SonicWall has been investigating reports about a zero-day potentially being exploited in ransomware attacks, but found no evidence of a new vulnerability. The post SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability appeared first on SecurityWeek.
Python is everywhere in modern software. From machine learning models to production microservices, chances are your code—and your business—depends on Python packages you didn’t write. But in 2025, that trust comes with a serious risk. Every few weeks, we’re seeing fresh headlines about malicious packages uploaded to the Python PackageRead More »Webinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You Need
Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems. “At runtime the code silently spawns a shell, pulls a second-stage payload from an interchangeable set of .icu and .techRead More »Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes
Many companies are showcasing their products and services this week at the 2025 edition of the Black Hat conference in Las Vegas. The post Black Hat USA 2025 – Summary of Vendor Announcements (Part 3) appeared first on SecurityWeek.
Airlines Air France and KLM have disclosed a data breach stemming from unauthorized access to a third-party platform. The post Air France, KLM Say Hackers Accessed Customer Data appeared first on SecurityWeek.
CISA and Microsoft have issued advisories for CVE-2025-53786, a high-severity flaw allowing privilege escalation in cloud environments. The post Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment appeared first on SecurityWeek.
The government of China has accused Nvidia of inserting a backdoor into their H20 chips: China’s cyber regulator on Thursday said it had held a meeting with Nvidia over what it called “serious security issues” with the company’s artificial intelligence chips. It said US AI experts had “revealed that Nvidia’sRead More »China Accuses Nvidia of Putting Backdoors into Their Chips
Now that we are well into 2025, cloud attacks are evolving faster than ever and artificial intelligence (AI) is both a weapon and a shield. As AI rapidly changes how enterprises innovate, security teams are now tasked with a triple burden: Secure AI embedded in every part of the business.Read More »The AI-Powered Security Shift: What 2025 Is Teaching Us About Cloud Defense
Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions. The vulnerability, tracked as CVE-2025-53786, carries a CVSS score of 8.0. Dirk-jan Mollema with Outsider Security has been acknowledged for reporting theRead More »Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups
Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks. “The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to configure and manage fleets of cameras, and the Axis CameraRead More »6,500 Axis Servers Expose Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits
