
As PCI DSS 4.0.1 comes into force, it shows the power of industry collaboration in cybersecurity.
The post PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry appeared first on SecurityWeek.