CISA urges immediate patching for recently disclosed Broadcom, Commvault, and Qualitia vulnerabilities exploited in the wild.
The post CISA Warns of Exploited Broadcom, Commvault Vulnerabilities appeared first on SecurityWeek.
Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool
In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that’s capable of conducting surveillance.
The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support the use of the Uyghur
The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support the use of the Uyghur
CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerabilities in question are listed below –
The vulnerabilities in question are listed below –
CVE-2025-1976 (CVSS score: 8.6) – A code injection flaw
IBM’s $150 Billion US Investment to Boost Quantum Innovation and National Security
IBM will invest more than $30 billion in research and development to advance and continue its American manufacturing of mainframe and quantum computers.
The post IBM’s $150 Billion US Investment to Boost Quantum Innovation and National Security appeared first on SecurityWeek.
Marks & Spencer breach linked to Scattered Spider ransomware attack
Ongoing outages at British retail giant Marks & Spencer are caused by a ransomware attack believed to be conducted by a hacking collective known as “Scattered Spider” BleepingComputer has learned from multiple sources. […]
Hitachi Vantara takes servers offline after Akira ransomware attack
Hitachi Vantara, a subsidiary of Japanese multinational conglomerate Hitachi, was forced to take servers offline over the weekend to contain an Akira ransomware attack. […]
VeriSource now says February data breach impacts 4 million people
Employee benefits administration firm VeriSource Services is warning that a data breach exposed the personal information of four million people. […]
Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw
Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers. […]
Kali Linux warns of update failures after losing repo signing key
Offensive Security warned Kali Linux users to manually install a new Kali repository signing key to avoid experiencing update failures. […]
Palo Alto Networks to Acquire AI Security Firm Protect AI
Palo Alto Networks is acquiring AI security company Protect AI in a deal previously estimated at $650-700 million.
The post Palo Alto Networks to Acquire AI Security Firm Protect AI appeared first on SecurityWeek.