April 2025 – Page 5

Product Walkthrough: Securing Microsoft Copilot with Reco

Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying threats – all while keeping productivity high.

Microsoft 365 Copilot promises to boost productivity by turning natural language prompts into actions. Employees can generate reports, comb through data, or get instant answers just by asking Copilot.
However,

RSA Conference 2025 – Announcements Summary (Day 1)

Hundreds of companies are showcasing their products and services this week at the 2025 edition of the RSA Conference in San Francisco.

The post RSA Conference 2025 – Announcements Summary (Day 1) appeared first on SecurityWeek.

Exploited Vulnerability Exposes Over 400 SAP NetWeaver Servers to Attacks

More than 400 SAP NetWeaver servers are impacted by CVE-2025-31324, an exploited remote code execution vulnerability.

The post Exploited Vulnerability Exposes Over 400 SAP NetWeaver Servers to Attacks appeared first on SecurityWeek.

Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products

Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023.
Of the 75 zero-days, 44% of them targeted enterprise products. As many as 20 flaws were identified in security software and appliances.
“Zero-day exploitation of browsers and mobile devices fell drastically, decreasing by about a third for browsers and by about half for

Google: 97 zero-days exploited in 2024, over 50% in spyware attacks

Google’s Threat Intelligence Group (GTIG) says attackers exploited 75 zero-day vulnerabilities in the wild last year, over 50% of which were linked to spyware attacks. […]

CISA Warns of Exploited Broadcom, Commvault Vulnerabilities

CISA urges immediate patching for recently disclosed Broadcom, Commvault, and Qualitia vulnerabilities exploited in the wild.

The post CISA Warns of Exploited Broadcom, Commvault Vulnerabilities appeared first on SecurityWeek.

Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool

In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that’s capable of conducting surveillance.
The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support the use of the Uyghur

CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerabilities in question are listed below –

CVE-2025-1976 (CVSS score: 8.6) – A code injection flaw

IBM’s $150 Billion US Investment to Boost Quantum Innovation and National Security

IBM will invest more than $30 billion in research and development to advance and continue its American manufacturing of mainframe and quantum computers.

The post IBM’s $150 Billion US Investment to Boost Quantum Innovation and National Security appeared first on SecurityWeek.

Marks & Spencer breach linked to Scattered Spider ransomware attack

Ongoing outages at British retail giant Marks & Spencer are caused by a ransomware attack believed to be conducted by a hacking collective known as “Scattered Spider” BleepingComputer has learned from multiple sources. […]

Month: April 2025