critical
-
Blog
Critical Cisco Smart Licensing Utility flaws now exploited in attacks
Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. The CSLU Windows application allows admins to manage licenses and linked products on-premises without connecting them to Cisco’s cloud-based Smart Software Manager solution. Cisco patched this security flaw (tracked as CVE-2024-20439) in September, describing it as “an undocumented static user…
Read More » -
Blog
Critical RCE flaw in Apache Tomcat actively exploited in attacks
A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. Hackers are reportedly leveraging proof-of-concept (PoC) exploits that were published on GitHub just 30 hours after the flaw was disclosed last week. The malicious activity was confirmed by Wallarm security…
Read More » -
Blog
GitLab patches critical authentication bypass vulnerabilities
GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. All flaws were addressed in GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2, while all versions before those are vulnerable. GitLab.com is already patched, and GitLab Dedicated customers will be updated automatically, but users who maintain…
Read More » -
Blog
CISA issues warning over Medusa ransomware after 300 victims from critical sectors impacted
CISA has issued an alert over ongoing activity linked to the Medusa ransomware as a service (RaaS) group, warning it has impacted hundreds of critical organizations. The agency issued a joint advisory alongside the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC), stating that as of February 2025 Medusa developers and affiliates had hit over 300 victims in…
Read More » -
Blog
Medusa ransomware hit over 300 critical infrastructure orgs
CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month. This was revealed in a joint advisory issued today in coordination with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). “As of February 2025, Medusa developers and affiliates have impacted over…
Read More » -
Blog
Swiss critical sector faces new 24-hour cyberattack reporting rule
Switzerland’s National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery. According to the NCSC announcement, this new requirement is introduced as a response to the increasing number of cybersecurity incidents and their impact on the country. Examples of…
Read More » -
Blog
Critical Zero-Day Vulnerabilities Found in These VMware Products
Broadcom has patched three actively exploited zero-day vulnerabilities in VMware ESXi, Workstation, and Fusion, discovered by Microsoft’s Threat Intelligence Center. The flaws, which were being leveraged in real-world attacks at the time of discovery, could allow attackers with administrator or root access to a virtual machine to breach the underlying hypervisor, potentially exposing all connected VMs and sensitive data. How…
Read More » -
Blog
US charges Chinese hackers linked to critical infrastructure breaches
The US Justice Department has charged Chinese state security officers along with APT27 and i-Soon hackers for network breaches and cyberattacks that have targeted victims globally since 2011. Their victim list includes US federal and state government agencies, foreign ministries of multiple governments in Asia, U.S.-based dissidents, as well as a prominent religious organization in the United States. “These malicious…
Read More » -
Blog
Why supply chain oversight is critical for business
All businesses, from the smallest ventures to the largest enterprises, have supply chains and a need for supply chain oversight. Whether it’s the raw materials made into the product you sell, or the office equipment and software you procure for your service-based business, you’ll always have dependencies and a need to maintain oversight over your personal supply chain. In any…
Read More » -
Blog
Microsoft says AI tools such as Copilot or ChatGPT are affecting critical thinking at work – staff using the technology encounter ‘long-term reliance and diminished independent problem-solving’
Using generative AI at work may impact the critical thinking skills of employees — and that’s according to Microsoft. Researchers at Microsoft and Carnegie Mellon University surveyed 319 knowledge workers in an attempt to study the impact of generative AI at work, raising concerns about what the rise of the technology means for our brains. Concerns about the negative impact…
Read More »