Embattled IT software vendor Ivanti on Wednesday raised an alarm for a pair of remotely exploitable vulnerabilities in its enterprise-facing products and warned that one of the bugs has already been exploited in the wild. The high-severity vulnerabilities, tagged as CVE-2025-0282 and CVE-2025-0283, allow unauthenticated remote attackers to launch code execution and privilege escalation attacks. […]

Following the arrest of its CEO last summer, Telegram has been increasingly sharing user data at the request of authorities, according to data collected by researchers.  French authorities arrested Telegram CEO Pavel Durov, a dual citizen of France and Russia, in August 2024 as part of an investigation into criminal activities facilitated by the privacy-focused […]

Japan on Wednesday linked more than 200 cyberattacks over the past five years targeting the country’s national security and high technology data to a Chinese hacking group, MirrorFace, detailing their tactics and calling on government agencies and businesses to reinforce preventive measures. The National Police Agency said its analysis on the targets, methods and infrastructure […]

In recent years, tighter security budgets and macroeconomic headwinds have created a need to optimize security spend. In this fiscal environment, security teams find themselves being asked to identify areas in which spend can be optimized. In other words, where can the same or improved ends be achieved through reduced means? One important part of this endeavor […]

Japanese electronics giant Casio has completed its investigation into the data breach caused by a recent ransomware attack and found that thousands of individuals are impacted. The company revealed in early October 2024 that some systems had failed and some services had been disrupted as a result of unauthorized access to its network.  A few […]

Funding raised by cybersecurity firms increased to $9.5 billion last year amid a decrease in funding volume, a new report from cybersecurity recruitment firm Pinpoint Search Group shows. The company tracked 304 funding rounds in 2024, 16% fewer compared to the 346 tracked during the previous year, but the raised amount went up 9% year-over-year, […]

The insider threat is a simple term for a mammoth and complex problem. It ranges from national security through theft of corporate intellectual property to malicious harm and accidental incompetence.  Here we concentrate on the malicious insider threat. This involves foreign agents, legitimate but malcontent staff, criminally-bribed employees, and more. Just as these threats are […]

The federal government is rolling out a consumer labeling system designed to help Americans pick smart devices that are less vulnerable to hacking. Under the voluntary program, called the US Cyber Trust Mark Initiative, manufacturers can affix the label on their products if they meet federal cybersecurity standards. The types of devices that can seek […]

The US cybersecurity agency CISA on Tuesday warned that two recently disclosed vulnerabilities affecting the Mitel MiCollab enterprise collaboration platform have been exploited in attacks. The two security defects, tracked as CVE-2024-41713 and CVE-2024-55550, are described as path traversal issues that impact versions 9.8 SP1 FP2 (9.8.1.201) and earlier of Mitel MiCollab. CVE-2024-41713 (CVSS score […]

Google and Mozilla on Tuesday announced the release of fresh security updates that patch several high-severity vulnerabilities in their popular browsers. Google has released a Chrome 131 update that resolves four security defects, including a high-severity type confusion flaw in the V8 JavaScript engine reported by an external researcher. Tracked as CVE-2025-0291, the externally reported […]