New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy The Hacker [email protected] (The Hacker News)
May 14, 2025

Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, …


ISC Stormcast For Thursday, May 15th, 2025 https://isc.sans.edu/podcastdetail/9452, (Thu, May 15th) SANS Internet Storm Center, InfoCON: green
May 14, 2025

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.  ​Read More


Web Scanning SonicWall for CVE-2021-20016 – Update, (Wed, May 14th) SANS Internet Storm Center, InfoCON: green
May 14, 2025

I published on the 29 Apr 2025 a diary [1] on scanning activity looking for SonicWall and since this publication this activity has grown 10-fold. Over the past 14 days, …


Infosec Layoffs Aren’t the Bargain that Boards May Think darkreadingBecky Bracken
May 14, 2025

Salary savings come with hidden costs, including insider threats and depleted cybersecurity defenses, conveying advantages to skilled adversaries, experts argue. Salary savings come with hidden costs, including insider threats and depleted …


AI Agents May Have a Memory Problem darkreadingJai Vijayan, Contributing Writer
May 14, 2025

A new study by researchers at Princeton University and Sentient shows it's surprisingly easy to trigger malicious behavior from AI agents by implanting fake "memories" into the data they rely …


Ivanti EPMM Zero-Day Flaws Exploited in Chained Attack darkreadingRob Wright
May 14, 2025

The security software maker said the vulnerabilities in Endpoint Manager Mobile have been exploited in the wild against "a very limited number of customers" — for now — and stem …


Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit The Hacker [email protected] (The Hacker News)
May 14, 2025

Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-4632 (CVSS score: 9.8), …


BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan The Hacker [email protected] (The Hacker News)
May 14, 2025

At least two different cybercrime groups BianLian and RansomExx are said to have exploited a recently disclosed security flaw in SAP NetWeaver, indicating that multiple threat actors are taking advantage …


Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering The Hacker [email protected] (The Hacker News)
May 14, 2025

A Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it the second major black market to be exposed after HuiOne …


Marks & Spencer Confirms Customer Data Stolen in Cyberattack darkreadingKristina Beek, Associate Editor, Dark Reading
May 14, 2025

The British retailer said no account passwords were compromised in last month's cyberattack, but the company will require customers to reset passwords "for extra peace of mind." The British retailer said …