May 2025 – Page 44

Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection

Security Service Edge (SSE) platforms have become the go-to architecture for securing hybrid work and SaaS access. They promise centralized enforcement, simplified connectivity, and consistent policy control across users and devices.
But there’s a problem: they stop short of where the most sensitive user activity actually happens—the browser.
This isn’t a small omission. It’s a structural

Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization

Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States.
The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824, a privilege escalation flaw in the Common Log File System (CLFS) driver. It was patched by

AppSignal Raises $22 Million for Application Monitoring Solution

Application performance monitoring provider AppSignal has raised $22 million in a Series A funding round led by Elsewhere Partners.

The post AppSignal Raises $22 Million for Application Monitoring Solution appeared first on SecurityWeek.

Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day

At least two ransomware groups exploited the Windows zero-day CVE-2025-29824 before it was patched by Microsoft.

The post Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day appeared first on SecurityWeek.

Microsoft: April updates cause Windows Server auth issues

Microsoft says the April 2025 security updates are causing authentication issues on some Windows Server 2025 domain controllers. […]

Second OttoKit Vulnerability Exploited to Hack WordPress Sites

Threat actors are targeting a critical-severity vulnerability in the OttoKit WordPress plugin to gain administrative privileges.

The post Second OttoKit Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek.

US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations

The US government warns of threat actors targeting ICS/SCADA systems at oil and natural gas organizations.

The post US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations appeared first on SecurityWeek.

Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that masquerades as a seemingly harmless Discord-related utility but incorporates a remote access trojan.
The package in question is discordpydebug, which was uploaded to PyPI on March 21, 2022. It has been downloaded 11,574 times and continues to be available on the open-source registry.

41 Countries Taking Part in NATO’s Locked Shields 2025 Cyber Defense Exercise

The NATO Cooperative Cyber Defence Centre of Excellence in Estonia is hosting the Locked Shields 2025 cyber defense exercise.

The post 41 Countries Taking Part in NATO’s Locked Shields 2025 Cyber Defense Exercise appeared first on SecurityWeek.

NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware

A federal jury on Tuesday decided that NSO Group must pay Meta-owned WhatsApp WhatsApp approximately $168 million in monetary damages, more than four months after a federal judge ruled that the Israeli company violated U.S. laws by exploiting WhatsApp servers to deploy Pegasus spyware, targeting over 1,400 individuals globally.
WhatsApp originally filed the lawsuit against NSO Group in 2019,

Month: May 2025