Month: May 2025

 A critical security vulnerability discovered in Icinga 2 monitoring systems enables attackers to bypass certificate validation and obtain legitimate certificates for impersonating trusted network nodes.  The flaw, designated CVE-2025-48057 with…

 A sophisticated new malware strain has been discovered operating on Windows systems for weeks without detection, employing an advanced evasion technique that deliberately corrupts its Portable Executable (PE) headers to…

Apex will enhance Tenable's AI Aware tool by mitigating the threats of AI applications and tools not governed by organizations, while enforcing existing security policies. Read More  

The rate of compensation gains has slowed from the COVID years, and budgets remain largely static due to economic fears, but CISOs are increasingly gaining executive status and responsibilities. Read More  

 As digital transformation accelerates and cyber threats grow more sophisticated, Zero Trust Architecture (ZTA) has transitioned from a niche framework to a non-negotiable security standard for enterprises in 2025. With…

The software company, which specializes in remote IT management, said a "sophisticated nation state actor" was behind the attack but provided few details. Read More  

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May 30, 2025 – Read the full story in Cybercrime Magazine To understand the magnitude of the…

The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023. "The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations," Trend

[[{"value":"China-linked hackers used a compromised government site to target other government entities with the ToughProgress malware that uses an attacker-controlled Google Calendar for C&C. The post Chinese Hacking Group APT41…

[[{"value":"The roadmap provides an overview of four key stages of the migration process, namely preparation, baseline understanding, planning and execution, and monitoring and evaluation. The post MITRE Publishes Post-Quantum Cryptography…

[[{"value":"The IT software provider says ScreenConnect users were impacted by the attack, which exploited a high-severity ASP.NET vulnerability. The post ConnectWise Discloses Suspected State-Sponsored Hack appeared first on SecurityWeek."}]] Read More  

Breaking Out of the Security Mosh Pit When Jason Elrod, CISO of MultiCare Health System, describes legacy healthcare IT environments, he doesn't mince words: "Healthcare loves to walk backwards into the future. And this is how we got here, because there are a lot of things that we could have prepared for that we didn't, because we were so concentrated on where we were." This chaotic approach has