Vulnerability ManagementGoogle Chrome data leakage bug confirmed as actively exploitedLaura FrenchMay 16, 2025Insufficient policy enforcement could lead to data disclosure when loading malicious resources.
Email securitySednit group’s ‘Operation RoundPress’ targets webmail servers globallySteve ZurierMay 16, 2025While most of the victims are based overseas, security pros say it’s plausible the group will also target North America.
IdentityGovernment contractors scrambling to meet heightened CMMC requirementsShaun NicholsMay 15, 2025The rollout of new rules around the Cybersecurity Maturity Model Certification by the U.S. Department of Defense is pushing government contractors to upgrade their internal security practices and protections
Application securityGoogle Calendar used as middleman for stealthy NPM malwareLaura FrenchMay 15, 2025The malicious package also uses Unicode steganography to evade detection.
RansomwareRansomware group sets sights on US retailers after hitting UK merchantsSteve ZurierMay 15, 2025Google suspects Scattered Spider targeted UK retailers Marks & Spencer, the Co-op and Harrods.
AI/MLAgentic AI used by threat actors to turbocharge cyberattacksShaun NicholsMay 14, 2025Palo Alto Networks researchers spot instances where threat actors are using AI platforms.
Vulnerability ManagementEuropean Vulnerability Database debuts amid CVE shakeupLaura FrenchMay 14, 2025The EUVD, maintained by ENISA, compiles information from the CVE program, CSIRTs and vendors.
Vulnerability ManagementSAP NetWeaver flaw exploited by ransomware groups BianLian, RansomEXXSteve ZurierMay 14, 2025A second zero-day flaw was found in addition to exploitation of Netweaver by ransomware groups.
IdentityTycoon 2FA phishing kit update timeline reveals new evasion techniquesLaura FrenchMay 13, 2025Browser fingerprinting and additional payload encryption are the most recent methods used.
Network SecurityMicrosoft fixes 75 vulnerabilities, 11 critical, in May Patch TuesdayShaun NicholsMay 13, 2025Patches include five vulnerabilities actively targeted in the wild, as well as two others with public exploit code available.
Microsoft needs to get serious about secure software, or we’ll find a new IT partner Roger CresseyMay 15, 2025
The recent ransomware attacks on UK retailers all targeted gaps in identity Rob AinscoughMay 14, 2025