Security
Headlines
HeadlinesLatestCVEs

Latest News

Will 2025 See a Rise of NHI Attacks?

The flurry of non-human identity attacks at the end of 2024 demonstrates extremely strong momentum heading into the new year. That does not bode well.

DARKReading
Open in Source
#vulnerability#web#ios#android#mac#microsoft#cisco#git#intel#oauth#auth#jira
Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet

Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further abuse. Some

7-Zip bug could allow a bypass of a Windows security feature. Update now

A vulnerability in 7-Zip that could allow attackers to bypass the MotW security feature in Windows has been patched.

Trump Pardons Silk Road Founder Ross Ulbricht, Calls Prosecutors ‘Scum’

President Trump pardons Silk Road founder Ross Ulbricht, slamming prosecutors as “scum.” The move reignites debates on cybercrime…

Discover Hidden Browsing Threats: Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks

As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks associated with data exposure, identity vulnerabilities, and unmonitored browsing behavior have skyrocketed. Forward-thinking security teams are looking for security controls and strategies to address these risks, but they do not always know which risks to prioritize. In some cases, they might have

President Trump Pardons Silk Road Creator Ross Ulbricht After 11 Years in Prison

U.S. President Donald Trump on Tuesday granted a "full and unconditional pardon" to Ross Ulbricht, the creator of the infamous Silk Road drug marketplace, after spending 11 years behind bars. "I just called the mother of Ross William Ulbricht to let her know that in honor of her and the Libertarian Movement, which supported me so strongly, it was my pleasure to have just signed a full and

PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack

A previously undocumented China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private network (VPN) provider in 2023, according to new findings from ESET. "The attackers replaced the legitimate installer with one that also deployed the group's signature implant that we have named SlowStepper – a

Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services. The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS score: 9.9) that could allow an attacker to seize control of susceptible instances. "Easily exploitable

Mandatory MFA, Biometrics Make Headway in Middle East, Africa

Despite lagging in technology adoption, African and Middle Eastern organizations are catching up, driven by smartphone acceptance and national identity systems.