Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters

Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters

Image: cynoclub/Envato Elements Apache Tomcat is under attack as cybercriminals actively exploit a recently disclosed vulnerability, enabling remote code execution (RCE). With simple HTTP requests, attackers can trigger the deserialisation of malicious data and gain control over affected systems. The vulnerability, CVE-2025-24813, was disclosed by Apache on March 10, with the first proof of concept being released on GitHub about 30 hours later, posted by user iSee857. Soon after, security firm Wallarm later saw that…

Read More

Google Acquires Startup Wiz for $32B to 'Turbocharge Improved Cloud Security’

Google Acquires Startup Wiz for B to 'Turbocharge Improved Cloud Security’

Image: Wiz Google has announced it is acquiring cybersecurity startup Wiz for $32 billion. The acquisition is parent company Alphabet’s largest to date, more than doubling its previous record-breaking $12.5 billion purchase of Motorola Mobility in 2012. The company appears to have pursued this deal aggressively due to the growing demand for secure cloud services. The surge in generative AI has prompted tech companies to rush for cloud infrastructure, while major security incidents, such as…

Read More

Update Your iPhone Now to Fix Safari Security Flaw

Update Your iPhone Now to Fix Safari Security Flaw

Image: Apple’s Official YouTube Page Apple has released iOS 18.3.2, an operating system update that fixes a vulnerability in WebKit, the browser engine used by Safari to render web pages. The flaw allowed malicious code running inside the Web Content sandbox, an isolated environment for web processes designed to limit security risks, to impact other parts of the device. Apple previously fixed this vulnerability, CVE-2025-24201, with the release of iOS 17.2 back in late 2023,…

Read More

Billions of Devices at Risk of Hacking Due to Hidden Commands

Billions of Devices at Risk of Hacking Due to Hidden Commands

Tarlogic team giving their presentation during RootedCON. Image: Tarlogic Billions of devices worldwide rely on a widely used Bluetooth-Wi-Fi chip that contains undocumented “hidden commands.” Researchers warn these commands could be exploited to manipulate memory, impersonate devices, and bypass security controls. ESP32, manufactured by a Chinese company called Espressif, is a microcontroller that enables Bluetooth and Wi-Fi connections in numerous smart devices, including smartphones, laptops, smart locks, and medical equipment. Its popularity is partly due…

Read More

Women in Cyber Security on the Rise, But Facing More Layoffs and Budget Cuts Than Men

Women in Cyber Security on the Rise, But Facing More Layoffs and Budget Cuts Than Men

Gender diversity in cybersecurity is slowly improving but inequities continue—a new report finds that the field has 5% more women than in 2023, but that they’re more exposed to other workplace challenges than male counterparts. About 32% of women respondents said their organizations experienced security layoffs over the last year compared to just 23% of male respondents. For Women’s History Month this March, ISC2 delved deeper into data collected for its 2024 Cybersecurity Workforce Study….

Read More

Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains

Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains

Threat actors are increasingly targeting trusted business platforms such as Dropbox, SharePoint, and QuickBooks in their phishing email campaigns and leveraging legitimate domains to bypass security measures, a new report released today has found. By embedding sender addresses or payload links within legitimate domains, attackers evade traditional detection methods and deceive unsuspecting users. According to Darktrace’s Annual Threat Report 2024, the authors detected more than 30.4 million phishing emails, reinforcing phishing as the preferred attack…

Read More

IT Leaders Fear AI-Driven Cybersecurity Costs Will Soar

IT Leaders Fear AI-Driven Cybersecurity Costs Will Soar

IT leaders are concerned about the rocketing costs of cyber security tools, which are being inundated with AI features. Meanwhile, hackers are largely eschewing AI, as there are relatively few discussions about how they could use it posted on cyber crime forums. Featured Partners: Artificial Intelligence (AI) Software 1 New Relic Visit website Optimize your business operations with New Relic’s comprehensive observability platform. Designed for multi-dimensional enterprises, it provides real-time insights and robust application performance…

Read More

Cyber Attack Severity Rating System Established in U.K.

Cyber Attack Severity Rating System Established in U.K.

A new rating system in the U.K. will classify the severity of cyberattacks on a scale from one to five, aiming to provide businesses and policymakers with more precise insights into the impact of cyber threats. The Cyber Monitoring Centre, an independent nonprofit organisation of industry experts, will assess incidents in real time and publish results for free. The system is designed to be easily understood, similar to the Saffir-Simpson hurricane scale, which categorises hurricanes…

Read More

Ransomware Payments Decreased by 35% in 2024

Ransomware Payments Decreased by 35% in 2024

Ransomware payments took an unexpected plunge in 2024, dropping 35% to approximately $813.55 million — despite payouts surpassing $1 billion for the first time in 2023. The decline was largely driven by a series of successful law enforcement takedowns and improved cyber hygiene, which enabled more victims to refuse payment, according to blockchain platform Chainalysis. The drop came as a surprise, considering the upward trend seen earlier in the year. In fact, ransomware actors extorted…

Read More

Sophos Acquires Secureworks for $859 Million | TechRepublic

Sophos Acquires Secureworks for 9 Million | TechRepublic

Sophos has completed its $859 million acquisition of managed cyber security services provider Secureworks in an all-cash transaction. It now claims to be the “leading pure-play” provider of Managed Detection and Response Services, supporting more than 28,000 global organisations. Secureworks is an Atlanta, U.S.-based cybersecurity company that focuses on threat detection, response, and managed security services. Its acquisition will build out Sophos’ security operations platform for mitigating cyber attacks. “The open and scalable platform helps…

Read More
1 2 3 130