The Citrix NetScaler vulnerability tracked as CitrixBleed 2 and CVE-2025–5777 may be exploited in the wild for initial access. The post Evidence Suggests Exploitation of CitrixBleed 2 Vulnerability appeared first on SecurityWeek.
A vulnerability in the extension publishing mechanism of Open VSX could have allowed attackers to tamper with any repository. The post Vulnerability Exposed All Open VSX Repositories to Takeover appeared first on SecurityWeek.
Hackers are abusing the Microsoft 365 Direct Send feature to deliver phishing emails that bypass email security controls. The post Microsoft 365 Direct Send Abused for Phishing appeared first on SecurityWeek.
Threat intelligence firm GreyNoise is warning of a “notable surge” in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025—suggesting that attackers may be preparing for another mass exploitation campaign or probing for unpatched systems.MOVEit Transfer is a popular managed file transfer solution used by businesses and governmentRead More »MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted
Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft’s ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors. “The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious,” Trellix researchers Nico Paulo
Trend Micro is recognized for our Cloud CNAPP capabilities and product strategy—affirming our vision to deliver a cloud security solution that predicts, protects, and responds to threats across hybrid and multi-cloud environments.
Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry (“open-vsx[.]org”) that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk. “This vulnerability provides attackers full control over the entire extensions marketplace, andRead More »Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks
The proposal seeks to ban all use of the technology in the U.S. government, with exceptions for use in research and counterterrorism efforts. The post Bipartisan Bill Aims to Block Chinese AI From Federal Agencies appeared first on SecurityWeek.
WhatsApp is banned from U.S. House of Representatives devices.
Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry a CVSS score of 10.0Read More »Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access
