By simply sending HTTP requests, attackers can trigger the deserialisation of malicious data in Tomcat’s session storage and gain control.
Category: Security
Global Security News, Security
WhatsApp patched zero-click flaw exploited in Paragon spyware attacks
WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon’s Graphite spyware following reports from security researchers at the University of Toronto’s Citizen Lab. […]
data breach, Global IT News, Global Security News, Ransomware, Security, TC
US teachers’ union says hackers stole sensitive personal data on over 500,000 members
PSEA says it “took steps to ensure” its stolen data was deleted, suggesting a ransom demand was paid © 2024 TechCrunch. All rights reserved. For personal use only.
Apps, encryption, Global IT News, Global Security News, Government & Policy, mobile phones, privacy, Proton, Security, sim swap, SS7
Cape opens $99/month beta of its privacy-first mobile plan, inks Proton deal, raises $30M
Mobile networks continue to be a major target for cybersecurity breaches, and Chinese hacking group Salt Typhoon‘s persistent attacks on multiple carriers are only the latest known examples. The mobile carrier startup Cape is taking a novel approach to addressing the problem: it has built a service it says can provide a more secure, private…
Global Security News, Security
Why it’s time for phishing prevention to move beyond email
While phishing has evolved, email security hasn’t kept up. Attackers now bypass MFA & detection tools with advanced phishing kits, making credential theft harder to prevent. Learn how Push Security’s browser-based security stops attacks as they happen. […]
Global Security News, Security
Agentic AI’s Role in the Future of AppSec
Overwhelmed AppSec teams are turning to agentic AI to handle the tedious manual work of security reporting, threat modeling, and code reviews, but successful implementation requires careful human oversight.
Emerging Tech, Global Security News, incident response services, Managed Services, MSSPs, Partners, Security
5 Top Incident Response Tools & How To Choose The Right One
Incident response (IR) tools are essential for quickly detecting and mitigating cyberattacks. They are even more important for MSPs and MSSPs, who are responsible for keeping their own and clients’ data safe. Explore the five best incident response tools for securing your environments and minimizing downtime. We’ll also discuss key factors to consider, such as…
Android, Australia, Canada, Global IT News, Global Security News, Israel, Italy, paragon, Paragon Solutions, privacy, Security, Spyware, surveillance
Researchers name several countries as potential Paragon spyware customers
The Citizen Lab said it believes several governments may be customers of spyware maker Paragon Solutions. © 2024 TechCrunch. All rights reserved. For personal use only.
Global Security News, Security
Sperm donation giant California Cryobank warns of a data breach
US sperm donor giant California Cryobank is warning customers it suffered a data breach that exposed customers’ personal information. […]
Global Security News, Security
GitHub Action hack likely led to another in cascading supply chain attack
A cascading supply chain attack that began with the compromise of the “reviewdog/action-setup@v1” GitHub Action is believed to have led to the recent breach of “tj-actions/changed-files” that leaked CI/CD secrets. […]
Alphabet, Amazon, Artificial Intelligence, Cloud, Cloud Security, cyber security, Developer, developers, Global Security News, Google, google cloud, M&A, Mergers and Acquisitions, Microsoft, multicloud, Security, wiz
Google Acquires Startup Wiz for $32B to Make ‘Cybersecurity More Accessible And Simpler’
Google’s agreement to buy cloud security startup Wiz will face antitrust scrutiny amid Alphabet’s ongoing legal battles.
Global Security News, Security
Western Alliance Bank notifies 21,899 customers of data breach
Arizona-based Western Alliance Bank is notifying nearly 22,000 customers their personal information was stolen in October after a third-party vendor’s secure file transfer software was breached. […]
AI, Enterprise, Global IT News, Global Security News, Google, Security, wiz
Here’s why Google pitched its $32B Wiz acquisition as ‘multicloud’
Tuesday’s big news that Google is acquiring security startup Wiz for a record-breaking $32 billion comes with a very big qualifier. Google says it will position Wiz as a “multicloud” offering, meaning Wiz will not be a Google-only shop. The reality is that Google had no choice but to do this, and a closer look…
Global Security News, Google, Mobile, Security
Malicious Android ‘Vapor’ apps on Google Play installed 60 million times
Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information. […]
Asia Pacific, Global Security News, Microsoft, Security
New Windows zero-day exploited by 11 state hacking groups since 2017
At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. […]
Global Security News, Security
Google to purchase Wiz for $32 billion in cloud security play
Google has announced it entered into a definitive agreement to acquire Wiz, a leading cloud security platform, for $32 billion in an all-cash transaction. […]
CISA, Cybersecurity, doge, Global IT News, Global Security News, Layoffs, Security, us government
CISA scrambles to contact fired employees after court rules layoffs ‘unlawful’
Federal court rules U.S. cybersecurity agency must re-hire over 100 former employees © 2024 TechCrunch. All rights reserved. For personal use only.
