Pierluigi Paganini
February 22, 2025
Apple removed iCloud’s Advanced Data Protection in the UK after the government requested encryption backdoor access. Apple ends iCloud end-to-end encryption in the United Kingdom following the government’s request for encryption backdoor access. Advanced Data Protection is now unavailable for new UK users. In 2022, the IT giant introduced the optional setting Advanced Data Protection (ADP) […]
Pierluigi Paganini
February 21, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Craft CMS and Palo Alto Networks PAN-OS vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The two vulnerabilities are: Craft is a flexible, user-friendly CMS, affected […]
Pierluigi Paganini
February 21, 2025
Australian software firm Atlassian patched 12 critical and high-severity flaws in Bamboo, Bitbucket, Confluence, Crowd, and Jira. Software firm Atlassian released security patches to address 12 critical- and high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd, and Jira products. The most severe vulnerabilities addressed by the company are: CVE-2024-50379 – (CVSS score of 9.8) – RCE […]
Pierluigi Paganini
February 20, 2025
China-linked cyber espionage group Salt Typhoon uses custom malware JumbledPath to on spy U.S. telecom providers. Cisco Talos researchers reported that China-linked APT group Salt Typhoon uses a custom-built utility, dubbed JumbledPath, to spy on network traffic of U.S. telecommunication providers. China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor) and has been active since at least 2019 and […]
Pierluigi Paganini
February 20, 2025
NailaoLocker ransomware is a new threat that targeted European healthcare organizations from June to October 2024. Orange Cyberdefense CERT uncovered a malware campaign, tracked as The Green Nailao campaign, that targeted European organizations, including healthcare, in late 2024, using ShadowPad, PlugX, and the previously undocumented NailaoLocker ransomware. The Orange Cyberdefense CERT investigated four attackers with […]
Pierluigi Paganini
February 20, 2025
Microsoft addressed a privilege escalation vulnerability in Power Pages, the flaw is actively exploited in attacks. Microsoft has addressed two critical vulnerabilities, tracked as CVE-2025-21355 (CVSS score: 8.6) and CVE-2025-24989 (CVSS score: 8.2), respectively impacting Bing and Power Pages. CVE-2025-21355 is a missing authentication for critical Function in Microsoft Bing, an unauthorized attacker could exploit the flaw […]
Pierluigi Paganini
February 20, 2025
Citrix addressed a high-severity privilege escalation vulnerability impacting NetScaler Console and NetScaler Agent under certain conditions. Citrix released security updates to address a high-severity security vulnerability, tracked as CVE-2024-12284 (CVSS score of 8.8) impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent. The vulnerability is an improper privilege management that could allow attackers to escalate privileges […]
Pierluigi Paganini
February 20, 2025
Palo Alto Networks warns that the vulnerability CVE-2025-0111 is actively exploited with two other flaws to compromise PAN-OS firewalls. Palo Alto Networks warns that threat actors are chaining the vulnerability CVE-2025-0111 with two other vulnerabilities, tracked as CVE-2025-0108 with CVE-2024-9474, to compromise PAN-OS firewalls. The vulnerability CVE-2025-0111 is a file read issue in PAN-OS, an […]
Pierluigi Paganini
February 19, 2025
Russia-linked threat actors exploit Signal ‘s “linked devices” feature to hijack accounts, per Google Threat Intelligence Group. Google Threat Intelligence Group (GTIG) researchers warn of multiple Russia-linked threat actors targeting Signal Messenger accounts used by individuals of interest to Russian intelligence. The experts speculate that the tactics, techniques, and procedures used to target Signal will […]
Pierluigi Paganini
February 19, 2025
Venture capital firm Insight Partners suffered a cyberattack involving unauthorized access to its information systems. A cyber attack hit venture capital firm Insight Partners, threat actors gained unauthorized access to its information systems. Venture Capital (VC) is a form of private equity financing provided by firms or funds to startup, early-stage, and emerging companies, that […]
