Ionut Arghire

Two ransomware groups and several Chinese APTs have been exploiting two recent SAP NetWeaver vulnerabilities.

The Australian Human Rights Commission says data submitted through the complaint form on its website was inadvertently exposed.

Google has rolled out a Chrome 136 update that resolves a high-severity vulnerability for which a public exploit exists.

Kosovo citizen Liridon Masurica has appeared in a US court, facing charges for his role in operating the cybercrime marketplace BlackDB.cc.

Juniper Networks, VMware, and Zoom have announced patches for dozens of vulnerabilities across their products.

Fortinet has patched a dozen vulnerabilities, including a critical flaw exploited in the wild against FortiVoice instances.

Ivanti has released patches for two EPMM vulnerabilities that have been chained in the wild for remote code execution.

SAP has released 16 new security notes on its May 2025 Security Patch Day, including a note dealing with another critical NetWeaver vulnerability exploited...

Marks & Spencer has confirmed that personal information was stolen in a recent cyberattack claimed by a ransomware group.

A Turkey-affiliated espionage group has exploited a zero-day vulnerability in Output Messenger since April 2024.

A 45-year-old individual was arrested in Moldova for his suspected involvement in DoppelPaymer ransomware attacks.

Google has agreed to a $1.375 billion settlement with Texas in lawsuits over location and private browsing tracking, and biometric data collection.

Ascension Health has notified the HHS that more than 437,000 people were affected by a recently disclosed data breach.

Two vulnerabilities in ASUS’s pre-installed software DriverHub can be exploited for remote code execution.

German authorities seized the servers of crypto-swapping service eXch for laundering approximately $1.9 billion in fraudulent assets.

Supply chain attack compromises the popular rand-user-agent NPM package to deploy and activate a backdoor.

VMS firm Valsoft Corporation says the personal information of over 160,000 people was compromised in a February 2025 data breach.

Three NPM packages posing as developer tools for Cursor AI code editor’s macOS version contain a backdoor.

Hundreds of SAP NetWeaver instances hacked via a zero-day that allows remote code execution, not only arbitrary file uploads, as initially believed.

SonicWall patches three SMA 100 vulnerabilities, including a potential zero-day, that could be chained to execute arbitrary code remotely.