The Chinese state-sponsored hacking group known as Salt Typhoon breached and remained undetected in a U.S. Army National Guard network for nine months in 2024, stealing network configuration files and administrator credentials that could be used to compromise other government networks. […]
Max severity Cisco ISE bug allows pre-auth command execution, patch now
A critical vulnerability (CVE-2025-20337) in Cisco’s Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root privileges on vulnerable devices. […]
Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner
Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryptocurrency miner called Linuxsys.
The vulnerability in question is CVE-2021-41773 (CVSS score: 7.5), a high-severity path traversal vulnerability in Apache HTTP Server version 2.4.49 that could result in remote code execution.
“The attacker leverages
The vulnerability in question is CVE-2021-41773 (CVSS score: 7.5), a high-severity path traversal vulnerability in Apache HTTP Server version 2.4.49 that could result in remote code execution.
“The attacker leverages
Empirical Security Raises $12 Million for AI-Driven Vulnerability Management
Cybersecurity startup Empirical Security has raised $12 million in seed funding for its vulnerability management platform.
The post Empirical Security Raises $12 Million for AI-Driven Vulnerability Management appeared first on SecurityWeek.
Armenian Man Extradited to US Over Ryuk Ransomware Attacks
Karen Serobovich Vardanyan pleaded not guilty to charges related to his alleged role in the Ryuk ransomware operation.
The post Armenian Man Extradited to US Over Ryuk Ransomware Attacks appeared first on SecurityWeek.
Mobile Forensics Tool Used by Chinese Law Enforcement Dissected
Deployed on mobile devices confiscated by Chinese law enforcement, Massistant can collect user information, files, and location.
The post Mobile Forensics Tool Used by Chinese Law Enforcement Dissected appeared first on SecurityWeek.
Europol Disrupts NoName057(16) Hacktivist Group Linked to DDoS Attacks Against Ukraine
An international operation coordinated by Europol has disrupted the infrastructure of a pro-Russian hacktivist group known as NoName057(16) that has been linked to a string of distributed denial-of-service (DDoS) attacks against Ukraine and its allies.
The actions have led to the dismantling of a major part of the group’s central server infrastructure and more than 100 systems across the world.
The actions have led to the dismantling of a major part of the group’s central server infrastructure and more than 100 systems across the world.
CTEM vs ASM vs Vulnerability Management: What Security Leaders Need to Know in 2025
The modern-day threat landscape requires enterprise security teams to think and act beyond traditional cybersecurity measures that are purely passive and reactive, and in most cases, ineffective against emerging threats and sophisticated threat actors. Prioritizing cybersecurity means implementing more proactive, adaptive, and actionable measures that can work together to effectively address the
Trial Opens Against Meta CEO Mark Zuckerberg and Other Leaders Over Facebook Privacy Violations
An $8 billion class action investors’ lawsuit against Meta stemming from the 2018 privacy scandal involving the Cambridge Analytica political consulting firm.
The post Trial Opens Against Meta CEO Mark Zuckerberg and Other Leaders Over Facebook Privacy Violations appeared first on SecurityWeek.
VMware Flaws That Earned Hackers $340,000 at Pwn2Own Patched
Four CVEs disclosed at the Pwn2Own Berlin 2025 hacking competition have been patched in VMware products.
The post VMware Flaws That Earned Hackers $340,000 at Pwn2Own Patched appeared first on SecurityWeek.