May 2025 – Page 15

Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks

A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe, North America, and the Asia-Pacific region.
The vulnerabilities, tracked as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), could be chained to execute arbitrary code on a

Marlboro-Chesterfield Pathology Data Breach Impacts 235,000 People

Marlboro-Chesterfield Pathology has been targeted by the SafePay ransomware group, which stole personal information from its systems.

The post Marlboro-Chesterfield Pathology Data Breach Impacts 235,000 People appeared first on SecurityWeek.

Webinar: Learn How to Build a Reasonable and Legally Defensible Cybersecurity Program

It’s not enough to be secure. In today’s legal climate, you need to prove it.
Whether you’re protecting a small company or managing compliance across a global enterprise, one thing is clear: cybersecurity can no longer be left to guesswork, vague frameworks, or best-effort intentions.
Regulators and courts are now holding organizations accountable for how “reasonable” their security programs are

Marks & Spencer Expects Ransomware Attack to Cost $400 Million

UK retailer Marks & Spencer expects the disruptions caused by the recent cyberattack to continue through July.

The post Marks & Spencer Expects Ransomware Attack to Cost $400 Million appeared first on SecurityWeek.

Signal now blocks Microsoft Recall screenshots on Windows 11

Signal has updated its Windows app to protect users’ privacy by blocking Microsoft’s AI-powered Recall feature from taking screenshots of their conversations. […]

Identity Security Has an Automation Problem—And It’s Bigger Than You Think

For many organizations, identity security appears to be under control. On paper, everything checks out. But new research from Cerby, based on insights from over 500 IT and security leaders, reveals a different reality: too much still depends on people—not systems—to function. In fact, fewer than 4% of security teams have fully automated their core identity workflows.
Core workflows, like

Taming the Hacker Storm: Why Millions in Cybersecurity Spending Isn’t Enough

Despite massive investment, the explosion of sophisticated malware and deepfake attacks persists because organizations struggle to verify digital identities and establish fundamental trust.

The post Taming the Hacker Storm: Why Millions in Cybersecurity Spending Isn’t Enough appeared first on SecurityWeek.

Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE

Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems. […]

Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities

Cisco published 10 security advisories detailing over a dozen vulnerabilities, including two high-severity flaws in its Identity Services Engine (ISE) and Unified Intelligence Center.

The post Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities appeared first on SecurityWeek.

FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million Infections

A sprawling operation undertaken by global law enforcement agencies and a consortium of private sector firms has disrupted the online infrastructure associated with a commodity information stealer known as Lumma (aka LummaC or LummaC2), seizing 2,300 domains that acted as the command-and-control (C2) backbone to commandeer infected Windows systems.
“Malware like LummaC2 is deployed to steal

Month: May 2025