A couple simple steps companies can take to protect their systems from ransomwareStephen WeigandAugust 2, 2021
Network SecurityBroadcom fixes authentication bypass flaw in VMware Tools for WindowsShaun NicholsMarch 27, 2025Access control weakness could potentially allow log-ins without proper authentication in VMware Tools for Windows.
Vulnerability ManagementUnofficial fixes for novel NTLM hash-exposing zero-day issuedSC StaffMarch 26, 2025ACROS Security has released unofficial patches for a novel Windows SCF File NTLM hash disclosure zero-day flaw.
Data SecurityMisconfiguration leaks over 34M Sydney Tools order recordsSC StaffMarch 26, 2025Major Australian trade tool retailer Sydney Tools had more than 34 million online order records and over 5,000 employees' records leaked by an unprotected ClickHouse database, according to Cybernews.
Patch/Configuration ManagementFlaw in Windows shortcut abused by at least 11 threat groupsShaun NicholsMarch 19, 2025Attackers are making use of Windows shortcut (.lnk) files to dupe users into running malicious code on their systems.
Vulnerability ManagementGitHub Action bug allows supply chain attack; added to CISA listSteve ZurierMarch 19, 2025Affected organizations running repos in GitHub should assume compromise and rotate secrets immediately.
MalwarePhony CAPTCHA checks trick targets to download malwareShaun NicholsMarch 18, 2025Attackers use familiarity of CAPTCHA tests to dupe victims, HP reports.
Vulnerability ManagementApache Tomcat flaw actively exploited; could allow ‘devastating’ RCEShaun NicholsMarch 17, 2025Remote code execution may be achieved on vulnerable servers with a single PUT API request.
