Vulnerable DTResearch UEFI firmware applications can be used in BYOVD attacks to bypass Secure Boot.
The post Flaw in Industrial Computer Maker’s UEFI Apps Enables Secure Boot Bypass on Many Devices appeared first on SecurityWeek.
Operation Secure disrupts global infostealer malware operations
An international law enforcement action codenamed “Operation Secure” targeted infostealer malware infrastructure in a massive crackdown across 26 countries, resulting in 32 arrests, data seizures, and server takedowns. […]
295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager
Threat intelligence firm GreyNoise has warned of a “coordinated brute-force activity” targeting Apache Tomcat Manager interfaces.
The company said it observed a surge in brute-force and login attempts on June 5, 2025, an indication that they could be deliberate efforts to “identify and access exposed Tomcat services at scale.”
To that end, 295 unique IP addresses have been found to be engaged
The company said it observed a surge in brute-force and login attempts on June 5, 2025, an indication that they could be deliberate efforts to “identify and access exposed Tomcat services at scale.”
To that end, 295 unique IP addresses have been found to be engaged
Webinar Today: Rethinking Endpoint Hardening for Today’s Attack Landscape
Learn how attackers hide in plain sight—and what you can do to stop them without slowing down your business.
The post Webinar Today: Rethinking Endpoint Hardening for Today’s Attack Landscape appeared first on SecurityWeek.
Microsoft fixes unreachable Windows Server domain controllers
Microsoft has resolved a known issue that caused some Windows Server 2025 domain controllers to become unreachable after a restart and triggered app or service failures. […]
Fortinet, Ivanti Patch High-Severity Vulnerabilities
Patches released by Fortinet and Ivanti resolve over a dozen vulnerabilities, including high-severity flaws leading to code execution, credential leaks.
The post Fortinet, Ivanti Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
Microsoft fixes Windows Server auth issues caused by April updates
Microsoft has fixed a known issue causing authentication problems on Windows Server domain controllers after installing the April 2025 security updates. […]
40,000 Unprotected Security Cameras Found on Internet
Bitsight has identified over 40,000 security cameras that can be easily hacked for spying or other types of malicious activity.
The post 40,000 Unprotected Security Cameras Found on Internet appeared first on SecurityWeek.
Recently Disrupted DanaBot Leaked Valuable Data for 3 Years
Investigators leveraged a vulnerability dubbed DanaBleed to obtain insights into the internal operations of the DanaBot botnet.
The post Recently Disrupted DanaBot Leaked Valuable Data for 3 Years appeared first on SecurityWeek.
Cyera Raises $540 Million to Expand AI-Powered Data Security Platform
Series E funding round brings Cyera’s total funding to over $1.3 billion and values the data security firm at $6 billion.
The post Cyera Raises $540 Million to Expand AI-Powered Data Security Platform appeared first on SecurityWeek.