Global Security News, Security
Critical AMI MegaRAC bug can let attackers hijack, brick servers
A new critical severity vulnerability found in American Megatrends International’s MegaRAC Baseboard Management Controller (BMC) software can let attackers hijack and potentially brick vulnerable servers. […]
Emerging Tech, Global Security News, Security
New research reveals security’s biggest AI challenges – and two potential solutions
A new survey of security leaders has revealed a stark contrast between AI expectations and realities – while enthusiasm for AI’s potential runs high, teams are grappling with significant challenges in implementation demonstrating ROI, and realizing tangible business impact. Sponsored by Tines and AWS, IDC’s Voice of Security 2025 white paper features survey data from…
CryptoCurrency, Gaming, Global Security News, Security
Blockchain gaming platform WEMIX hacked to steal $6.1 million
Blockchain gaming platform WEMIX suffered a cyberattack last month, allowing threat actors to steal 8,654,860 WEMIX tokens, valued at approximately $6,100,000 at the time. […]
Cloud Security, Global Security News, Security
Dashlane Review 2025: Features, Pricing, and Security
Dashlane’s zero-knowledge encryption and intuitive user interface make it a compelling password manager. Read our full Dashlane review to learn more.
Alphabet, Cloud Security, Enterprise, Global IT News, Global Security News, Google, Security, wiz
Google is buying Wiz for $32B to beef up in cloud security, sources say
Google is making the biggest acquisition in its history. The company’s parent company Alphabet is acquiring Wiz, the cloud security startup, for $32 billion, our sources say. The deal will still need regulatory and other approvals before closing. From what we can see, Google and Wiz have yet to confirm anything official. Other outlets are…
Alphabet, Enterprise, Global IT News, Global Security News, Google, Government & Policy, Mergers and Acquisitions, Security, Startups, wiz
Google revives talks to acquire Wiz at higher valuation
Google’s parent company Alphabet is again in advanced talks to acquire cloud cybersecurity startup Wiz, a person familiar with the deal told TechCrunch. The two companies were close to securing a deal at a $23 billion valuation last summer, but the transaction failed to materialize. This time, the price being discussed is higher, the person…
Android, Apple, Cybersecurity, encryption, end-to-end encryption, Global Security News, Google, iPhone, Mobile Security, Mobility, Security
iPhone-Android: A Major Privacy Upgrade is Coming Soon
This breakthrough will finally allow secure, encrypted messaging between different mobile platforms.
Big Data, Cybersecurity, Global Security News, International, phishing, Ransomware, ransomware as a service, Security
Medusa Ransomware Strikes 300+ Targets: FBI & CISA Urge Immediate Action to #StopRansomware
Medusa ransomware now operates as a RaaS model, recruiting affiliates from criminal forums to launch attacks, encrypt data, and extort victims worldwide.
Global Security News, Security
BlackLock ransomware claims nearly 50 attacks in two months
A ransomware-as-a-service (RaaS) operation called ‘BlackLock’ has emerged as one of the more active ransomware operations of 2025. […]
Global Security News, Security
Telegram CEO leaves France temporarily as criminal probe continues
French authorities have allowed Pavel Durov, Telegram’s CEO and founder, to temporarily leave the country while criminal activity on the messaging platform is still under investigation. […]
CryptoCurrency, Global Security News, Microsoft, Security
Microsoft: New RAT malware used for crypto theft, reconnaissance
Microsoft has discovered a new remote access trojan (RAT) that employs “sophisticated techniques” to avoid detection, ensure persistence, and extract sensitive information data. […]
CryptoCurrency, Global Security News, Security
OKX suspends DEX aggregator after Lazarus hackers try to launder funds
OKX Web3 has decided to suspend its DEX aggregator services to implement security upgrades following reports of abuse by the notorious North Korean Lazarus hackers, who recently conducted a $1.5 billion crypto heist. […]
Cybersecurity, Global IT News, Global Security News, In Brief, Justice Department, sabotage, Security
Texas man faces prison for activating ‘kill switch’ on former employer’s network
Software developer Davis Lu was found guilty of sabotaging the company’s systems. © 2024 TechCrunch. All rights reserved. For personal use only.
