Harmonic Security Raises $17.5M Series A to Accelerate Zero-Touch Data Protection to Market

Blog

Byadmblake March 28, 2025

Post Content

Blog

Hacked Routers Linger on the Internet for Years, Data Shows

While trawling Internet scan data for signs of compromised infrastructure, researchers found that asset owners may not know for years their devices had been hacked.

Read More Hacked Routers Linger on the Internet for Years, Data Shows
Blog

Privilege Escalation Issue in Amazon ECS Leads to IAM Hijacking

A software developer discovered a way to abuse an undocumented protocol in Amazon’s Elastic Container Service to escalate privileges, cross boundaries and gain access to other cloud resources.

Read More Privilege Escalation Issue in Amazon ECS Leads to IAM Hijacking
Blog

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems. The malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set up persistence, tamper with local configuration files, and scan for operational technology (OT)-relevant services on the local subnet.

Read More Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems
Blog

Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes

Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk. The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for

Read More Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
Blog

DarkSword iOS Exploit Chain

What is the Attack? Researchers from Google Threat Intelligence Group identified DarkSword, a sophisticated full-chain iOS exploit framework actively used by multiple surveillance vendors and suspected state-sponsored actors. Observed since at least November 2025, the exploit has been deployed in targeted campaigns across Saudi Arabia, Turkey, Malaysia, and Ukraine, enabling silent compromise of iOS devices…

Read More DarkSword iOS Exploit Chain
Blog

Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication

Veeam has released security updates to address multiple flaws in its Backup & Replication software, including a “critical” issue that could result in remote code execution (RCE). The vulnerability, tracked as CVE-2025-59470, carries a CVSS score of 9.0. “This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres…

Read More Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication

Related