WhatsApp Flaw Added to CISA’s Known Exploited Vulnerabilities Catalog
CISA has announced the addition of two vulnerabilities to its Known Exploited Vulnerabilities catalog.
CISA has announced the addition of two vulnerabilities to its Known Exploited Vulnerabilities catalog.
Interesting experiment: To design their experiment, the University of Pennsylvania researchers tested 2024’s GPT-4o-mini model on two requests that it should ideally refuse: calling the user a jerk and giving directions for how to synthesize lidocaine. The researchers created experimental prompts for both requests using each of seven different persuasionRead More »GPT-4o-mini Falls for Psychological Manipulation
A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month. “SAP S/4HANA allows an attacker with userRead More »SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
The hackers were seen actively monitoring cyber threat intelligence to discover and rebuild exposed infrastructure. The post North Korean Hackers Targeted Hundreds in Fake Job Interview Attacks appeared first on SecurityWeek.
IT threat evolution in Q2 2025. Mobile statistics IT threat evolution in Q2 2025. Non-mobile statistics The mobile section of our quarterly cyberthreat report includes statistics on malware, adware, and potentially unwanted software for Android, as well as descriptions of the most notable threats for Android and iOS discovered duringRead More »IT threat evolution in Q2 2025. Mobile statistics
IT threat evolution in Q2 2025. Non-mobile statistics IT threat evolution in Q2 2025. Mobile statistics The statistics in this report are based on detection verdicts returned by Kaspersky products unless otherwise stated. The information was provided by Kaspersky users who consented to sharing statistical data. The quarter in numbersRead More »IT threat evolution in Q2 2025. Non-mobile statistics
Proofpoint, SpyCloud, Tanium, and Tenable confirmed that hackers accessed information stored in their Salesforce instances. The post More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach appeared first on SecurityWeek.
Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn’t kept pace. Most organizations still rely on traditional reporting methods—static PDFs, emailed documents, and spreadsheet-based tracking. The problem? These outdatedRead More »Automation Is Redefining Pentest Delivery
A critical SAP S/4HANA code injection flaw tracked as CVE-2025-42957 and allowing full system takeover has been exploited in the wild. The post Recent SAP S/4HANA Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing attacks impersonating the Colombian judicial system. The SVG files, according to VirusTotal, are distributed via email and designed to execute an embedded JavaScript payload, which then decodes and injects aRead More »VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages