NEWS

Vulnerability Management

Google Chrome data leakage bug confirmed as actively exploited

Laura FrenchMay 16, 2025

Insufficient policy enforcement could lead to data disclosure when loading malicious resources.

Email security

Sednit group’s ‘Operation RoundPress’ targets webmail servers globally

Steve ZurierMay 16, 2025

While most of the victims are based overseas, security pros say it’s plausible the group will also target North America.

Identity

Government contractors scrambling to meet heightened CMMC requirements

Shaun NicholsMay 15, 2025

The rollout of new rules around the Cybersecurity Maturity Model Certification by the U.S. Department of Defense is pushing government contractors to upgrade their internal security practices and protections

Application security

Google Calendar used as middleman for stealthy NPM malware

Laura FrenchMay 15, 2025

The malicious package also uses Unicode steganography to evade detection.

A stock illustration that represents the concept of e-commerce phishing in pastel orange and cobalt blue, incorporating fake shopping carts and conceptual metaphors of stolen data and false security for an engaging and intuitive understanding of the concept. Utilize soft gradients and layered shadows to create a hint of spatial complexity and priority. --ar 16:9 --v 6.1 Job ID: b12556c8-93ea-4d94-91b3-9ca3f4a58a7b

Ransomware

Ransomware group sets sights on US retailers after hitting UK merchants

Steve ZurierMay 15, 2025

Google suspects Scattered Spider targeted UK retailers Marks & Spencer, the Co-op and Harrods.

Data Poisoning is when someone intentionally messes with data to make it unreliable or incorrect. This can be done to cause harm or damage.

AI/ML

Agentic AI used by threat actors to turbocharge cyberattacks

Shaun NicholsMay 14, 2025

Palo Alto Networks researchers spot instances where threat actors are using AI platforms.

Vulnerability Management

European Vulnerability Database debuts amid CVE shakeup

Laura FrenchMay 14, 2025

The EUVD, maintained by ENISA, compiles information from the CVE program, CSIRTs and vendors.

SAP is a German based multinational software corporation

Vulnerability Management

SAP NetWeaver flaw exploited by ransomware groups BianLian, RansomEXX

Steve ZurierMay 14, 2025

A second zero-day flaw was found in addition to exploitation of Netweaver by ransomware groups.

Identity

Tycoon 2FA phishing kit update timeline reveals new evasion techniques

Laura FrenchMay 13, 2025

Browser fingerprinting and additional payload encryption are the most recent methods used.

patch presented in the form of binary code

Network Security

Microsoft fixes 75 vulnerabilities, 11 critical, in May Patch Tuesday

Shaun NicholsMay 13, 2025

Patches include five vulnerabilities actively targeted in the wild, as well as two others with public exploit code available.

NEWS

Google Chrome data leakage bug confirmed as actively exploited

Sednit group’s ‘Operation RoundPress’ targets webmail servers globally

Government contractors scrambling to meet heightened CMMC requirements

Google Calendar used as middleman for stealthy NPM malware

Ransomware group sets sights on US retailers after hitting UK merchants

Agentic AI used by threat actors to turbocharge cyberattacks

European Vulnerability Database debuts amid CVE shakeup

SAP NetWeaver flaw exploited by ransomware groups BianLian, RansomEXX

Tycoon 2FA phishing kit update timeline reveals new evasion techniques

Microsoft fixes 75 vulnerabilities, 11 critical, in May Patch Tuesday

Upcoming Webcasts

Breaking the Chain: How to Disrupt Cybercrime’s Use of Stolen Data

Cyber Resilience IS the Strategy: Why Business and Security Must Align Now

Breaking the silos: A unified approach to vulnerability management

Cloud Detection and Response (CDR): Essential strategies and solutions

Rewriting the AppSec Playbook: Ditch the Vulnerability Backlog, Defend What Matters

Perspectives

The US needs a more offensive approach to security

Why vulnerability scanning and patching alone no longer work

Microsoft needs to get serious about secure software, or we’ll find a new IT partner

Cybersecurity News Articles | SC Media

NEWS

Google Chrome data leakage bug confirmed as actively exploited

Sednit group’s ‘Operation RoundPress’ targets webmail servers globally

Government contractors scrambling to meet heightened CMMC requirements

Google Calendar used as middleman for stealthy NPM malware

Ransomware group sets sights on US retailers after hitting UK merchants

Agentic AI used by threat actors to turbocharge cyberattacks

European Vulnerability Database debuts amid CVE shakeup

SAP NetWeaver flaw exploited by ransomware groups BianLian, RansomEXX

Tycoon 2FA phishing kit update timeline reveals new evasion techniques

Microsoft fixes 75 vulnerabilities, 11 critical, in May Patch Tuesday

Upcoming Webcasts

Breaking the Chain: How to Disrupt Cybercrime’s Use of Stolen Data

Cyber Resilience IS the Strategy: Why Business and Security Must Align Now

Breaking the silos: A unified approach to vulnerability management

Cloud Detection and Response (CDR): Essential strategies and solutions

Rewriting the AppSec Playbook: Ditch the Vulnerability Backlog, Defend What Matters

Perspectives

The US needs a more offensive approach to security

Why vulnerability scanning and patching alone no longer work

Microsoft needs to get serious about secure software, or we’ll find a new IT partner