Microsoft Defender
Microsoft Defender Insufficient Granularity of Access Control Vulnerability — Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate pr
Latest Disclosures
22 BRIDGE:BREAK Flaws Expose 20,000
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged
French govt agency
France Titres, the government agency in France for issuing and managince administrative documents has disclosed a data breach after a threat actor claimed the attack and stealing citizen data. [...]
Actively exploited Apache ActiveMQ flaw
Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. [...]
No Exploit Needed
The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still ha
Ransomware negotiator caught secretly assisting
Angelo Martino pleaded guilty to helping BlackCat ransomware group while acting as a ransomware negotiator. Another U.S. cybersecurity expert, Angelo Martino, admitted helping the BlackCat ransomware group while working
Hackers exploit Vercel’s trust in
Frontend cloud platform Vercel, the creator of Next.js and Turbo.js, has warned about a data breach after a compromised third-party AI application abused OAuth to access its internal systems. A Vercel employee used th
France’s ANTS ID System website
A cyberattack hit France’s ANTS website, possibly exposing personal data from users applying for IDs, passports, and driver’s licenses. A cyberattack targeted France’s ANTS platform, which handles applications for passpo
PaperCut NG/MF
PaperCut NG/MF Improper Authentication Vulnerability — PaperCut NG/MF contains an improper authentication vulnerability that could allow remote attackers to bypass authentication on affected installations via the Securit
Synacor Zimbra Collaboration Suite (ZCS)
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScr
Third-party AI hack triggers Vercel
Vercel suffered a breach after a hacked Context.ai tool exposed an employee account, letting attackers access limited internal systems and non-sensitive data. Vercel reported a security breach caused by the compromise of
Breach at BE PRIME cybersecurity company
Alberto Payo reports: A cybersecurity company based in Mexico, BePrime, was reportedly the victim of a cyberattack that allegedly resulted in the leak of 12.6 GB of data and access to network infrastructure and video sur
Vercel Employee's AI Tool Access
Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher noted.
Cisco Catalyst SD-WAN Manager
Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability — Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability
JetBrains TeamCity
JetBrains TeamCity Relative Path Traversal Vulnerability — JetBrains TeamCity contains a relative path traversal vulnerability that could allow limited admin actions to be performed.
Scattered Spider member Tyler Buchanan
Tyler Buchanan, linked to Scattered Spider, pleaded guilty in the US to hacking companies and stealing millions in cryptocurrency. Tyler Buchanan, a 24-year-old from Scotland linked to the Scattered Spider group, admitte
Seiko USA website defaced as
The Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to leak it unless a ransom is paid. [...]
Next.js Creator Vercel Hacked
Vercel confirmed suffering a breach after a hacker claiming to be part of ShinyHunters offered to sell stolen data for $2 million. The post Next.js Creator Vercel Hacked appeared first on SecurityWeek.
Minidoka Memorial Hospital updates Easter
Dysruption Hub reports: Minidoka Memorial Hospital in Rupert, Idaho, said a cyber incident on Easter morning, April 5, limited imaging services and led to some emergency patient transfers, though the hospital and its cli
Cisco Catalyst SD-WAN Manger
Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability — Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface o
Kentico Kentico Xperience
Kentico Xperience Path Traversal Vulnerability — Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relative locations.
Cyberattack at French identity document agency may have
A cyberattack targeting a French government website used to manage identity documents and driver’s licenses may have exposed users’ personal data, the Interior Ministry said.
The Gentlemen ransomware now uses
A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate. [...]
Cisco Catalyst SD-WAN Manager
Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability — Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local