cybersecurity news – Threat Note

From Cybercrime Magazine – Passkeys: A More Secure Future.

Why Passkeys Are the Future of Online Security: Moving Beyond Vulnerable Passwords –Alfred Bonilla, Vice President, Modern Access, Mastercard San Jose, Calif. – Apr. 9, 2025 At this point, we’ve…

shaikh Saqib April 9, 2025

News

From Dark Reading – Using Post-Quantum Planning to Improve Security Hygiene

With careful planning, the transition to post-quantum cryptography can significantly improve security and risk management for the present and future. Read More

shaikh Saqib April 9, 2025

News

From Cyber Security News – Shopware Security Plugin Exposes Systems to SQL Injection Attacks

A plugin designed to patch security vulnerabilities in older versions of Shopware has itself been found vulnerable to SQL injection attacks. The flaw, discovered in Shopware Security Plugin 6 version…

shaikh Saqib April 9, 2025

News

From Cyber Security News – Attackers Exploits SourceForge Software Hosting Platform to Deliver Malware

Cybercriminals have devised a sophisticated scheme exploiting SourceForge, a popular software hosting platform, to distribute malicious software disguised as legitimate office applications. The attack leverages the platform’s feature that automatically…

shaikh Saqib April 9, 2025

News

From Cybercrime Magazine – Investigative Journalist Deep Dives Into The Bybit Hack

This week in cybersecurity from the editors at Cybercrime Magazine –Listen to the podcast Sausalito, Calif. – Apr. 9, 2025 Major media outlets globally reported Feb. 21, 2025 that a $1.5…

shaikh Saqib April 9, 2025

News

From Security Week – Qevlar AI Raises $10 Million for Autonomous Investigation Platform

[[{"value":"French cybersecurity startup Qevlar AI has raised $10 million in a funding round led by EQT Ventures and Forgepoint Capital International. The post Qevlar AI Raises $10 Million for Autonomous…

shaikh Saqib April 9, 2025

News

From Cyber Security News – Windows Kerberos Vulnerability Let Attackers Bypass Security Feature & Access Credentials

Microsoft has released a patch for a critical Windows Kerberos vulnerability (CVE-2025-29809) that allows attackers to bypass security features and potentially access sensitive authentication credentials. The flaw, addressed in the…

shaikh Saqib April 9, 2025

News

From Cyber Security News – CISA Warns of Microsoft Windows CLFS Vulnerability Exploited in Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Microsoft Windows vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The flaw in the Windows Common Log File…

shaikh Saqib April 9, 2025

News

From Cyber Security News – New GIFTEDCROOK Stealer Attacking Government Orgs To Steal Sensitive Data

Ukrainian government organizations are facing a sophisticated new cyber threat as threat actors deploy the recently discovered GIFTEDCROOK stealer malware to harvest sensitive data. Since February 2025, security researchers have…

shaikh Saqib April 9, 2025

News

From Security Week – Treasury’s OCC Says Hackers Had Access to 150,000 Emails

[[{"value":"The Office of the Comptroller of the Currency (OCC) has disclosed an email security incident in which 100 accounts were compromised for over a year. The post Treasury’s OCC Says…

shaikh Saqib April 9, 2025

News

From The Hacker News – New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner

A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware codenamed TCESB. "Previously unseen in ToddyCat attacks, [TCESB] is designed to stealthily execute payloads in circumvention of protection and monitoring tools installed on the device," Kaspersky said in an

shaikh Saqib April 9, 2025

News

From Security Week – CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days

[[{"value":"CISA has added fresh CentreStack and Windows CLFS vulnerabilities to the Known Exploited Vulnerabilities catalog. The post CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days appeared first on SecurityWeek."}]] Read…

shaikh Saqib April 9, 2025

News

From Security Week – Vulnerabilities Patched by Ivanti, VMware, Zoom

[[{"value":"Ivanti, VMware, and Zoom released fixes for dozens of vulnerabilities in their products on April 2025 Patch Tuesday. The post Vulnerabilities Patched by Ivanti, VMware, Zoom appeared first on SecurityWeek."}]] Read…

shaikh Saqib April 9, 2025

News

From Security Week – Fortinet Patches Critical FortiSwitch Vulnerability

[[{"value":"Fortinet fixes a critical-severity bug in FortiSwitch that could allow an attacker to modify administrative passwords. The post Fortinet Patches Critical FortiSwitch Vulnerability appeared first on SecurityWeek."}]] Read More

shaikh Saqib April 9, 2025

News

From The Hacker News – Explosive Growth of Non-Human Identities Creating Massive Security Blind Spots

GitGuardian's State of Secrets Sprawl report for 2025 reveals the alarming scale of secrets exposure in modern software environments. Driving this is the rapid growth of non-human identities (NHIs), which have been outnumbering human users for years. We need to get ahead of it and prepare security measures and governance for these machine identities as they continue to be deployed, creating an

shaikh Saqib April 9, 2025