Vulnerability ManagementResearchers detail unauthenticated bypass via Apple USB vulnerabilityShaun NicholsFebruary 18, 2025Security consultancy Quarkslab said that the flaw could allow threat actors to bypass USB lockouts.
Vulnerability ManagementOpenSSH flaws could enable man-in-the-middle attacks, denial of serviceLaura FrenchFebruary 18, 2025If the VerifyHostKeyDNS option is activated, an attacker could impersonate a server to hijack SSH sessions.
Critical Infrastructure SecurityInfostealers target major US defense contractors, military personnelSteve ZurierFebruary 18, 2025Attackers stole data from U.S. military and Lockheed Martin, Boeing and Honeywell employees for as little as $10 per computer.
Ransomware‘Pig butchering’ led to banner 2024 for cryptocurrency scamsShaun NicholsFebruary 14, 2025Cryptocurrency scams netted cyber criminals $9.9 billion last year.
IdentityMicrosoft 365 accounts targeted in device code spear-phishing schemeLaura FrenchFebruary 14, 2025Suspected Russian threat actors obtain access tokens through a lesser-known authentication flow.
Network SecurityChina’s RedMike hackers taking aim at telcos via flaws in Cisco gearShaun NicholsFebruary 13, 2025China-sponsored threat group exploiting more than 1,000 Cisco devices globally.
Vulnerability ManagementPalo Alto Networks PAN-OS flaw risks authentication bypassLaura FrenchFebruary 13, 2025The vulnerability stems from path confusion between Nginx and Apache components.
Vulnerability ManagementCritical Nvidia flaw could menace AI systemsShaun NicholsFebruary 12, 2025A flaw rated "critical" in Nvidia server tools could potentially allow attackers to compromise AI servers.
Vulnerability ManagementIvanti fixes 4 critical flaws, including CVSS 9.9 in Connect SecureLaura FrenchFebruary 12, 2025The flaws could enable remote code execution or arbitrary file writing and should be patched immediately.
RansomwareLockBit crackdown continues with Zservers sanctionsLaura FrenchFebruary 11, 2025The Russia-based bulletproof hosting service provided infrastructure to LockBit affiliates, officials say.