AI, Amazon, Artificial Intelligence, Big Data, Cloud, Cloud Security, data centers, Global Security News, privacy, Security, storage
Amazon’s Controversial Change to Echo’s Privacy Settings Takes Effect Soon
Amazon is mandating cloud-based processing for Echo voice commands, removing local storage and disabling Alexa’s voice ID to expand its generative AI capabilities.
Cybersecurity, Fortinet, Global IT News, Global Security News, Ransomware, Security, vulnerability
Hackers are exploiting Fortinet firewall bugs to plant ransomware
Security researchers say that a threat actor it calls Mora_001 has ‘close ties’ to the Russia-linked hacking group © 2024 TechCrunch. All rights reserved. For personal use only.
Global Security News, Security
Supply chain attack on popular GitHub Action exposes CI/CD secrets
A supply chain attack on the widely used ‘tj-actions/changed-files’ GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs. […]
Cybersecurity, Department of Government Efficiency, Global IT News, Global Security News, Government & Policy, privacy, Security, U.S. Treasury
DOGE staffer violated Treasury rules by emailing unencrypted personal data
Marko Elez emailed a spreadsheet containing personal information to two Trump administration officials. © 2024 TechCrunch. All rights reserved. For personal use only.
AI, Global IT News, Global Security News, Media & Entertainment, Security, Startups, TC, TC Sessions: AI, TechCrunch Sessions: AI
Vote for the session you want to see at TechCrunch Sessions: AI
We’ve been blown away by the overwhelming response to speak at TechCrunch Sessions: AI on June 5 in Zellerbach Hall at UC Berkeley. After thorough consideration, we’ve selected six standout finalists. The power to choose who will take the stage and share their AI expertise with 1,200 AI leaders and enthusiasts is now in your…
Exploits, Global Security News, Security
Critical RCE flaw in Apache Tomcat actively exploited in attacks
A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. […]
Cloud Security, Global Security News, nordpass, password manager, Security, Technology
NordPass vs Bitwarden: Which Is Safer and Easier to Use in 2025?
Which is better, NordPass or Bitwarden? This guide provides a detailed comparison of their features, security and pricing to help you choose your best fit.
Cloud Security, Global Security News, nordpass, password manager, Security, Technology
NordPass vs Bitwarden: Which Is Safer and Easier to Use in 2025?
Which is better, NordPass or Bitwarden? This guide provides a detailed comparison of their features, security and pricing to help you choose your best fit.
business, channel, Global Security News, Security, services
IRONSCALES New VP on Bringing Next-Gen Solution to More MSPs
Security vendor IRONSCALES recently appointed Brian Thomas as its new VP of global MSP sales. Thomas shared his priorities for growth in the MSP ecosystem and his insights on how IRONSCALES offers a differentiated security product with Channel Insider. Scaling the IRONSCALES partner network to new heights Thomas has over a decade of experience leading…
Global IT News, Global Security News, Government & Policy, Security
UK’s internet watchdog puts storage and file-sharing services on watch over CSAM
As duties under the U.K.’s Online Safety Act (OSA) related to tackling illegal content came into force Monday, the internet watchdog, Ofcom, said it has launched a new enforcement program focused on online storage and file-sharing services. The regulator said its evidence shows that file-sharing and file-storage services are “particularly susceptible” to being used for…
eu digital autonomy, eu digital infrastructure, euro stack, Europe, Global Security News, Government & Policy, Security
European tech industry coalition calls for ‘radical action’ on digital sovereignty — starting with buying local
A broad coalition drawn from across the ranks of Europe’s tech industry is calling for “radical action” from European Union lawmakers to shrink reliance on foreign-owned digital infrastructure and services to bolster the bloc’s economic prospects, resilience, and security in increasingly fraught geopolitical times. In an open letter to European Commission president, Ursula von der…
AI, Application Security, CISO Suite, cyber security, cyber threat, Cybersecurity, Data Privacy, Data Security, Digital Privacy, Episodes, Global Security News, Governance, Risk & Compliance, Information Security, infosec, IT Security Collaboration, Managing Cybersecurity Data, penetration testing, PlexTrac, Podcast, Podcasts, privacy, purple teaming, Red Teaming, Risk Management, risk scoring, Security, security best practices, Security Bloggers Network, Social Engineering, Technology, Threat Intelligence, vulnerability remediation, Weekly Edition
Tackling Data Overload: Strategies for Effective Vulnerability Remediation
In part one of our three part series with PlexTrac, we address the challenges of data overload in vulnerability remediation. Tom hosts Dahvid Schloss, co-founder and course creator at Emulated Criminals, and Dan DeCloss, CTO and founder of PlexTrac. They share their expertise on the key data and workflow hurdles that security teams face today.…
Global Security News, Security
Fake “Security Alert” issues on GitHub use OAuth app to hijack accounts
A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake “Security Alert” issues, tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code. […]
Global Security News, Security
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts
Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. […]
Global Security News, Security
New Akira ransomware decryptor cracks encryptions keys using GPUs
Security researcher Yohanes Nugroho has released a decryptor for the Linux variant of Akira ransomware, which utilizes GPU power to retrieve the decryption key and unlock files for free. […]
Global Security News, Security
Coinbase phishing email tricks users with fake wallet migration
A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. […]
Apple, cyber security, Global Security News, iOS, Mobility, Security, update, vulnerabilities
Update Your iPhone Now to Fix Safari Security Flaw
The vulnerability allowed malicious code running inside the Web Content sandbox, an isolated environment for web processes designed to limit security risks, to impact other parts of the device.
