Security Week
Enhanced Version of ‘BPFDoor’ Linux Backdoor Seen in the Wild
In recent attacks, the state-sponsored backdoor BPFDoor is using a controller to open a reverse shell and move laterally.
The post Enhanced Version of ‘BPFDoor’ Linux Backdoor Seen in the Wild appeared first on SecurityWeek.
Critical Vulnerability Found in Apache Roller Blog Server
A critical vulnerability in Apache Roller could be used to maintain persistent access by reusing older sessions even after password changes.
The post Critical Vulnerability Found in Apache Roller Blog Server appeared first on SecurityWeek.
Microsoft Warns of Node.js Abuse for Malware Delivery
In the past months Microsoft has seen multiple campaigns involving Node.js to deliver malware and other malicious payloads.
The post Microsoft Warns of Node.js Abuse for Malware Delivery appeared first on SecurityWeek.
Chrome 135, Firefox 137 Updates Patch Severe Vulnerabilities
Chrome 135 and Firefox 137 updates have been rolled out with patches for critical- and high-severity vulnerabilities.
The post Chrome 135, Firefox 137 Updates Patch Severe Vulnerabilities appeared first on SecurityWeek.
Oracle Patches 180 Vulnerabilities With April 2025 CPU
Oracle’s April 2025 Critical Patch Update contains 378 security patches that resolve approximately 180 unique CVEs.
The post Oracle Patches 180 Vulnerabilities With April 2025 CPU appeared first on SecurityWeek.
Internet Giants Agree to Reduce TLS Certificate Lifespan to 47 Days by 2029
Major companies have agreed to gradually reduce the lifetime of TLS certificates over the next few years.
The post Internet Giants Agree to Reduce TLS Certificate Lifespan to 47 Days by 2029 appeared first on SecurityWeek.
MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty
MITRE warns of a deterioration of national vulnerability databases and advisories, slowed vendor reaction and limited response operations.
The post MITRE Warns CVE Program Faces Disruption Amid US Funding Uncertainty appeared first on SecurityWeek.
Virtue AI Attracts $30M Investment to Address Critical AI Deployment Risks
San Francisco startup banks $30 million in Seed and Series A funding led by Lightspeed Venture Partners and Walden Catalyst Ventures.
The post Virtue AI Attracts $30M Investment to Address Critical AI Deployment Risks appeared first on SecurityWeek.
Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers
Lemonade says the incident is not material and that its operations were not compromised, nor was its customer data targeted.
The post Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers appeared first on SecurityWeek.
Kidney Dialysis Services Provider DaVita Hit by Ransomware
DaVita has not named the ransomware group behind the incident or share details on the attacker’s ransom demands.
The post Kidney Dialysis Services Provider DaVita Hit by Ransomware appeared first on SecurityWeek.
Conduent Says Names, Social Security Numbers Stolen in Cyberattack
The business services provider confirms personal information such as names and Social Security numbers was stolen in a January cyberattack.
The post Conduent Says Names, Social Security Numbers Stolen in Cyberattack appeared first on SecurityWeek.
2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches
In fresh filings, Landmark Admin and Young Consulting say data breaches back in 2024 impacted more people than initially estimated.
The post 2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches appeared first on SecurityWeek.
China Pursuing 3 Alleged US Operatives Over Cyberattacks During Asian Games
China accuses three alleged U.S. NSA operatives of cyberattacks targeting critical infrastructure and the Asian Games in Harbin.
The post China Pursuing 3 Alleged US Operatives Over Cyberattacks During Asian Games appeared first on SecurityWeek.
Blockchain, Quantum, and IoT Firms Unite to Secure Satellite Communications Against Quantum Threats
Partisia, Squareroot8, and NuSpace join forces in a global partnership to advance quantum-safe communications.
The post Blockchain, Quantum, and IoT Firms Unite to Secure Satellite Communications Against Quantum Threats appeared first on SecurityWeek.
NetRise Raises $10 Million to Grow Software Supply Chain Security Platform
The funding round brings the total amount raised by the NetRise to roughly $25 million.
The post NetRise Raises $10 Million to Grow Software Supply Chain Security Platform appeared first on SecurityWeek.
Hertz Discloses Data Breach Linked to Cleo Hack
Customers of the Hertz, Thrifty, and Dollar brands had their personal information stolen as a result of the Cleo hack last year.
The post Hertz Discloses Data Breach Linked to Cleo Hack appeared first on SecurityWeek.
CISO Conversations: Maarten Van Horenbeeck, SVP & Chief Security officer at Adobe
Van Horenbeeck's career spans some of the biggest companies in tech: Verizon, Microsoft, Google, Amazon, Zendesk, and now SVP and CSO at Adobe.
The post CISO Conversations: Maarten Van Horenbeeck, SVP & Chief Security officer at Adobe appeared first on SecurityWeek.
Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities
The flaw, tagged as CVE-2025-30406, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog in early April.
The post Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities appeared first on SecurityWeek.
Trend Micro Flags Incomplete Nvidia Patch That Leaves AI Containers Exposed
Trend Micro researchers flagging problems with Nvidia’s patch for a critical, code execution vulnerability in the Nvidia Container Toolkit.
The post Trend Micro Flags Incomplete Nvidia Patch That Leaves AI Containers Exposed appeared first on SecurityWeek.
Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit
A threat actor claims to offer a zero-day exploit for an unauthenticated remote code execution vulnerability in Fortinet firewalls.
The post Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit appeared first on SecurityWeek.