U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Langflow flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Langflow flaw, tracked as CVE-2025-3248 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Langflow is a popular tool used for building agentic AI workflows. CVE-2025-3248 is a […]
Google addressed 46 Android security vulnerabilities, including one issue that has been exploited in attacks in the wild. Google’s monthly security updates for Android addressed 46 flaws, including a high-severity vulnerability, tracked as CVE-2025-27363 (CVSS score of 8.1), that has been exploited in the wild. The company did not disclose any details regarding the attacks […]
A new BYOI technique lets attackers bypass SentinelOne EDR, disable protection, and deploy Babuk ransomware by exploiting the agent upgrade process. Aon’s Stroz Friedberg discovered a new “Bring Your Own Installer” (BYOI) EDR bypass technique that exploits a flaw in SentinelOne’s upgrade process to bypass its anti-tamper protections, leaving endpoints unprotected. Stroz Friedberg researchers did […]
Kelly Benefits has determined that the impact of the recently disclosed data breach is much bigger than initially believed. Benefits and payroll solutions firm Kelly & Associates Insurance Group, aka Kelly Benefits, announced that the impact of a recently disclosed data breach is much bigger than initially estimated. The U.S.-based company provides benefits, payroll, and […]
A hacker stole data from TeleMessage, exposing messages from its modified Signal, WhatsApp, and other apps sold to the U.S. government. A hacker stole customer data from TeleMessage, an Israeli firm selling modified versions of popular messaging apps, such as Signal and WhatsApp, to the U.S. government. “The data stolen by the hacker contains the […]
Hackers claim Co-op cyberattack is worse than admitted, with major customer and employee data stolen, and provide proof to the BBC. The attackers behind the recent Co-op cyberattack, who go online with the name DragonForce, told the BBC that they had stolen data from the British retail and provided proof of the data breach. Hackers […]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Yii Framework and Commvault Command Center flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: […]
Harrods confirmed a cyberattack, following similar incidents suffered by M&S and Co-op, making it the third major UK retailer targeted in one week. Luxury department store Harrods confirmed a cyberattack, threat actors attempted to gain unauthorised access to some of its systems. “We recently experienced attempts to gain unauthorised access to some of our systems.” […]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: […]
Pro-Russia hacktivist group NoName057(16) is targeting Dutch organizations with large-scale DDoS attacks, the country’s National Cyber Security Center (NCSC) warns. This week, several Dutch and European organizations faced large-scale DDoS attacks launched by Pro-Russia hacktivists, including the NoName057(16) group. Threat actors target organizations across public and private sectors. Russian hacktivist group NoName057(16) claimed some of […]