Security Affairs

MARCH 26, 2025

Broadcom addressed a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230, in VMware Tools for Windows. Broadcom released security updates to address a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230 (CVSS score 9.8), impacting VMware Tools for Windows.

Authentication 102

Authentication Hacking Technology Information Security 102

Security Affairs

JULY 18, 2025

VMware patched flaws disclosed during the Pwn2Own Berlin 2025 hacking contest, where researchers earned $340,000 for exploiting them. Broadcom four vulnerabilities in VMware products demonstrated at Pwn2Own Berlin 2025. Below are the descriptions of the vulnerabilities: CVE-2025-41236 (CVSS score of 9.3)

Hacking 81

Hacking Information Security 81

Security Affairs

FEBRUARY 19, 2025

Palo Alto Networks warns that the vulnerability CVE-2025-0111 is actively exploited with two other flaws to compromise PAN-OS firewalls. Palo Alto Networks warns that threat actors are chaining the vulnerability CVE-2025-0111 with two other vulnerabilities, tracked as CVE-2025-0108 with CVE-2024-9474 , to compromise PAN-OS firewalls.

Firewall 105

Firewall Authentication Architecture Internet 105

Security Affairs

MAY 16, 2025

On day two of Pwn2Own Berlin 2025, participants earned $435,000 for demonstrating zero-day in SharePoint, ESXi, VirtualBox, RHEL, and Firefox. On day two of Pwn2Own Berlin 2025, bug hunters earned a total of $435,000, which brings the contest total to $695,000, after $260,000 was awarded during the first day of the competition.

Hacking 73

Hacking Information Security 73

Security Affairs

MARCH 12, 2025

Microsoft Patch Tuesday security updates for March 2025 address 56 security vulnerabilities in its products, including six actively exploited zero-days. CVE-2025-24984 (CVSS 4.6): An NTFS information disclosure flaw that lets attackers with physical access and a malicious USB device read portions of heap memory.

DNS 108

DNS Hacking Information Security 108

SecureWorld News

FEBRUARY 26, 2025

On February 21, 2025, the cryptocurrency world was rocked by the largest crypto heist in history. Alberto Farronato, Vice President of Marketing at Oasis Security, said he believes the hack will lead to sweeping changes: "The recent $1.46 billion in crypto assets.

Hacking 94

Hacking Cryptocurrency Cyber threats Malware 94

Security Affairs

MAY 14, 2025

Microsoft Patch Tuesday security updates for May 2025 addressed 75 security flawsacross multiple products, including five zero-day flaws. – CVE-2025-30400 – Microsoft DWM Core Library Elevation of Privilege Vulnerability This recently exploited privilege escalation bug, patched again, allows SYSTEM-level code execution.

Engineering 99

Engineering Ransomware Phishing Hacking 99

Security Affairs

MARCH 10, 2025

Another American hospital falls victim to a ransomware attack; the RansomHouse gang announced the hack of Loretto Hospital in Chicago.” ” The RansomHouse gang announced the hack of Loretto Hospital in Chicago, the groups claims to have stolen 1.5TB of sensitive data.

Hacking 116

Hacking Healthcare Backups Ransomware 116

Krebs on Security

MAY 29, 2025

” In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based The FBI has released a technical writeup (PDF) of the infrastructure used to manage the malicious Funnull domains between October 2023 and April 2025.

Scams 244

Scams Internet Internet Cybercrime 244

Security Affairs

JULY 16, 2025

Google released fixes for six Chrome flaws, including one actively exploited in the wild tracked as CVE-2025-6558 (CVSS score of 8.8). CVE-2025-6558 stems from improper validation of untrusted input in Chrome’s ANGLE and GPU components. “Google is aware that an exploit for CVE-2025-6558 exists in the wild.”

Spyware 68

Spyware Engineering Hacking Accountability 68

Penetration Testing

JUNE 23, 2025

CoinTelegraph was hacked on June 22, 2025, with attackers injecting malicious JavaScript to display fake CTG airdrop pop-ups, stealing crypto by draining connected wallets.

Hacking 85

Hacking Scams Cryptocurrency Phishing 85

eSecurity Planet

OCTOBER 18, 2024

EC-Council : The International Council of E-Commerce Consultants, or EC-Council, offers several certifications for different career paths but is best known for its white-hat hacking program. The post Top 9 Trends In Cybersecurity Careers for 2025 appeared first on eSecurity Planet. New to cybersecurity?

Cybersecurity 124

Cybersecurity Artificial Intelligence Penetration Testing CISO 124

Security Affairs

JULY 21, 2025

Microsoft warns of ongoing active exploitation of a SharePoint zero-day vulnerability, tracked as CVE-2025-53770. Microsoft warns of a SharePoint zero-day vulnerability, tracked as CVE-2025-53770 (CVSS score of 9.8), which is under active exploitation. “Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild.”

Authentication 71

Authentication Hacking Information Security 71

Security Affairs

JULY 17, 2025

Cisco warns of CVE-2025-20337, a critical ISE flaw (CVSS 10) allowing remote code execution with root privileges. Cisco addressed a critical vulnerability, tracked as CVE-2025-20337 (CVSS score of 10), in Identity Services Engine (ISE) and Cisco Identity Services Engine Passive Identity Connector (ISE-PIC). For devices on Release 3.3

Engineering 69

Engineering Hacking Cybersecurity Information Security 69

Security Affairs

APRIL 15, 2025

Huntress reports active exploitation of Gladinet CVE-2025-30406 in the wild, affecting seven organizations and 120 endpoints. Security researchers at Huntress warn of attacks in the wild exploiting a critical vulnerability, tracked as CVE-2025-30406 , in Gladinet CentreStack and Triofox software.

Internet 72

Internet Internet Risk Software 72

Security Affairs

JUNE 4, 2025

A critical flaw, tracked as CVE-2025-49113 (CVSS score of 9.9) Researchers at Positive Technologies announced they have reproduced CVE-2025-49113 in Roundcube. Weve reproduced CVE-2025-49113 in Roundcube. has been discovered in the Roundcube webmail software. he said that details and PoC will be published soon.

Authentication 114

Authentication Risk Hacking Technology 114

Security Affairs

MARCH 7, 2025

Mirai-based botnets are exploiting a zero-day flaw, tracked as CVE-2025-1316, in Edimax IP cameras, to achieve remote command execution. US CISA warns that multiple botnets are exploiting a recently disclosed vulnerability, tracked as CVE-2025-1316 (CVSS score of 9.8), in Edimax IC-7100 IP cameras.

Malware 87

Malware Hacking Information Security 87

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Japan) from fake websites (phishing sites) disguised as websites of real securities companies.”

Financial Services 119

Financial Services Passwords Antivirus Accountability 119

Security Affairs

MARCH 4, 2025

The flaws, respectively tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, impact multiple VMware ESX products, including VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform. Below are the descriptions for these vulnerabilities: CVE-2025-22224 (CVSS score of 9.3)

Hacking 113

Hacking Information Security 113

Security Affairs

FEBRUARY 22, 2025

The Bybit hack is the largest cryptocurrency heist ever, surpassing previous ones like Ronin Network ($625M), Poly Network ($611M), and BNB Bridge ($566M). Bybit is Solvent even if this hack loss is not recovered, all of clients assets are 1 to 1 backed, we can cover the loss. billion to an unidentified address. “Almost $1.5

Cryptocurrency 130

Cryptocurrency Hacking Banking Cybersecurity 130

IT Security Guru

MARCH 14, 2025

If your site ever gets hacked, Sucuri provides help to clean it up. This is useful because recovering from a hack can be difficult without expert support. Since weak passwords are responsible for 81% of hacking-related breaches, this is an important feature.

Cybersecurity 74

Cybersecurity Firewall Cyber Attacks Passwords 74

Security Affairs

MARCH 27, 2025

Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chromium Mojo sandbox escape vulnerability, tracked as CVE-2025-2783 , to its Known Exploited Vulnerabilities (KEV) catalog. Kaspersky researchers Boris Larin (@oct0xor) and Igor Kuznetsov (@2igosha) reported the vulnerability on March 20, 2025.

Hacking 105

Hacking Risk Cybersecurity Information Security 105

SecureList

DECEMBER 16, 2024

Verdict: prediction not fulfilled Our predictions for 2025 Data breaches through contractors When abusing company-contractor relationships (trusted relationship attacks), threat actors first infiltrate a supplier’s systems and then gain access to the target organization’s infrastructure or data.

Marketing 104

Marketing Cryptocurrency Data breaches Malware 104

Security Affairs

MARCH 30, 2025

The malicious code has been used in attacks targeting the flaw CVE-2025-0282 in Ivanti Connect Secure (ICS) appliances. Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti Connect Secure Vulnerability CVE-2025-0282 to its Known Exploited Vulnerabilities (KEV) catalog. In January, the U.S. reads the advisory.

Malware 120

Malware Authentication Encryption Hacking 120

Security Affairs

APRIL 8, 2025

WhatsApp addressed a flaw, tracked as CVE-2025-30401, that could allow attackers to trick users and enable remote code execution. WhatsApp released a security update to address a vulnerability, tracked as CVE-2025-30401, that could let attackers trick users and enable remote code execution.

Spyware 115

Spyware Surveillance Hacking Media 115

Security Affairs

MARCH 4, 2025

CVE-2024-53104 was patched in Androids February 2025 update, while CVE-2024-53197 and CVE-2024-50302 (CVSS score of 5.5) The flaws, respectively tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, impact multiple VMware ESX products, including VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform.

Mobile 112

Mobile Hacking Cybersecurity Risk 112

Security Affairs

JULY 10, 2025

Researchers found critical PerfektBlue flaws in OpenSynergy BlueSDK, allowing remote code execution to hack millions of vehicles’ systems. These flaws could enable attackers to hack car systems remotely. The exploitation of the flaws potentially allows remote code execution in millions of vehicles.

Hacking 103

Hacking Energy and Utilities Manufacturing Information Security 103

Security Affairs

MARCH 7, 2025

Between January and February 2025, the ransomware gang claimed responsibility for over 40 attacks. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,ransomware) Experts observed a 42% increase in attacks carried out by the group between 2023 and 2024.

Ransomware 62

Ransomware Antivirus Healthcare Encryption 62

Security Affairs

MARCH 26, 2025

Google has released out-of-band fixes to address a high-severity security vulnerability, tracked as CVE-2025-2783 , in Chrome browser for Windows. Kaspersky researchers Boris Larin (@oct0xor) and Igor Kuznetsov (@2igosha) reported the vulnerability on March 20, 2025. ” reads the advisory published by Google.

Hacking 116

Hacking Information Security 116

Security Affairs

MAY 6, 2025

In April, ReliaQuest researchers warned that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is potentially being exploited. SAP addressed the flaw with the release of the April 2025 Security Patch Day. Thousands of internet-facing applications are potentially at risk.

VPN 69

VPN Hacking Internet Internet 69

Security Affairs

JULY 13, 2025

Hackers exploit critical Wing FTP flaw (CVE-2025-47812) for remote code execution with root/system rights after details leaked on June 30. Threat actors are exploiting a critical flaw, tracked as CVE-2025-47812 (CVSS score of 10), in Wing FTP Server that allows remote code execution with root/system privileges.

Authentication 128

Authentication Accountability Hacking Passwords 128

Krebs on Security

DECEMBER 29, 2024

Identified by the Mandiant as one of the most consequential threat actors of 2024, Judische was responsible for a hacking rampage that exposed private information on hundreds of millions of Americans. Look for a story here in early 2025 that will explore the internal operations of these ruthless and ephemeral voice phishing gangs.

Scams 255

Scams Cybercrime Cryptocurrency Social Engineering 255

Security Affairs

JUNE 26, 2025

for a global hacking scheme that stole and sold data, causing millions in damages. for operating as ‘IntelBroker ,’ running a global hacking scheme that stole and sold data, causing millions in damages. The US DoJ unsealed charges against Kai West, who was arrested in France in February 2025.

Cybercrime 89

Cybercrime Hacking Healthcare Accountability 89

Security Affairs

MARCH 18, 2025

CISA confirmed that the flaw CVE-2025-24472 is known to be used in ransomware campaigns. The second flaw added to the catalog is CVE-2025-30066. The CVE-2025-30066 (CVSS score: 8.6) StepSecurity discovered the supply chain attack on March 14, 2025, where attackers modified the tool to leak CI/CD secrets from workflow logs.

Authentication 115

Authentication Ransomware Firewall Hacking 115

Security Affairs

JUNE 14, 2025

Palo Alto applied 11 Chrome fixes and patched CVE-2025-4233, a cache vulnerability impacting the Prisma Access Browser. The most severe vulnerability, tracked as CVE-2025-4232 (CVSS score of 7.1), is an authenticated code injection through wildcard on macOS. ” reads the advisory. . ” reads the advisory.

Authentication 106

Authentication Hacking Risk Software 106

Security Affairs

FEBRUARY 3, 2025

The February 2025 Android security updates addressed 48 vulnerabilities, including a kernel zero-day flaw exploited in the wild. The February 2025 Android security updates addressed 48 vulnerabilities, including a zero-day flaw, tracked as CVE-2024-53104 , which is actively exploited in attacks in the wild. ” reads the advisory.

Media 114

Media Authentication Hacking Accountability 114

Security Affairs

APRIL 4, 2025

The Computer Emergency Response Team of Ukraine (CERT-UA) reported three cyberattacks in March 2025 targeting Ukrainian agencies and infrastructure to steal sensitive data. Notably, from 2025 onwards, the screenshot functionality shifted to being powered by PowerShell. This activity is tracked under the identifier UAC-0219.

Malware 73

Malware Cyber threats Government Hacking 73