Security leaders discuss new phishing campaign targeting Mac users
Research has identified a new phishing campaign targeting Mac users.
Vulnerability Exploitation Possibly Behind Widespread DrayTek Router Reboots
DrayTek routers around the world are rebooting and the vendor’s statement suggests that it may involve the exploitation of a vulnerability. The post Vulnerability Exploitation Possibly Behind Widespread DrayTek Router Reboots appeared first on SecurityWeek.
VMware Patches Authentication Bypass Flaw in Windows Tools Suite
The authentication bypass vulnerability, tagged as CVE-2025-22230, carries a CVSS severity score of 7.8/10. The post VMware Patches Authentication Bypass Flaw in Windows Tools Suite appeared first on SecurityWeek.
Next.js middleware authorization bypass vulnerability: Are you vulnerable?
A critical vulnerability in the Next.js framework, officially disclosed on March 21, 2025, allows attackers to bypass middleware security controls through a simple header manipulation. This post summarizes what we know about CVE-2025-29927, how you can mitigate the vulnerability, and how Acunetix can help you detect and confirm your organization’sRead More »Next.js middleware authorization bypass vulnerability: Are you vulnerable?
Microsoft Adds AI Agents to Security Copilot
Microsoft has expanded the capabilities of Security Copilot with AI agents tackling data security, phishing, and identity management. The post Microsoft Adds AI Agents to Security Copilot appeared first on SecurityWeek.
Charm Security Emerges From Stealth With $8 Million in Funding
Charm Security has emerged from stealth mode with $8 million in funding for AI-powered scams and social engineering prevention. The post Charm Security Emerges From Stealth With $8 Million in Funding appeared first on SecurityWeek.
Numotion Data Breach Impacts Nearly 500,000 People
Email-related data breach suffered by wheelchair and other mobility equipment provider Numotion affects almost 500,000 individuals. The post Numotion Data Breach Impacts Nearly 500,000 People appeared first on SecurityWeek.
NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD
The effects of the backlog is already being felt in vulnerability management circles where NVD data promises an enriched source of truth. The post NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD appeared first on SecurityWeek.
Oracle Denies Cloud Breach After Hacker Offers to Sell Data
Oracle has denied that Cloud systems have been breached after a hacker claimed to have stolen millions of records. The post Oracle Denies Cloud Breach After Hacker Offers to Sell Data appeared first on SecurityWeek.
Russian Firm Offers $4 Million for Telegram Exploits
A Russian exploit acquisition firm says it is willing to pay up to $4 million for full-chain exploits targeting the popular messaging service Telegram. The firm, Operation Zero, is known for selling zero-day exploits exclusively to Russian government and private organizations. On March 20, the exploit broker announced on XRead More »Russian Firm Offers $4 Million for Telegram Exploits