CrushFTP Exploitation Continues Amid Disclosure Dispute
Attacks on a critical authentication bypass flaw in CrushFTP’s file transfer product continue this week after duplicate CVEs sparked confusion.
-
-
Tariffs May Prompt Increase in Global Cyberattacks
Cybersecurity and policy experts worry that if tariffs give way to a global recession, organizations will reduce their spending on cybersecurity.
-
Oracle Appears to Admit Breach of 2 ‘Obsolete’ Servers
The database company said its Oracle Cloud Infrastructure (OCI) was not involved in the breach. And at least one law firm seeking damages is already on the case.
-
Industrial-strength April Patch Tuesday covers 135 CVEs
One actively exploited issue patched; five Critical-severity Office vulns exploitable via Preview Pane
-
China-Linked Hackers Continue Harassing Ethnic Groups With Spyware
Threat actors are trolling online forums and spreading malicious apps to target Uyghurs, Taiwanese, Tibetans, and other individuals aligned with interests that China sees as a threat to its authority.
-
Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages
Lovable, a generative artificial intelligence (AI) powered platform that allows for creating full-stack web applications using text-based prompts, has been found to be the most susceptible to jailbreak attacks, allowing novice and aspiring cybercrooks to set up lookalike credential harvesting pages. “As a purpose-built tool for creating and deploying web apps, its capabilities line up…
-
Using Post-Quantum Planning to Improve Security Hygiene
With careful planning, the transition to post-quantum cryptography can significantly improve security and risk management for the present and future.
-
New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner
A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware codenamed TCESB. “Previously unseen in ToddyCat attacks, [TCESB] is designed to stealthily execute payloads in circumvention of protection and monitoring tools installed on the device,” Kaspersky said…
-
Explosive Growth of Non-Human Identities Creating Massive Security Blind Spots
GitGuardian’s State of Secrets Sprawl report for 2025 reveals the alarming scale of secrets exposure in modern software environments. Driving this is the rapid growth of non-human identities (NHIs), which have been outnumbering human users for years. We need to get ahead of it and prepare security measures and governance for these machine identities as…
-
PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware
Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets. “The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish…