critical
-
Blog
Victoria’s Secret restores critical systems after cyberattack
Victoria’s Secret has restored all critical systems impacted by a May 24 security incident that forced it to shut down corporate systems and the e-commerce website. The company operates around 1,380 retail stores in nearly 70 countries and has reported net sales of $1.353 billion for the first quarter of 2025, with a forecasted net sales range of up to…
Read More » -
Blog
Trend Micro fixes critical vulnerabilities in multiple products
Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. The security vendor underlines that it has seen no evidence of active exploitation in the wild for any of them. However, immediate application of the security updates is recommended to address the…
Read More » -
Blog
Why hands-on learning is critical for IT – Computerworld
Street smarts vs book smarts Recently one of our expert contributors opined that the act of writing helps to make an IT leader stronger, arguing that writing is a leadership superpower. According to CIO.com writing conquers cognitive limits, clarifies complex thoughts and stress-tests ideas for a decisive strategic advantage. This piqued the interest of readers of CIO, who were…
Read More » -
Blog
Critical Fortinet flaws now exploited in Qilin ransomware attacks
The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. Qilin (also tracked as Phantom Mantis) surfaced in August 2022 as a Ransomware-as-a-Service (RaaS) operation under the “Agenda” name and has since claimed responsibility for over 310 victims on its dark web leak site. Its victim…
Read More » -
Blog
New PathWiper data wiper malware hits critical infrastructure in Ukraine
A new data wiper malware named ‘PathWiper’ is being used in targeted attacks against critical infrastructure in Ukraine, aimed at disrupting operations in the country. The payload was deployed through a legitimate endpoint administration tool, indicating that attackers had achieved administrative access to the system through a prior compromise. Cisco Talos researchers who discovered the attack attributed it with high…
Read More » -
Blog
Cisco patches critical flaw affecting Identity Services Engine
Cisco has issued patches for three vulnerabilities affecting its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) services. The three flaws, tracked as CVE-2025-20286, CVE-2025-20130, and CVE-2025-20129, included critical vulnerability with a rating of 9.9/10 which also included a public proof of concept exploit. Highest on the list priorities for customers was CVE-2025-20286, which was detailed as a ‘static…
Read More » -
Blog
Play ransomware breached 900 victims, including critical orgs
In an update to a joint advisory with CISA and the Australian Cyber Security Centre, the FBI said that the Play ransomware gang had breached roughly 900 organizations as of May 2025, three times the number of victims reported in October 2023. “Since June 2022, the Play (also known as Playcrypt) ransomware group has impacted a wide range of businesses…
Read More » -
Blog
Hewlett Packard Enterprise warns of critical StoreOnce auth bypass
Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution. Among the flaws fixed this time is a critical severity (CVSS v3.1 score: 9.8) authentication bypass vulnerability tracked under CVE-2025-37093, three remote code execution bugs, two directory traversal problems, and a server-side request forgery issue. The flaws impact…
Read More » -
Blog
Update Google Chrome ASAP to Fix a Critical Vulnerability
If you use Google Chrome, you need to update your browser right now. Google just released an emergency patch for a three security vulnerabilities, one of which is a zero-day that has been actively exploited. Zero-days are high-severity flaws that are either actively exploited in the wild or publicly disclosed before the developer pushes an update to fix the vulnerability.…
Read More » -
Blog
Hackers are exploiting critical flaw in vBulletin forum software
Two critical vulnerabilities affecting the open-source forum software vBulletin have been discovered, with one confirmed to be actively exploited in the wild. The flaws, tracked under CVE-2025-48827 and CVE-2025-48828, and rated critical (CVSS v3 score: 10.0 and 9.0 respectively), are an API method invocation and a remote code execution (RCE) via template engine abuse flaws. They impact vBulletin versions 5.0.0…
Read More »