CISA: Roundcube email server bug now exploited in attacks
CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks.…
Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor
Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy…
Free Rhysida ransomware decryptor for Windows exploits RNG flaw
South Korean researchers have publicly disclosed an encryption flaw in the Rhysida ransomware encryptor, allowing the creation of a Windows…
Raspberry Robin malware evolves with early access to Windows exploits
Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible…
CISO Corner: DoD Regs, Neurodiverse Talent & Tel Aviv’s Light Rail
Also in this issue: How the SEC's reporting rules are being weaponized, quishing attacks plaguing execs, and tabletop exercises making…
Critical Cisco bug exposes Expressway gateways to CSRF attacks
Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing…
JetBrains warns of new TeamCity auth bypass vulnerability
JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers…
US announces visa ban on those linked to commercial spyware
Secretary of State Antony J. Blinken announced today a new visa restriction policy that will enable the Department of State…
Pegasus Spyware Targets Jordanian Civil Society in Wide-Ranging Attacks
As the Middle East nation enforces strict cybercrime laws, citizens face crackdowns on free speech with nearly three dozen journalists…
The Crumbling Castle
By Jaye Tillson, Director of Strategy, Axis Security In the realm of IT security, the traditional “castle and moat” strategy…