U.S. Govt. Funding for MITRE’s CVE Ends April 16, Cybersecurity Community on Alert

16/04/2025 0 Comments 0 tags

The U.S. government funding for non-profit research giant MITRE to operate and maintain its Common Vulnerabilities and Exposures (CVE) program will expire Wednesday, an unprecedented development that could shake up

Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders

15/04/2025 0 Comments 0 tags

Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that’s designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious

Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds

15/04/2025 0 Comments 0 tags

Everybody knows browser extensions are embedded into nearly every user’s daily workflow, from spell checkers to GenAI tools. What most IT and security people don’t know is that browser extensions’

Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence

15/04/2025 0 Comments 0 tags

A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change.

Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool

15/04/2025 0 Comments 0 tags

The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called

Crypto Developers Targeted by Python Malware Disguised as Coding Challenges

15/04/2025 0 Comments 0 tags

The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer

Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval

15/04/2025 0 Comments 0 tags

Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union, nearly a year

Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability

15/04/2025 0 Comments 0 tags

A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406

Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft

14/04/2025 0 Comments 0 tags

Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online accounts. The technique has been codenamed

ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading

14/04/2025 0 Comments 0 tags

Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors. “The threat actor leverages fear-based lures delivered