Broadcom warned customers today about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center. […]
Polish Space Agency Hit by Cyberattack
The Polish space agency POLSA says it has disconnected its network from the internet to contain a cyberattack.
The post Polish Space Agency Hit by Cyberattack appeared first on SecurityWeek.
Jamf to Acquire Identity Automation for $215 Million
Apple device management firm Jamf has entered into an agreement to acquire IAM platform Identity Automation.
The post Jamf to Acquire Identity Automation for $215 Million appeared first on SecurityWeek.
Vulnerabilities Patched in Qualcomm, Mediatek Chipsets
Chip makers Qualcomm and Mediatek have released patches for many vulnerabilities across their products.
The post Vulnerabilities Patched in Qualcomm, Mediatek Chipsets appeared first on SecurityWeek.
Broadcom Patches 3 VMware Zero-Days Exploited in the Wild
Broadcom patched VMware zero-days CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226 after Microsoft warned it of exploitation.
The post Broadcom Patches 3 VMware Zero-Days Exploited in the Wild appeared first on SecurityWeek.
Google Patches Pair of Exploited Vulnerabilities in Android
Android’s March 2025 security update addresses over 40 vulnerabilities, including two actively exploited in the wild.
The post Google Patches Pair of Exploited Vulnerabilities in Android appeared first on SecurityWeek.
Google fixes Android zero-day exploited by Serbian authorities
Google has released patches for 43 vulnerabilities in Android’s March 2025 security update, including two zero-days. Serbian authorities have used one of the zero-days to unlock confiscated devices. […]
How New AI Agents Will Transform Credential Stuffing Attacks
Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about to get worse still with Computer-Using Agents, a new kind of AI agent that enables low-cost, low-effort automation of common web tasks — including those frequently performed by attackers.
Stolen credentials: The cyber criminal’s weapon of choice
Stolen credentials: The cyber criminal’s weapon of choice
Exploitation Long Known for Most of CISA’s Latest KEV Additions
Exploitation has been known for months or years for most of the latest vulnerabilities added by CISA to its KEV catalog.
The post Exploitation Long Known for Most of CISA’s Latest KEV Additions appeared first on SecurityWeek.
Suspected Iranian Hackers Used Compromised Indian Firm’s Email to Target U.A.E. Aviation Sector
Threat hunters are calling attention to a new highly-targeted phishing campaign that singled out “fewer than five” entities in the United Arab Emirates (U.A.E.) to deliver a previously undocumented Golang backdoor dubbed Sosano.
The malicious activity was specifically directed against aviation and satellite communications organizations, according to Proofpoint, which detected it in late October
The malicious activity was specifically directed against aviation and satellite communications organizations, according to Proofpoint, which detected it in late October