Generative AI Exacerbates Software Supply Chain Risks darkreadingGeorgianna Shea, Elaine Ly
June 25, 2025

Malicious actors are exploiting AI-fabricated software components — presenting a major challenge for securing software supply chains. Malicious actors are exploiting AI-fabricated software components — presenting a major challenge for securing …


Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure The Hacker [email protected] (The Hacker News)
June 25, 2025

Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information …


XOR Marks the Flaw in SAP GUI darkreadingJai Vijayan, Contributing Writer
June 25, 2025

The company has patched two vulnerabilities in its Graphical User Interface that would have allowed attackers to grab data from a user's input history feature. The company has patched two vulnerabilities …


CISA Adds Three Known Exploited Vulnerabilities to Catalog AlertsCISA
June 25, 2025

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-54085 AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability CVE-2024-0769 D-Link DIR-859 Router Path …


Pro-Iranian Hacktivist Group Leaks Personal Records from the 2024 Saudi Games The Hacker [email protected] (The Hacker News)
June 25, 2025

Thousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a pro-Iranian hacktivist group called Cyber Fattah. Cybersecurity company Resecurity said the …


Beware the Hidden Risk in Your Entra Environment The Hacker [email protected] (The Hacker News)
June 25, 2025

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra’s subscription handling is …


SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks The Hacker [email protected] (The Hacker News)
June 25, 2025

Unknown threat actors have been distributing a trojanized version of SonicWall's SSL VPN NetExtender application to steal credentials from unsuspecting users who may have installed it. "NetExtender enables remote users to …


North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages The Hacker [email protected] (The Hacker News)
June 25, 2025

Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea. According to Socket, the ongoing supply chain attack involves …


Africa Sees Surge in Cybercrime as Law Enforcement Struggles darkreadingRobert Lemos, Contributing Writer
June 24, 2025

Cybercrime accounts for more than 30% of all reported crime in East Africa and West Africa, with online scams, ransomware, business email compromise, and digital sextortion taking off. Cybercrime accounts for …


Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options The Hacker [email protected] (The Hacker News)
June 24, 2025

Microsoft on Tuesday announced that it's extending Windows 10 Extended Security Updates (ESU) for an extra year by letting users either pay a small fee of $30 or by sync …