Microsoft primes 71 fixes for May Patch Tuesday
Five issues actively exploited in the wild, but the real excitement may have been handled in advance
Five issues actively exploited in the wild, but the real excitement may have been handled in advance
Related
An 18-Year-Old Codebase Left Smart Buildings Wide Open
Researcher Gjoko Krstic’s “Project Brainfog” exposed hundreds of zero-day vulnerabilities in building-automation systems still running hospitals, schools, and offices worldwide.
NICKEL TAPESTRY expands fraudulent worker operations
The North Korean IT worker scheme grows to include organizations in Europe and Asia and industries beyond the technology sector
Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks
CrowdStrike on Monday said it’s attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it tracks as Graceful Spider (aka Cl0p), and that the first known exploitation occurred on August 9, 2025. The exploitation involves the exploitation of CVE-2025-61882 (CVSS score: 9.8), a critical…
Webinar: Learn How to Identify High-Risk Identity Gaps and Slash Security Debt in 2025
In today’s rapidly evolving digital landscape, weak identity security isn’t just a flaw—it’s a major risk that can expose your business to breaches and costly downtime. Many organizations are overwhelmed by an excess of user identities and aging systems, making them vulnerable to attacks. Without a strategic plan, these security gaps can quickly turn into…
WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors
Cybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a “critical patch” but deploy a backdoor instead. WordPress security company Patchstack described the activity as sophisticated and a variant of another campaign observed in December 2023 that employed a fake CVE ploy to…