February was the worst month on record for ransomware attacks - and one threat group had a field dayFebruary 2025 recorded 962 ransomware attacks, the highest ever, with Clop taking a leading role by exploiting new software vulnerabilities.
Ransomware scum abusing Microsoft Windows-signed driverRansomware attackers are exploiting vulnerabilities in Paragon Partition Manager's kernel-level driver to gain SYSTEM-level control over compromised Windows systems.
Researchers Find Elon Musk's New Grok AI Is Extremely Vulnerable to HackingGrok 3 poses serious cybersecurity risks due to its susceptibility to jailbreaks and a new prompt-leaking flaw.
Chinese snoops spotted on end-of-life Juniper routersChinese spies exploited vulnerabilities in Juniper Networks routers to gain root access and deploy backdoors.
CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV ListCISA added five critical vulnerabilities to its KEV catalog, highlighting active exploitation threats.Immediate patch application required by March 31, 2025, for federal agencies.
PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce SectorsA malicious campaign has been targeting Japanese organizations, exploiting CVE-2024-4577 and using Cobalt Strike for persistent access.
February was the worst month on record for ransomware attacks - and one threat group had a field dayFebruary 2025 recorded 962 ransomware attacks, the highest ever, with Clop taking a leading role by exploiting new software vulnerabilities.
Ransomware scum abusing Microsoft Windows-signed driverRansomware attackers are exploiting vulnerabilities in Paragon Partition Manager's kernel-level driver to gain SYSTEM-level control over compromised Windows systems.
Researchers Find Elon Musk's New Grok AI Is Extremely Vulnerable to HackingGrok 3 poses serious cybersecurity risks due to its susceptibility to jailbreaks and a new prompt-leaking flaw.
Chinese snoops spotted on end-of-life Juniper routersChinese spies exploited vulnerabilities in Juniper Networks routers to gain root access and deploy backdoors.
CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV ListCISA added five critical vulnerabilities to its KEV catalog, highlighting active exploitation threats.Immediate patch application required by March 31, 2025, for federal agencies.
PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce SectorsA malicious campaign has been targeting Japanese organizations, exploiting CVE-2024-4577 and using Cobalt Strike for persistent access.
GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover AttacksHigh-severity security flaws in ruby-saml library could allow authentication bypass.Updating to versions 1.12.4 and 1.18.0 is essential for security.
Open source software vulnerabilities found in 86% of codebasesOpen source software vulnerabilities are widespread in codebases, with 86% of applications demonstrating vulnerabilities, highlighting the need for better dependency management.
Symbiotic improves code security with updated IDE extensionSymbiotic Security integrates security into the coding process, providing real-time insights for developers.
Critical Ingress NGINX Controller Vulnerability Allows RCE Without AuthenticationCritical vulnerabilities in Ingress NGINX Controller expose 6,500 Kubernetes clusters to remote code execution risks.
GitHub Brings Together Security, Developers to Fix Code Flaws - DevOps.comGitHub is enhancing security for developers by linking them with experts to address vulnerabilities in code before they reach production.
Businesses are taking their eye off the ball with vulnerability patchingOrganizations are overconfident in their security posture, neglecting vulnerability patching, especially regarding AI applications.
GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover AttacksHigh-severity security flaws in ruby-saml library could allow authentication bypass.Updating to versions 1.12.4 and 1.18.0 is essential for security.
Open source software vulnerabilities found in 86% of codebasesOpen source software vulnerabilities are widespread in codebases, with 86% of applications demonstrating vulnerabilities, highlighting the need for better dependency management.
Symbiotic improves code security with updated IDE extensionSymbiotic Security integrates security into the coding process, providing real-time insights for developers.
Critical Ingress NGINX Controller Vulnerability Allows RCE Without AuthenticationCritical vulnerabilities in Ingress NGINX Controller expose 6,500 Kubernetes clusters to remote code execution risks.
GitHub Brings Together Security, Developers to Fix Code Flaws - DevOps.comGitHub is enhancing security for developers by linking them with experts to address vulnerabilities in code before they reach production.
Businesses are taking their eye off the ball with vulnerability patchingOrganizations are overconfident in their security posture, neglecting vulnerability patching, especially regarding AI applications.
Report: Bulk of Application Vulnerabilities Don't Require Immediate Attention - DevOps.comMost security alerts are informational, with only a small fraction needing immediate attention.Context-based prioritization can drastically reduce the number of alerts developers need to address.Many critical vulnerabilities are either minimally exploitable or related to dependencies, making remediation difficult.The use of AI in coding is contributing to developers ignoring security alerts.
AI is making the software supply chain more perilous than everThe JFrog report highlights security risks in the software supply chain, detailing threats from vulnerabilities, malicious packages, exposed secrets, and human error.
Black Duck Analysis Surfaces Raft of Open Source Software Vulnerabilities in Code Bases - DevOps.comA significant majority of commercial codebases contain high-risk open-source vulnerabilities; proactive testing is crucial for software security.
API Hacking for SQAs: A Starter's Proof of Concept | HackerNoonAPI testing needs to go beyond traditional validation to include security testing to address critical vulnerabilities.
Black Duck Analysis Surfaces Raft of Open Source Software Vulnerabilities in Code Bases - DevOps.comA significant majority of commercial codebases contain high-risk open-source vulnerabilities; proactive testing is crucial for software security.
API Hacking for SQAs: A Starter's Proof of Concept | HackerNoonAPI testing needs to go beyond traditional validation to include security testing to address critical vulnerabilities.
Researchers Propose a Better Way to Report Dangerous AI FlawsAI researchers discovered a glitch in GPT-3.5 that led to incoherent output and exposure of personal information.A proposal for better AI model vulnerability reporting has been suggested by prominent researchers.
Ivanti Patches Critical Flaws in Connect Secure and Policy Secure - Update NowIvanti has issued security updates for multiple products to prevent exploitation of critical vulnerabilities that could lead to arbitrary code execution.
Update your iPhone NOW: Apple releases iOS 18.3 with security fixesUpdate iPhones to iOS 18.3 immediately to protect against serious security vulnerabilities, including those being actively exploited by hackers.
Node.js CVE Security Release: What You Need to KnowNode.js is releasing critical security updates and CVEs for unsupported versions to encourage developers to upgrade.
Ivanti Patches Critical Flaws in Connect Secure and Policy Secure - Update NowIvanti has issued security updates for multiple products to prevent exploitation of critical vulnerabilities that could lead to arbitrary code execution.
Update your iPhone NOW: Apple releases iOS 18.3 with security fixesUpdate iPhones to iOS 18.3 immediately to protect against serious security vulnerabilities, including those being actively exploited by hackers.
Node.js CVE Security Release: What You Need to KnowNode.js is releasing critical security updates and CVEs for unsupported versions to encourage developers to upgrade.
Microsoft AI Red Team says security work will never be doneAI security is a continuous challenge as generative models amplify existing risks.Understanding the specific capabilities and applications of AI systems is critical for effective security.