![]() |
Description: Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. [...]
April 25th, 2025 (about 2 months ago)
|
![]() |
Description: Baltimore City Public Schools notified tens of thousands of employees and students of a data breach following an incident in February when unknown attackers hacked into its network. [...]
April 25th, 2025 (about 2 months ago)
|
![]() |
Description: Check out highlights from this year’s Verizon DBIR, including a surge in zero-day exploits targeting edge devices and VPNs. Plus, find out what’s new in the latest version of MITRE ATT&CK. Also, see what Tenable webinar attendees said about AI security. And get the latest on ransomware preparedness for OT systems and on the FBI’s 2024 cyber crime report.Dive into five things that are top of mind for the week ending April 25.1 - Verizon DBIR: To break in, hackers favor credentials and vulnerabilitiesAs your organization fine-tunes its cyber defenses, here’s an unsurprising yet highly relevant fact: The two most common avenues for cyberattackers to hack into victims’ networks are compromised credentials and exploited vulnerabilities.That’s according to Verizon’s “2025 Data Breach Investigations Report” (DBIR), which was published this week. The report is based on an analysis of 22,000 real-world security incidents — including about 12,200 confirmed breaches — that occurred globally between Nov. 1, 2023 and to Oct. 31, 2024."The DBIR's findings underscore the importance of a multi-layered defense strategy," Chris Novak, VP of Global Cybersecurity Solutions at Verizon Business, said in a statement. "Businesses need to invest in robust security measures, including strong password policies, timely patching of vulnerabilities, and comprehensive security awareness training for employees," he added.Cyber attackers used credential abuse as their initial access vector in 22% of breac...
April 25th, 2025 (about 2 months ago)
|
![]() |
Description: The FBI has asked the public for information on Chinese Salt Typhoon hackers behind widespread breaches of telecommunications providers in the United States and worldwide. [...]
April 25th, 2025 (about 2 months ago)
|
![]() |
Description: Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions.
The vulnerabilities, flagged by cybersecurity vendor OPSWAT, are listed below -
CVE-2025-27610 (CVSS score: 7.5) - A path traversal
CVSS: HIGH (7.5)
April 25th, 2025 (about 2 months ago)
|
![]() |
April 24th, 2025 (about 2 months ago)
|
![]() |
Description: In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea. [...]
April 24th, 2025 (about 2 months ago)
|
![]() |
Description: A ransomware attack in January at Frederick Health Medical Group, a major healthcare provider in Maryland, has led to a data breach affecting nearly one million patients. [...]
April 24th, 2025 (about 2 months ago)
|
![]() |
Description: A targeted campaign by the North Korean Lazarus Group, dubbed Operation SyncHole, used a combination of watering hole tactics and software exploits to compromise at least six South Korean organizations between November 2024 and February 2025. These were companies engaged in the fields of software, semiconductor manufacturing, IT, finance, and telecommunications. The campaign exploited vulnerabilities …
The post Lazarus Group Breached Semiconductor and Software Firms in South Korea appeared first on CyberInsider.
April 24th, 2025 (about 2 months ago)
|
![]() |
Description: Yale New Haven Health (YNHHS) is warning that threat actors stole the personal data of 5.5 million patients in a cyberattack earlier this month. [...]
April 24th, 2025 (about 2 months ago)
|