The Common Vulnerabilities and Exposures (CVE) Program is one of the most central programs in cybersecurity, so news that MITRE’s contract to run the program was expiring sent shock waves through the cybersecurity community on April 15. But fears for the future of the globally recognized program underpinning show more ...
North Korean hackers sent more than 120,000 phishing emails to nearly 18,000 individuals over a three-month campaign that impersonated South Korea’s Military Counterintelligence Command's communication during the Martial Law turmoil, the National Police Agency said Wednesday. The campaign began in November 2024 show more ...
By Associate Professor Dr. Sheeba Armoogum, University of Mauritius In 2025, the paradigms of human hacking are undergoing a substantial transformation due to the influence of artificial intelligence (AI). While traditional social engineering tactics exploit the psychological vulnerabilities inherent in individuals, show more ...
On April 14, 2025, 4Chan, the infamous anonymous image board, experienced downtime due to unexplained outages that left users frustrated and speculating about the cause. While the exact reason for the downtime remains uncertain, some users have suggested that a cyberattack or hacking incident could be responsible. show more ...
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common show more ...
Trend Micro researchers detailed an emerging ransomware campaign by a new group known as "CrazyHunter" that is targeting critical sectors in Taiwan.
Cybercriminals capitalize on tax preparation stress, technology sprawl, and lax communications. Accounting teams can't afford to treat cybersecurity as an afterthought.
The attacks have been going on since shortly after Microsoft patched the vulnerability in March.
Active Directory is one of the most vulnerable access points in an organization's IT environment. Companies cannot wait for a real attack to pressure-test their AD recovery strategy.
Cloud misconfigurations and cryptography flaws plague some of the top apps used in work environments, exposing organizations to risk and intrusion.
The U.S. National Institute of Standards and Technology (NIST) updated its Privacy Framework to work cohesively with its Cybersecurity Framework and guide organizations to develop stronger postures to handle privacy risks..
Researchers discovered new variants of the malware, which is tied to a China-nexus threat group, targeting Windows environments of critical infrastructure networks in Europe.
A fix for a critical flaw in a tool allowing organizations to run GPU-accelerated containers released last year did not fully mitigate the issue, spurring the need to patch a secondary flaw to protect organizations that rely on NVIDIA processors for AI workloads.
The MITRE Corporation said on Tuesday that its stewardship of the CVE program may be ending this week because the federal government has decided not to renew its contract with the nonprofit.
Car rental giant Hertz has been notifying state regulators of a data breach that occurred through third-party file sharing software. Tens of thousands of people are affected, but the company hasn't specified a total number.
“The CVE Program is invaluable to the cyber community and a priority of CISA,” a CISA spokesperson said. “We appreciate our partners’ and stakeholders’ patience.”
The digital forensics company known as Meiya Pico won a contract in mid-2023 to build two labs at the Tibet Police College: one on offensive and defensive cyber techniques and the other on electronic evidence collection and analysis.
A U.K. law firm specializing in crime, family fraud, sexual offenses and other sensitive matters has been fined after a hack that led to a data leak on the dark web — something the company only learned about after authorities contacted it.
The Swedish Accident Investigation Authority said it was unable to determine whether the Yi Peng 3 had accidentally or purposefully damaged a submarine cable in the Baltic Sea.
The Cybersecurity and Infrastructure Security Agency on Wednesday said that while the scope of the reported Oracle issue remains unconfirmed, it "presents potential risk to organizations and individuals."
The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures (CVE) program will expire Wednesday, an unprecedented development that could shake up one of the foundational pillars of the global cybersecurity ecosystem. The 25-year-old CVE program is a valuable tool for vulnerability management, offering a de facto standard to
Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024. While using malware-laced apps to steal financial information is not a new phenomenon, the new findings from Russian antivirus vendor Doctor Web point to
Google on Wednesday revealed that it suspended over 39.2 million advertiser accounts in 2024, with a majority of them identified and blocked by its systems before it could serve harmful ads to users. In all, the tech giant said it stopped 5.1 billion bad ads, restricted 9.1 billion ads, and blocked or restricted ads on 1.3 billion pages last year. It also suspended over 5 million accounts for
Threat actors are leveraging an artificial intelligence (AI) powered presentation platform named Gamma in phishing attacks to direct unsuspecting users to spoofed Microsoft login pages. "Attackers weaponize Gamma, a relatively new AI-based presentation tool, to deliver a link to a fraudulent Microsoft SharePoint login portal," Abnormal Security researchers Hinman Baron and Piotr Wojtyla said in
Introduction Cyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue to expand their reliance on third-party vendors, cloud-based services, and global logistics networks, cybercriminals are exploiting vulnerabilities within these interconnected systems to launch attacks. By first infiltrating a third-party vendor with undetected
Cybersecurity researchers have unearthed a new controller component associated with a known backdoor called BPFDoor as part of cyber attacks targeting telecommunications, finance, and retail sectors in South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024. "The controller could open a reverse shell," Trend Micro researcher Fernando Mercês said in a technical report published earlier in
Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and
Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues have been uncovered in a binary named "schtasks.exe," which enables an administrator to create, delete, query, change,
A data breach at insurance firm Lemonade left the details of thousands of drivers' licenses exposed for 17 months. According to the company, on March 14 2025 Lemonade learnt that a vulnerability in its online car insurance application process contained a vulnerability that was likely to have exposed "certain show more ...
Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data
Source: securityaffairs.com – Author: Pierluigi Paganini A critical flaw (CVE-2025-24859, CVSS 10) in Apache Roller lets attackers keep access even after password changes. All versions ≤6.1.4 are affected. A critical vulnerability, tracked as CVE-2025-24859 (CVSS score of 10.0), affects the Apache show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini Meta announced that it will use public EU user data to train AI, resuming plans paused last year over Irish data protection concerns. Meta will start training its AI models using public data from adults in the EU, after pausing the plan last year over show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini Hertz Corporation disclosed a data breach after customer data was stolen via Cleo zero-day exploits in late 2024, affecting Hertz, Thrifty, and Dollar brands. Car rental giant Hertz Corporation disclosed a data breach that impacted its Hertz, Thrifty, and show more ...
Source: securityaffairs.com – Author: Pierluigi Paganini Huntress reports active exploitation of Gladinet CVE-2025-30406 in the wild, affecting seven organizations and 120 endpoints. Security researchers at Huntress warn of attacks in the wild exploiting a critical vulnerability, tracked as CVE-2025-30406, in show more ...
Celebrate the accomplishments and impact of the 2023 Society of Women Engineers award recipients. Source Views: 0 La entrada Individuals in Engineering and Technology Recognized for STEM Achievements & Community Contributions se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
We are excited to announce our dates for upcoming events & topics. Source Views: 0 La entrada Women In Government FY24 Calendar of Events se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Discover the exciting new changes to the SWE Awards Program and learn more about its history in this episode of Diverse: a SWE podcast. Source Views: 0 La entrada SWE Diverse Podcast Ep 223: Recognizing Women in STEM: Introducing SWE’s New Awards Program se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
SWE hosted two roundtable discussions in Barcelona on topics affecting women in STEM. Source Views: 0 La entrada Exploring Barriers to Women in STEM with Researchers in Spain se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Get to know your Society of Women Engineers (SWE) network and the exciting journey of one Global Affiliate. Source Views: 0 La entrada Global Affiliate Spotlight: SWE Cambridgeshire in the UK se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
An enthusiastic audience gathered for the installation of the FY24 SWE Board of Directors and Board of Trustees. Source Views: 0 La entrada Installation of the FY24 SWE Board of Directors and Board of Trustees se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
The Women in Government Affinity Group, a vibrant community within the Society of Women Engineers, has been leading the charge in empowering women professionals and promoting these values. Over the past year, the group organized a series of engaging events, ranging from providing guidance for a national conference to show more ...
Learn about Maryam Brown’s career journey in STEM and energy policy on our new episode of Diverse: a SWE podcast! Source Views: 0 La entrada SWE Diverse Podcast Ep 222: A Fireside Chat with SoCalGas President Maryam Brown se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the show more ...
Source: www.darkreading.com – Author: Kristina Beek, Associate Editor, Dark Reading Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed show more ...
Source: www.csoonline.com – Author: News Apr 15, 20256 mins CSO and CISOMergers and AcquisitionsSecurity The awkward period after an acquisition closes and before the acquired firm is fully integrated into the acquiring enterprise is now a top cyberthief target, say experts. The period right after an show more ...
Source: www.csoonline.com – Author: News Analysis Apr 15, 20256 mins GovernmentThreat and Vulnerability Management MITRE’s 25-year-old Common Vulnerabilities and Exposures (CVE) program will end April 16 after DHS did not renew its funding contract for reasons unspecified. Experts say ending the program, show more ...
Source: www.csoonline.com – Author: News Apr 15, 20254 mins Healthcare IndustryMalwarePhishing Distributed via phishing emails, the DLL side-loaded malware’s payload is executed only in memory and uses sophisticated detection evasion and anti-analysis techniques. Security researchers have observed a new show more ...
Source: www.csoonline.com – Author: Auch ohne Lösegeldzahlung: Eine Ransomware-Attacke kam die Fourlis Group, die als Franchise-Nehmer IKEA-Filialen in Südosteuropa betreibt, teuer zu stehen. Die Folgen des Ransomware-Angriffs auf den Franchise-Nehmer der IKEA-Filialen in Südosteuropa sind noch immer zu show more ...
Source: www.csoonline.com – Author: Chinese authorities claim US intelligence targeted Microsoft Windows systems and critical infrastructure in a coordinated campaign. China has accused the US of conducting more than 170,000 cyberattacks against the Asian Winter Games held in Harbin this February. Officials show more ...
Source: www.csoonline.com – Author: An optional feature issued with the fix can cause a bug rollback, making a secondary DOS issue possible on top of root-level privilege exploitation. A critical race condition bug affecting the Nvidia Container Toolkit, which received a fix in September, might still be open to show more ...
Source: www.infosecurity-magazine.com – Author: Hertz Corporation has confirmed a data breach that exposed sensitive customer data after attackers exploited a zero-day vulnerability in file transfer software provided by Cleo Communications. The breach affected the Hertz, Thrifty and Dollar brands and occurred show more ...
Source: www.infosecurity-magazine.com – Author: A Chinese cyber espionage tool initially made for intrusion into Linux systems has been used to spy on European organizations via Windows. On April 15, European cybersecurity company NVISO published a report with new findings on BRICKSTORM, a backdoor linked to show more ...
Source: www.infosecurity-magazine.com – Author: A new analysis of over 17,000 enterprise mobile apps has revealed critical security flaws that could put millions of users and companies at risk. According to a new report from Zimperium, Your Apps are Leaking: The Hidden Data Risks on your Phone, these show more ...
Source: www.infosecurity-magazine.com – Author: A surge in the use of scalper bots is causing chaos for driving test applicants in the UK, new research from DataDome has revealed. The fraud prevention specialist claimed that scalpers are using automated programs to book in-demand driving tests when new slots show more ...
Source: www.infosecurity-magazine.com – Author: The cybersecurity community has reacted with shock and bewilderment at a decision by the US government not to renew MITRE’s contract to manage the Common Vulnerabilities and Exposures (CVE) database. The non-profit’s CVE program has for a quarter of a century show more ...
Source: thehackernews.com – Author: . Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The show more ...
