Latest news as of 5/14/2025, 6:46:34 AM
The Hacker News
Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access. The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities - CVE-2024-58136 (CVSS score: 9.0) - An improper protection of alternate path flaw in the Yii PHP
The Register
Redmond reckons $1.50/core/month hotpatch service is worth it to avoid eight Patch Tuesday scrambles each year Microsoft has announced that its preview of hotpatching for on-prem Windows Server 2025 will become a paid subscription service in July.…
The Register
PLUS: Microsoft fixes messes China used to attack it; Mitre adds ESXi advice; Employee-tracking screenshots leak; and more! Samsung has warned that some of its Galaxy devices store passwords in plaintext.… Infosec in brief
Bleeping Computer
A large-scale phishing campaign targets WooCommerce users with a fake security alert urging them to download a "critical patch" that adds a Wordpress backdoor to the site. [...]
Bleeping Computer
The ransomware scene is re-organizing, with one gang known as DragonForce working to gather other operations under a cartel-like structure. [...]
Bleeping Computer
Brave has open-sourceed a new tool called "Cookiecrumbler," which uses large language models (LLMs) to detect cookie consent notices and then community-driven reviews to block those that won't break site functionality. [...]
Bleeping Computer
Coinbase has fixed a confusing bug in its account activity logs that caused users to think their credentials were compromised. [...]
The Hacker News
Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year. "The attack involves the use of AzureChecker.exe, a Command Line Interface (CLI) tool that is being used by a wide range of threat actors," the Microsoft Threat Intelligence team said in an analysis. The tech giant noted that
The Hacker News
Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS. The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN). "LAGTOY can be
The Register
Infosec is a team sport … unless you're in the White House Just when it seems they couldn't be that careless, US officials tasked with defending the nation go and do something else that puts American critical infrastructure, national security, and troops' lives in danger.… Opinion