Security
Headlines
HeadlinesLatestCVEs

Latest News

Care what you share

In this week’s newsletter, Thorsten muses on how search engines and AI quietly gather your data while trying to influence your buying choices. Explore privacy-friendly alternatives and get the scoop on why it's important to question the platforms you interact with online.

TALOS
#vulnerability#windows#microsoft#cisco#ddos#nodejs#git#auth#docker#ssl
Apple patches security vulnerabilities in iOS and iPadOS. Update now!

Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited...

CVE Program Cuts Send the Cyber Sector Into Panic Mode

After threatening to slash support for the CVE program, CISA threw MITRE a lifeline at the last minute — extending its government contract for another 11 months. After that, it looks like it's up to the private sector to find the cash to keep it going.

GHSA-qhp6-vp7c-g7xp: Liferay Cross-site Scripting vulnerability

A stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, 7.3 GA through update 36, and 7.2 GA through fix pack 20 allows remote authenticated attackers to inject malicious JavaScript into a page.

Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates

The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. This includes updated versions of a known backdoor called TONESHELL, as well as a new lateral movement

New Jersey Sues Discord for Allegedly Failing to Protect Children

The New Jersey attorney general claims Discord’s features to keep children under 13 safe from sexual predators and harmful content are inadequate.

Mass Ransomware Campaign Hits S3 Buckets Using Stolen AWS Keys

Researchers reveal a large-scale ransomware campaign leveraging over 1,200 stolen AWS access keys to encrypt S3 buckets. Learn…

Cybersecurity by Design: When Humans Meet Technology

If security tools are challenging to use, people will look for workarounds to get around the restrictions.

Unlocking the Power of MetaTrader – Your Ultimate Trading Tool

MetaTrader is a key tool for traders, offering a comprehensive platform that supports various financial instruments. Understanding its…

Schneider Electric ConneXium Network Manager

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: ConneXium Network Manager Vulnerabilities: Files or Directories Accessible to External Parties, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access sensitive data, escalate privileges, or perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Schneider Electric ConneXium Network Manager: Version 2.0.01 (CVE-2025-2222) Schneider Electric ConneXium Network Manager: All versions (CVE-2025-2223) 3.2 VULNERABILITY OVERVIEW 3.2.1 FILES OR DIRECTORIES ACCESSIBLE TO EXTERNAL PARTIES CWE-552 CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that could leak information and potential privilege escalation following a Man-In-The-Middle attack. CVE-2025-2222 has b...