Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware called DripDropper. But in an unusual twist, the unknown attackers have been observed patching the exploited vulnerability after securing initial access to prevent further exploitation by otherRead More »Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems

A majority of organizations are unprepared for shorter SSL/TLS certificate lifespans. 

Financial institutions like trading and brokerage firms are the target of a new campaign that delivers a previously unreported remote access trojan called GodRAT. The malicious activity involves the “distribution of malicious .SCR (screen saver) files disguised as financial documents via Skype messenger,” Kaspersky researcher Saurabh Sharma said in aRead More »New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code

Most organizations approach cybersecurity issues reactively, responding to threats only after the damage has been done. 

A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft. The exploit in question chains together CVE-2025-31324 and CVE-2025-42999 to bypass authentication and achieve remote code execution, SAP security company Onapsis said. CVE-2025-31324Read More »Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution