Network SecurityRooted, jailbroken mobile devices pose security risk to organizationsShaun NicholsMarch 20, 2025One out of every 1,000 devices it encounters have either been rooted (Android) or jailbroken (iOS).
Data SecurityVeeam patches critical 9.9 flaw in backup and replication productSteve ZurierMarch 20, 2025Deserialization vulnerability that could let attackers run a remote code execution (RCE).
Patch/Configuration ManagementFlaw in Windows shortcut abused by at least 11 threat groupsShaun NicholsMarch 19, 2025Attackers are making use of Windows shortcut (.lnk) files to dupe users into running malicious code on their systems.
Threat IntelligenceClearFake exploits Web3 capabilities for malware campaignLaura FrenchMarch 19, 2025The threat actor retrieves resources and payloads from smart contracts on the Binance Smart Chain.
Vulnerability ManagementGitHub Action bug allows supply chain attack; added to CISA listSteve ZurierMarch 19, 2025Affected organizations running repos in GitHub should assume compromise and rotate secrets immediately.
MalwarePhony CAPTCHA checks trick targets to download malwareShaun NicholsMarch 18, 2025Attackers use familiarity of CAPTCHA tests to dupe victims, HP reports.
AI/MLHow AI coding assistants could be compromised via rules fileLaura FrenchMarch 18, 2025Researchers showed how GitHub Copilot and Cursor could be manipulated with hidden Unicode.
Cloud Security$32 billion Google-Wiz deal bodes well for cloud security, experts saySteve ZurierMarch 18, 2025Acquisition promises to blend Google Cloud’s AI depth with stronger cloud security from Wiz.
RansomwareAkira ransomware decryption method uses GPUs to brute force keysLaura FrenchMarch 17, 2025Source code for the decryption method was published by programmer Yohanes Nugroho.
Vulnerability ManagementApache Tomcat flaw actively exploited; could allow ‘devastating’ RCEShaun NicholsMarch 17, 2025Remote code execution may be achieved on vulnerable servers with a single PUT API request.
