Blog – Page 170 – Cyber Mike

CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild.
The vulnerabilities in question are as follows –

CVE-2025-66376 (CVSS score: 7.2) – A stored cross-site scripting

Aura confirms data breach exposing 900,000 marketing contacts

Identity protection company Aura has confirmed that an authorized party gained access to nearly 900,000 customer records containing names and email addresses. […]

CISA orders feds to patch Zimbra XSS flaw exploited in attacks

CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS). […]

The Collapse of Predictive Security in the Age of Machine-Speed Attacks

With exploitation of vulnerabilities taking just days, preemptive security must be the new model for defenders.

The post The Collapse of Predictive Security in the Age of Machine-Speed Attacks appeared first on SecurityWeek.

ConnectWise patches new flaw allowing ScreenConnect hijacking

ConnectWise is warning ScreenConnect customers of a cryptographic signature verification vulnerability that could lead to unauthorized access and privilege escalation. […]

Autonomous Offensive Security Firm XBOW Raises $120M at $1B+ Valuation

The company has developed an AI-powered platform that autonomously discovers and validates software vulnerabilities.

The post Autonomous Offensive Security Firm XBOW Raises $120M at $1B+ Valuation appeared first on SecurityWeek.

OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities for their involvement in the Democratic People’s Republic of Korea (DPRK) information technology (IT) worker scheme with an aim to defraud U.S. businesses and generate illicit revenue for the regime to fund its weapons of mass destruction (WMD) programs.
“The North Korean

Ransomware gang exploits Cisco flaw in zero-day attacks since January

The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco’s Secure Firewall Management Center (FMC) software in zero-day attacks since late January. […]

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that’s exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software.
The vulnerability in question is CVE-2026-20131 (CVSS score: 10.0), a case of insecure deserialization of user-supplied Java byte stream, which could allow an unauthenticated, remote attacker to

Cloud Security Startup Native Exits Stealth With $42 Million in Funding

Phil Venables, former CISO of Google Cloud and now a venture partner at Ballistic Ventures, has joined Native’s board of directors.

The post Cloud Security Startup Native Exits Stealth With $42 Million in Funding appeared first on SecurityWeek.

Cyber News