New York prosecutors say that two people working at a third-party contractor for the StubHub online ticket marketplace made $635,000 after almost 1,000 concert tickets and reselling them online. […]
Ethereum private key stealer on PyPI downloaded over 1,000 times
A malicious Python Package Index (PyPI) package named “set-utils” has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain. […]
Microsoft 365 apps will prompt users to back up files in OneDrive
Starting mid-March 2025, Microsoft will start prompting users of its Microsoft 365 apps for Windows to back up their files to OneDrive. […]
Over 37,000 VMware ESXi servers vulnerable to ongoing attacks
Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. […]
Free vCISO Course: Turning MSPs and MSSPs into Cybersecurity Powerhouses
The vCISO Academy is a free learning platform to equip service providers with training needed to build and expand their vCISO offerings. Learn more from Cynomi on how the Academy helps you launch or expand your vCISO services. […]
Malicious Chrome extensions can spoof password managers in new attack
A newly devised “polymorphic” attack allows malicious Chrome extensions to morph into browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information. […]
Federal Contractor Cybersecurity Bill Passes House
The House of Representatives has passed a bill aimed at requiring federal contractors to have a Vulnerability Disclosure Policy (VDP).
The post Federal Contractor Cybersecurity Bill Passes House appeared first on SecurityWeek.
Nigerian Accused of Hacking Tax Preparation Firms Extradited to US
Matthew Akande was extradited to the US to face charges for his role in hacking into Massachusetts tax preparation firms’ networks.
The post Nigerian Accused of Hacking Tax Preparation Firms Extradited to US appeared first on SecurityWeek.
Financial Organizations Urge CISA to Revise Proposed CIRCIA Implementation
A group of financial organizations is asking CISA to rescind and reissue its proposed implementation of CIRCIA.
The post Financial Organizations Urge CISA to Revise Proposed CIRCIA Implementation appeared first on SecurityWeek.
Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution.
The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been described as a case of prototype pollution.
“Prototype pollution in Kibana leads to
The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been described as a case of prototype pollution.
“Prototype pollution in Kibana leads to