Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked as CVE-2025-22217… Read More »Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer
The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a… Read More »UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents
A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany.… Read More »PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks
Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals. “By exploiting this flaw, attackers can gain unauthorized… Read More »OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking
Triaging and investigating alerts is central to security operations. As SOC teams strive to keep up with ever-increasing alert volumes and complexity, modernizing SOC automation strategies with AI has emerged… Read More »AI SOC Analysts: Propelling SecOps into the future
The Council of the European Union has sanctioned three individuals for allegedly carrying out “malicious cyber activities” against Estonia. The three Russian nationals – Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and… Read More »E.U. Sanctions 3 Russian Nationals for Cyber Attacks Targeting Estonia’s Key Ministries
While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST… Read More »How Long Does It Take Hackers to Crack Modern Hashing Algorithms?
Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and… Read More »Ransomware Targets ESXi Systems via Stealthy SSH Tunnels for C2 Operations
DeepSeek, the Chinese AI startup that has captured much of the artificial intelligence (AI) buzz in recent days, said it’s restricting registrations on the service, citing malicious attacks. “Due to… Read More »Top-Rated Chinese AI App DeepSeek Limits Registrations Amid Cyberattacks
Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild. The vulnerability, tracked as… Read More »Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More