More than 870 N-able N-central instances have not been patched against CVE-2025-8875 and CVE-2025-8876, two exploited vulnerabilities. The post Hundreds of N-able N-central Instances Affected by Exploited Vulnerabilities appeared first on SecurityWeek.
Workday appears to have joined the list of major companies that had their Salesforce instances targeted by hackers. The post Workday Data Breach Bears Signs of Widespread Salesforce Hack appeared first on SecurityWeek.
Researchers have managed to eavesdrop on cell phone voice conversations by using radar to detect vibrations. It’s more a proof of concept than anything else. The radar detector is only ten feet away, the setup is stylized, and accuracy is poor. But it’s a start.
GSX and ASIS International will celebrate 70 years of shaping the future of security, with New Orleans serving as the host city for this anniversary celebration.
The US has indicted Zeppelin ransomware operator Ianis Antropenko, seizing over $2.8 million in cryptocurrency from his wallet. The post US Seizes $2.8 Million From Zeppelin Ransomware Operator appeared first on SecurityWeek.
Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior through a dependency that allows it to establish persistence and achieve code execution. The package, named termncolor, realizes its nefarious functionality through a dependency package called colorinal by means of a multi-stageRead More »Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks
Organizations handling various forms of sensitive data or personally identifiable information (PII) require adherence to regulatory compliance standards and frameworks. These compliance standards also apply to organizations operating in regulated sectors such as healthcare, finance, government contracting, or education. Some of these standards and frameworks include, but are not limitedRead More »Wazuh for Regulatory Compliance
Chinese APT UAT-7237 has been targeting Taiwanese web infrastructure for long-term access to high-value entities. The post Web Hosting Firms in Taiwan Attacked by Chinese APT for Access to High-Value Targets appeared first on SecurityWeek.
In April 2025, Microsoft patched 121 vulnerabilities in its products. According to the company, only one of them was being used in real-world attacks at the time the patch was released: CVE-2025-29824. The exploit for this vulnerability was executed by the PipeMagic malware, which we first discovered in December 2022Read More »Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824
CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event) appeared first on SecurityWeek.
