Newest stories

AI and the Future of Cybersecurity Work by Sohrob Kazerounian
2025-11-07T00:00:00Z

In recent years, new studies and institutes have emerged to explore which future jobs will stay huma...

https://www.vectra.ai/blog/ai-and-the-future-of-cybersecurity-work
Commvault Command Center: unauthenticated RCE
2025-04-26T02:00:12Z

Classification: Important, Solution: Official Fix, Exploit Maturity: Functional, CVSSv3.1: 10.0, CVE...

https://documentation.commvault.com/securityadvisories/CV_2025_04_1.html
Quantum StorNext GUI: Multiple security vulnerabilities
2025-04-26T02:00:11Z

Classification: Important, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.9, CVE...

https://www.quantum.com/en/service-support/security-bulletins/stornext-gui-multiple-security-vulnerabilities-stornext-gui-multiple-security-vulnerabilities/
An AI-generated radio host in Australia went unnoticed for months
2025-04-26T02:00:10Z

For months, a popular Australian radio station has used an AI-generated DJ to host one of its segmen...

https://www.theverge.com/news/656245/australian-radio-station-ai-dj-workdays-with-thy
SAP NetWeaver Visual Composer development server: Missing authorization check
2025-04-26T02:00:10Z

Classification: Critical, Solution: Not Defined, Exploit Maturity: Not Defined, CVSSv3.1: 10.0, CVEs...

https://nvd.nist.gov/vuln/detail/CVE-2025-31324
Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors
2025-04-26T02:00:09Z

An APT group dubbed Earth Kurma is actively targeting government and telecommunications organization...

https://www.trendmicro.com/en_us/research/25/d/earth-kurma-apt-campaign.html
React Router: Pre-render data spoofing on React-Router framework mode
2025-04-26T02:00:09Z

Classification: Severe, Solution: Official Fix, Exploit Maturity: Proof-of-Concept, CVSSv3.1: 8.2, C...

https://github.com/remix-run/react-router/security/advisories/GHSA-cpj6-fhp6-mr6j
Gig-Work Platforms at Risk for Data Breaches, Fraud, Account Takeovers
2025-04-26T02:00:08Z

Gig-work platforms have become household names, providing everything from meal and grocery delivery ...

https://www.darkreading.com/remote-workforce/gig-worker-platforms-data-breach-fraud
h11 accepts some malformed Chunked-Encoding bodies
2025-04-26T02:00:08Z

Classification: Low, Solution: Official Fix, Exploit Maturity: Proof-of-Concept, CVSSv3.1: 9.1, CVEs...

https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj
FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches
2025-04-26T02:00:07Z

On Thursday, the FBI issued a public service announcement seeking tips that could help identify and ...

https://www.bleepingcomputer.com/news/security/fbi-seeks-help-to-unmask-salt-typhoon-hackers-behind-telecom-breaches/
Moodle: authenticated RCE vulnerabilities
2025-04-26T02:00:07Z

Classification: Important, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 8.8, CVE...

https://nvd.nist.gov/vuln/detail/CVE-2025-3641
Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member
2025-04-26T02:00:06Z

What next for US-bankrolled vulnerability tracker? It's edging closer to a more independent, global ...

https://www.theregister.com/2025/04/25/cve_board_funding/
Craft CMS: code injection RCE vulnerability
2025-04-26T02:00:06Z

Classification: Severe, Solution: Official Fix, Exploit Maturity: Functional, CVSSv3.1: 9.8, CVEs: C...

https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3
Various GPT services are vulnerable to "Inception" jailbreak, allows for bypass of safety guardrails
2025-04-26T02:00:05Z

Two systemic jailbreaks, affecting a number of generative AI services, were discovered. These jailbr...

https://kb.cert.org/vuls/id/667211
ConnectWise ScreenConnect 25.2.4 Security Patch
2025-04-26T02:00:05Z

Classification: Important, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 8.1, CVE...

https://www.connectwise.com/company/trust/security-bulletins/screenconnect-security-patch-2025.4
More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans
2025-04-26T02:00:04Z

Ivanti VPN users should stay alert as IP scanning for the vendor's Connect Secure and Pulse Secure s...

https://www.theregister.com/2025/04/25/more_ivanti_attacks_may_be/
SonicOS SSLVPN NULL Pointer Dereference Denial-of-Service (DoS) Vulnerability
2025-04-26T02:00:04Z

Classification: Severe, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.0: 7.5, CVEs: ...

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0009
Marks & Spencer pauses online shopping following cyberattack
2025-04-26T02:00:03Z

British retailer Marks & Spencer (M&S) announced on Friday it is pausing all online shopping...

https://therecord.media/marks-spencer-cyber-pauses-sales
Signalgate lessons learned: If creating a culture of security is the goal, America is screwed
2025-04-25T23:58:09Z

Infosec is a team sport unless you're in the White House OpinionĀ  Just when it seems they couldn't ...

https://go.theregister.com/feed/www.theregister.com/2025/04/25/signalgate_lessons_learned_if_creating/
Daily Dose of Dark Web Informer - 25th of April 2025
2025-04-25T23:21:06Z

This daily article is intended to make it easier for those who want to stay updated with my regular ...

https://darkwebinformer.com/daily-dose-of-dark-web-informer-25th-of-april-2025/