CISA has added a Craft CMS flaw tracked as CVE-2025-23209 to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Warns of Attacks Exploiting Craft CMS Vulnerability appeared first on SecurityWeek.
Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls
Palo Alto Networks is warning customers that a second vulnerability patched in February is being exploited in attacks.
The post Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls appeared first on SecurityWeek.
Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines
China-linked cyberespionage toolkits are popping up in ransomware attacks, forcing defenders to rethink how they combat state-backed hackers.
The post Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines appeared first on SecurityWeek.
Mining Company NioCorp Loses $500,000 in BEC Hack
NioCorp Developments has informed the SEC that it lost $0.5 million after its systems were compromised.
The post Mining Company NioCorp Loses $500,000 in BEC Hack appeared first on SecurityWeek.
AI Can Supercharge Productivity, But We Still Need a Human-in-the-Loop
AI systems can sometimes struggle with complex or nuanced situations, so human intervention can help identify and address potential issues that algorithms might not.
The post AI Can Supercharge Productivity, But We Still Need a Human-in-the-Loop appeared first on SecurityWeek.
Atlassian Patches Critical Vulnerabilities in Confluence, Crowd
Atlassian has released patches for 12 critical- and high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd, and Jira.
The post Atlassian Patches Critical Vulnerabilities in Confluence, Crowd appeared first on SecurityWeek.
CISA, FBI Warn of China-Linked Ghost Ransomware Attacks
CISA and the FBI warn organizations of attacks employing the Ghost (Cring) ransomware, operated by Chinese hackers.
The post CISA, FBI Warn of China-Linked Ghost Ransomware Attacks appeared first on SecurityWeek.
PoC Exploit Published for Critical Ivanti EPM Vulnerabilities
Proof-of-concept (PoC) code and technical details on four critical-severity Ivanti EPM vulnerabilities are now available.
The post PoC Exploit Published for Critical Ivanti EPM Vulnerabilities appeared first on SecurityWeek.
US Military Health Provider HNFS Pays $11M in Settlement Over Cybersecurity Failures
US military health benefits program administrator HNFS to pay $11 million in settlement over its false claims of cybersecurity compliance.
The post US Military Health Provider HNFS Pays $11M in Settlement Over Cybersecurity Failures appeared first on SecurityWeek.
Microsoft Patches Exploited Power Pages Vulnerability
Microsoft has patched CVE-2025-24989, a Power Pages privilege escalation vulnerability that has been exploited in attacks.
The post Microsoft Patches Exploited Power Pages Vulnerability appeared first on SecurityWeek.
