SQL Injection vulnerability (CVE-2025-9339) has been found in SIMPLE.ERP software.

Wojeski & Company suffered a ransomware attack, and then an insider breach when an employee of a firm hired to investigate the breach inappropriately accessed data. Employees were also...

Japanese retailer halts online orders after attack cripples third-party vendor Japanese retailer Muji is suspending online orders after logistics partner Askul was knocked offline by a ransomware attack.…

The Russian state-backed Star Blizzard hacker group has ramped up operations with new, constantly evolving malware families (NoRobot, MaybeRobot) deployed in complex delivery chains that start...

Scouting America (formerly known as Boy Scouts) has a new badge in cybersecurity. There’s an image in the article; it looks good. I want one.

Over on Risky Biz News, Catalin Cimpanu has a great write-up about how a Romanian prisoner hacked the country’s prison management platform. He writes: The incident took place in August and...

Juan F. Luis Hospital CEO Darlene A. Baptiste says no personal data was stolen in the April cyberattack that forced the hospital offline for months, causing major billing delays, financial losses,...

CISA adds high-severity flaw to KEV list, urges swift updating Uncle Sam's cyber wardens have warned that a high-severity flaw in Microsoft's Windows SMB client is now being actively exploited –...

Gateways can do more than route traffic, they can also strengthen your entire security posture. Learn how NordLayer combines ZTNA, firewalls, and private gateways to secure hybrid teams and keep...

Cisco Talos has observed increased activity by malicious actors leveraging Direct Send as part of phishing campaigns. Here's how to strengthen your defenses.

Common email phishing tactics in 2025 include PDF attachments with QR codes, password-protected PDF documents, calendar phishing, and advanced websites that validate email addresses.

A flaw rooted in the Server Message Block (SMB) protocol of Windows enables attackers to escalate privileges to SYSTEM level on vulnerable Windows devices, potentially granting full control over...

Security pros explore whether infection-spoofing code can immunize Windows systems against attack Feature What's better, prevention or cure? For a long time the global cybersecurity industry has...

Microsoft has fixed a major bug preventing Microsoft 365 users from launching the classic Outlook email client on Windows systems. [...]

Kaspersky GReAT experts break down a recent PassiveNeuron campaign that targets servers worldwide with custom Neursite and NeuralExecutor APT implants and Cobalt Strike.

Zero trust is the best kind of trust when it comes to securing your organization, says ZScaler Partner Content Many organizations across Europe have taken steps to implement Zero Trust principles,...

Calendar cock-up exposed recipients' details Anti-fraud nonprofit Cifas was left red-faced after sending out a calendar invite that exposed the email addresses of dozens of individuals working...

Microsoft has released an emergency update to fix the Windows Recovery Environment (WinRE), which became unusable on systems with USB mice and keyboards after installing the October 2025 security...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, officially confirming a recently...

Attackers obtain remote code execution through abuse of SQL-server environments (exploitation, SQL injection, or credential compromise) and attempt to install web shells. When detection (e.g.,...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added five CVEs to its Known Exploited Vulnerabilities (KEV) catalog today, including Microsoft, Apple and Oracle vulnerabilities....

In just seven minutes, the thieves took off with crown jewels containing with thousands of diamonds along with other precious gems.

It’s easy to think your defenses are solid — until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The...

ClickFix, FileFix, fake CAPTCHA — whatever you call it, attacks where users interact with malicious scripts in their web browser are a fast-growing source of security breaches. ClickFix attacks...

The NSA did not confirm nor deny the allegations made by China’s Ministry of State Security. China said the origins of the attack date back to March 2022. The post China’s spy agency accuses NSA...

The DNS0.EU non-profit public DNS service focused on European users announced its immediate shut down due to time and resource constraints. [...]

Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale. The...

Joseph Cox reports: A hacking group that recently doxed hundreds of government officials, including from the Department of Homeland Security (DHS) and Immigration and Customs Enforcement (ICE),...

Kim Zetter reports: The investigation into former national security advisor John Bolton’s handling of classified material stemmed in part from an admission Bolton made to the FBI in July 2021 that...

Microsoft has confirmed that this month's security updates disable USB mice and keyboards in the Windows Recovery Environment (WinRE), making it unusable. [...]