Month May 2025

Cybersecurity researchers have discovered a security flaw in Microsoft's OneDrive File Picker that, if successfully exploited, could allow websites to access a user's entire cloud storage content, as opposed to just the files selected for upload via the tool.
"This stems from overly broad OAuth scopes and misleading consent screens that fail to clearly explain the extent of access being granted,

 Cybercriminals leveraged critical vulnerabilities in remote monitoring software to breach a managed service provider and attack multiple customers. Cybersecurity researchers at Sophos have revealed details of a sophisticated attack where threat actors exploited vulnerabilities in SimpleHelp remote monitoring and management…

[[{“value”:”Identity security automation platform Cerby has raised $40 million in Series B funding to scale operations. The post Cerby Raises $40 Million for Identity Automation Platform appeared first on SecurityWeek.”}]] Read More  

 Zscaler Inc. announced on May 27, 2025, a definitive agreement to acquire Red Canary, a leading Managed Detection and Response (MDR) company, in a strategic move to enhance its AI-powered security operations capabilities.  The acquisition combines Zscaler’s Zero Trust Exchange…

[[{“value”:”Mandiant warns that a Vietnamese hacking group tracked as UNC6032 is distributing malware via fake AI video generator websites. The post Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites appeared first on SecurityWeek.”}]] Read More  

Dark Reading is offering its readers the opportunity to tell us how we’re doing via a new survey. Read More  

 A sophisticated cyber campaign has emerged targeting a critical vulnerability in Craft Content Management System, with threat actors successfully deploying cryptocurrency mining malware across compromised servers. The vulnerability, designated CVE-2025-32432, represents a remote code execution flaw that requires no authentication…

 As the digital threat landscape intensifies and new technologies reshape business operations, cybersecurity budgeting in 2025 will be significantly transformed. Organizations worldwide are increasing their security spending and rethinking how to allocate resources most effectively to defend against evolving risks…

 A threat actor has allegedly leaked sensitive data belonging to telecommunications giant AT&T, claiming to possess 31 million customer records totaling 3.1GB of information available in both JSON and CSV formats.  The alleged breach was posted on a prominent dark…

Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot.
Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts.
"Rather than scanning the internet, the malware retrieves a list of targets from a command-and-control (C2) server

The August acquisition will bring together Red Canary’s extensive integration ecosystem with Zscaler’s cloud transaction data to deliver an AI-powered security operations platform. Read More  

[[{“value”:”Security researchers warn that OneDrive’s file sharing tool may grant third-party web apps access to all your files—not just the one you choose to upload. The post OneDrive Gives Web Apps Full Read Access to All Files appeared first on…

[[{“value”:”Google and Mozilla released patches for Chrome and FireFox to address a total of 21 vulnerabilities between the two browsers, including three rated high severity. The post Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities appeared first on SecurityWeek.”}]] Read More