Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability. […]
China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide
A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks.
“Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE),” EclecticIQ researcher Arda Büyükkaya said in an analysis published today.
Targets of the campaign
“Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE),” EclecticIQ researcher Arda Büyükkaya said in an analysis published today.
Targets of the campaign
New Intel CPU flaws leak sensitive data from privileged memory
A new “Branch Privilege Injection” flaw in all modern Intel CPUs allows attackers to leak sensitive data from memory regions allocated to privileged software like the operating system kernel. […]
Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets.
The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times. It was first
The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times. It was first
Microsoft will update Office apps on Windows 10 until 2028
Microsoft has backtracked on its plan to end support for Office apps on Windows 10 later this year and announced that it will continue providing security updates for three more years, until 2028. […]
Increase Red Team Operations 10X with Adversarial Exposure Validation
Red teams uncover what others miss — but they can’t be everywhere, all the time. Adversarial Exposure Validation combines BAS + Automated Pentesting to extend red team impact, uncover real attack paths, and validate defenses continuously. Learn more from Picus Security on how AEV can help protect your network. […]
M&S says customer data stolen in cyberattack, forces password resets
Marks and Spencer (M&S) confirms that customer data was stolen in a cyberattack last month, when ransomware was used to encrypt servers. […]
Sharing Intelligence Beyond CTI Teams, Across Wider Functions and Departments
CTI, digital brand protection and other cyber risk initiatives shouldn’t only be utilized by security and cyber teams.
The post Sharing Intelligence Beyond CTI Teams, Across Wider Functions and Departments appeared first on SecurityWeek.
SAP Patches Another Critical NetWeaver Vulnerability
SAP has released 16 new security notes on its May 2025 Security Patch Day, including a note dealing with another critical NetWeaver vulnerability.
The post SAP Patches Another Critical NetWeaver Vulnerability appeared first on SecurityWeek.
Radware Says Recently Disclosed WAF Bypasses Were Patched in 2023
The Radware Cloud WAF product vulnerabilities disclosed by CERT/CC were addressed two years ago.
The post Radware Says Recently Disclosed WAF Bypasses Were Patched in 2023 appeared first on SecurityWeek.