AI, Artificial Intelligence, Big Data, cisco, Cybersecurity, Digital Transformation, EU, Europe, Global Security News, International, Security, Tech & Work, tech skills, tech skills gap, tech training
Will Cisco’s Free Tech Training for 1.5M People Help Close EU’s Skills Gap?
Cisco’s training through its Networking Academy will help “build a resilient and skilled workforce ready to meet Europe’s digital transformation and AI objectives.”
Apple, Big Data, Cloud, Cloud Security, Data Privacy, Global Security News, Government, iCloud, International, privacy, Security, tribunal, Trump, uk, United Kingdom, us, usa
Apple Fights UK Over Encryption Backdoors as US Officials Warn of Privacy Violations
The British side reportedly said they would have to produce warrants for each individual data access request, so they will always have to be made as part of an investigation into serious crime.
Cybersecurity, Global IT News, Global Security News, National Security Agency, Security, us government, wiretapping
AT&T technician Mark Klein, who exposed secret NSA spying, dies
Klein, a former AT&T technician turned whistleblower, exposed mass surveillance by the U.S. government in 2006. © 2024 TechCrunch. All rights reserved. For personal use only.
Global Security News, Security
Ransomware gang creates tool to automate VPN brute-force attacks
The Black Basta ransomware operation created an automated brute-forcing framework dubbed ‘BRUTED’ to breach edge networking devices like firewalls and VPNs. […]
Global Security News, Security
Cisco IOS XR vulnerability lets attackers crash BGP on routers
Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. […]
Cloud, Cloud Security, Cybersecurity, finops, Global Security News, Security, Security Awareness, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X
Savings and Security: The Dual Benefits of FinOps and the Cloud
Organizations can adopt FinOps, a cloud financial management practice promoting shared accountability among engineering, finance and operations teams to balance innovation, security and cost efficiency. The post Savings and Security: The Dual Benefits of FinOps and the Cloud appeared first on Security Boulevard.
Global Security News, Legal, North America, Security
Suspected LockBit ransomware dev extradited to United States
A dual Russian-Israeli national, suspected of being a key developer for the LockBit ransomware operation, has been extradited to the United States to face charges. […]
Cybercrime, Cybersecurity, Global IT News, Global Security News, hacking, In Brief, LockBit, Ransomware, Russia, Security
Accused LockBit ransomware developer extradited to the US
The U.S. Department of Justice announced that Rostislav Panev, who developed code and maintained infrastructure for LockBit, is now in U.S. custody. © 2024 TechCrunch. All rights reserved. For personal use only.
Global Security News, Security
Cybersecurity in Kommunen: Eigeninitiative gefragt
width=”2480″ height=”1395″ sizes=”(max-width: 2480px) 100vw, 2480px”> Deutsche Kommunen erscheinen in Sachen Cybersicherheit eine leichte Beute zu sein. motioncenter – shutterstock.com Das cyberintelligence.institute hat in Zusammenarbeit mit dem Cybersicherheitsunternehmen NordPass in einer Studie die kommunale Cybersicherheit in Deutschland aus juristischer und organisatorischer Sicht analysiert. Demnach befinden sich Städte und Gemeinden in einer Zwickmühle. Auf der einen…
Apple, backdoor, Global IT News, Global Security News, Security
US lawmakers urge UK spy court to hold Apple ‘backdoor’ secret hearing in public
U.S. bipartisan lawmakers say the U.K. order gagging Apple from disclosing the demand is unconstitutional. © 2024 TechCrunch. All rights reserved. For personal use only.
