Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company’s Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack. […]
Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers
Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. […]
ThreatMate Raises $3.2 Million for Attack Surface Management Platform
ThreatMate has raised $3.2 million in seed funding for its AI-powered attack surface management solution for MSPs.
The post ThreatMate Raises $3.2 Million for Attack Surface Management Platform appeared first on SecurityWeek.
US health system notifies 882,000 patients of August 2023 breach
Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information. […]
Cloudflare outage caused by botched blocking of phishing URL
A routine attempt to block a phishing URL in Cloudflare’s R2 object storage platform backfired yesterday, triggering a widespread outage yesterday that brought down multiple services for nearly an hour. […]
DeepSeek App Transmits Sensitive User and Device Data Without Encryption
A new audit of DeepSeek’s mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks.
The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and
The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and
Microsoft shares workaround for Windows security update issues
Microsoft has shared a workaround for users affected by a known issue that blocks Windows security updates from deploying on some Windows 11 24H2 systems. […]
In Other News: Cybersecurity Salaries, NanoLock Collapse, NSO Transparency Report
Noteworthy stories that might have slipped under the radar: NanoLock Security ceases operations, NSO publishes transparency report, cybersecurity salaries data.
The post In Other News: Cybersecurity Salaries, NanoLock Collapse, NSO Transparency Report appeared first on SecurityWeek.
Information of 883,000 Stolen in Crippling Attack on Hospital Sisters Health System
Hospital Sisters Health System says the personal information of 883,000 individuals was compromised in a 2023 crippling cyberattack.
The post Information of 883,000 Stolen in Crippling Attack on Hospital Sisters Health System appeared first on SecurityWeek.
CISA Warns of Active Exploitation in Trimble Cityworks Vulnerability Leading to IIS RCE
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution.
“This could
The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution.
“This could