Apr 28, 2025Ravie LakshmananCybersecurity / Hacking News What happens when cybercriminals no longer need deep skills to breach your defenses? Today's attackers are armed with powerful tools that do the heavy lifting — from AI-powered phishing kits to large botnets ready to strike. And they're not just after big corporations. Anyone can be a target when fake identities, … [Read more...] about Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More
Critical
CrowdStrike Falcon Privileged Access Secures Critical Hybrid Identity Environments
CrowdStrike is excited to announce CrowdStrike Falcon Privileged Access, a new offering within CrowdStrike Falcon® Identity Protection that uses high-fidelity risk signals to provide just-in-time access to organizations’ critical permissions and resources. Adversaries know valid credentials unlock access to data, infrastructure, and capabilities. Nearly 80% of attacks to … [Read more...] about CrowdStrike Falcon Privileged Access Secures Critical Hybrid Identity Environments
Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw
Apr 08, 2025Ravie LakshmananNetwork Security / Vulnerability Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a CVSS score of 9.3 out of a maximum of 10.0. "An unverified password change vulnerability … [Read more...] about Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw
Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA
Mar 28, 2025Ravie LakshmananOperational Technology / Vulnerability Cybersecurity researchers have disclosed 46 new security flaws in products from three solar inverter vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids. The vulnerabilities have been … [Read more...] about Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA
Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
Mar 24, 2025Ravie LakshmananVulnerability / Cloud Security A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities (CVE-2025-24513, … [Read more...] about Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools
Mar 21, 2025Ravie LakshmananThreat Hunting / Vulnerability Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. "UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to … [Read more...] about UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools
Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
Mar 06, 2025Ravie LakshmananData Security / Software Security Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. The vulnerability, tracked as CVE-2025-25012, carries a CVSS score of 9.9 out of a maximum of 10.0. It has been … [Read more...] about Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors
Jan 31, 2025Ravie LakshmananVulnerability / Healthcare The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a … [Read more...] about CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
Jan 17, 2025Ravie LakshmananFirmware Security / Vulnerability Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a variety of networking … [Read more...] about Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation
Critical Evolution of Cloud Detection and Response
When Conventional Security Meets Modern Cloud Threats As organizations face these cross-domain attacks, the inability to connect cloud context with detection and alerting is reaching its breaking point. Most organizations begin their cloud security journey focused on visibility through CNAPP solutions. CNAPP identifies misconfigurations, excessive permissions and … [Read more...] about Critical Evolution of Cloud Detection and Response