High-severity vulnerabilities could lead to remote code execution, privilege escalation, information disclosure, and configuration tampering.
The post Fortinet, Ivanti, Nvidia Release Security Updates appeared first on SecurityWeek.
The Time-Saving Guide for Service Providers: Automating vCISO and Compliance Services
Introduction
Managed service providers (MSPs) and managed security service providers (MSSPs) are under increasing pressure to deliver strong cybersecurity outcomes in a landscape marked by rising threats and evolving compliance requirements. At the same time, clients want better protection without managing cybersecurity themselves. Service providers must balance these growing demands with the
Managed service providers (MSPs) and managed security service providers (MSSPs) are under increasing pressure to deliver strong cybersecurity outcomes in a landscape marked by rising threats and evolving compliance requirements. At the same time, clients want better protection without managing cybersecurity themselves. Service providers must balance these growing demands with the
US Offers $10 Million Reward for Ukrainian Ransomware Operator
Volodymyr Tymoshchuk allegedly hit hundreds of organizations with the LockerGoga, MegaCortex, and Nefilim ransomware families.
The post US Offers $10 Million Reward for Ukrainian Ransomware Operator appeared first on SecurityWeek.
Highly Popular NPM Packages Poisoned in New Supply Chain Attack
Designed to intercept cryptocurrency transactions, the malicious code reached 10% of cloud environments.
The post Highly Popular NPM Packages Poisoned in New Supply Chain Attack appeared first on SecurityWeek.
Watch Out for Salty2FA: New Phishing Kit Targeting US and EU Enterprises
Phishing-as-a-Service (PhaaS) platforms keep evolving, giving attackers faster and cheaper ways to break into corporate accounts. Now, researchers at ANY.RUN has uncovered a new entrant: Salty2FA, a phishing kit designed to bypass multiple two-factor authentication methods and slip past traditional defenses.
Already spotted in campaigns across the US and EU, Salty2FA puts enterprises at
Already spotted in campaigns across the US and EU, Salty2FA puts enterprises at
ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories
Advisories have also been published by Siemens, Schneider Electric, Phoenix Contact and CISA.
The post ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories appeared first on SecurityWeek.
Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts
Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts.
The vulnerability, tracked as CVE-2025-54236 (aka SessionReaper), carries a CVSS score of 9.1 out of a maximum of 10.0. It has been described as an improper input validation flaw. Adobe said it’s not aware of
The vulnerability, tracked as CVE-2025-54236 (aka SessionReaper), carries a CVSS score of 9.1 out of a maximum of 10.0. It has been described as an improper input validation flaw. Adobe said it’s not aware of
SAP Patches Critical NetWeaver (CVSS Up to 10.0) and Previously Exploited S/4HANA Flaws
SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files.
The vulnerabilities are listed below –
The vulnerabilities are listed below –
CVE-2025-42944 (CVSS score: 10.0) – A deserialization vulnerability in SAP NetWeaver that could allow an unauthenticated attacker to submit a malicious
U.S. sanctions cyber scammers who stole billions from Americans
The U.S. Department of the Treasury has sanctioned several large networks of cyber scam operations in Southeast Asia, which stole over $10 billion from Americans last year. […]
Hackers hide behind Tor in exposed Docker API breaches
A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could lay the foundation for a complex botnet. […]