Global Security News, Government & Policy, In Brief, privacy, Security
UK’s secret iCloud backdoor order triggers civil rights challenge
The U.K. government’s secret order to Apple demanding it backdoor the end-to-end encrypted version of its iCloud storage service has now been challenged by two civil rights groups, Liberty and Privacy International, which filed complaints Thursday. They called the order “unacceptable and disproportionate” and warned of “global consequences” as the access order is thought to…
Global Security News, Microsoft, Security
Microsoft apologizes for removing VSCode extensions used by millions
Microsoft has reinstated the ‘Material Theme – Free’ and ‘Material Theme Icons – Free’ extensions on the Visual Studio Marketplace after finding that the obfuscated code they contained wasn’t actually malicious. […]
Exploits, Global Security News, Security
New SuperBlack ransomware exploits Fortinet auth bypass flaws
A new ransomware operator named ‘Mora_001’ is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. […]
Amazon, AWS, Exclusive, Global IT News, Global Security News, Security, Spyware, stalkerware
Amazon is still hosting stalkerware victims’ data weeks after breach alert
Amazon won’t say if it will stop hosting data from three phone surveillance operations that spilled private data on millions of people. © 2024 TechCrunch. All rights reserved. For personal use only.
Apple, Global IT News, Global Security News, iOS, iPad, iPhone, lockdown mode, privacy, Security
Apple’s Lockdown Mode is good for security — but its notifications are baffling
Lockdown Mode is an “extreme protection” feature that’s good for at-risk users, but its notifications are increasingly confusing. © 2024 TechCrunch. All rights reserved. For personal use only.
Exploits, Global Security News, Security
Juniper patches bug that let Chinese cyberspies backdoor routers
Juniper Networks has released emergency security updates to patch a Junos OS vulnerability exploited by Chinese hackers to backdoor routers for stealthy access. […]
Global Security News, Security
GitLab patches critical authentication bypass vulnerabilities
GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. […]
Global Security News, Security
ClickFix attack delivers infostealers, RATs in fake Booking.com emails
Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. […]
Global Security News, Security
Red Report 2025: Unmasking a 3X Spike in Credential Theft and Debunking the AI Hype
Credential theft surged 3× in a year—but AI-powered malware? More hype than reality. The Red Report 2025 by Picus Labs reveals attackers still rely on proven tactics like stealth & automation to execute the “perfect heist.” […]
Cloud Security, Global Security News, Security, Speedify VPN, VPN
Speedify VPN Review 2025: Features, Security, and Performance
Speedify VPN offers speed-centered features that may not make up for its lacking security features and pricey plan. Find out how this VPN measured up in our review.
business, channel, Exploits, Global Security News, Security, services
CyberArk Report Points to Machine Identity Security Risks
Security vendor CyberArk today released its 2025 State of Machine Identity Security Report. The research, based on a survey of 1,200 security leaders across the USA, UK, Australia, France, Germany and Singapore, shows the growing gap between machine identity creation and appropriate security measures accounting for those identities. CyberArk’s SVP of Innovation Kevin Bocek shared…
estonia, Fundraising, Global IT News, Global Security News, Security, smbs
Estonia-based Blackwall raises €45 million Series B to protect SMBs from malicious online traffic
A huge chunk of online traffic now comes from bots, both good and bad — but AI is boosting the latter. From DDoS attacks to scraping, there’s a renewed barrage of threats that companies have to deal with. According to cybersecurity entrepreneur Nikita Rozenberg, the impact is more severe for SMBs. “The main difference is…
Exploits, Global Security News, Security
Facebook discloses FreeType 2 flaw exploited in attacks
Facebook is warning that a FreeType vulnerability in all versions up to 2.13 can lead to arbitrary code execution, with reports that the flaw has been exploited in attacks. […]
Global Security News, North America, Security
CISA: Medusa ransomware hit over 300 critical infrastructure orgs
CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month. […]
Department of Government Efficiency, doge, Elon Musk, evergreens, Global IT News, Global Security News, Government & Policy, Security, SpaceX, Tesla, Trump Administration, us government
The people in Elon Musk’s DOGE universe
Meet the DOGE staffers and senior advisors in Elon Musk’s inner circle, and how they got there. © 2024 TechCrunch. All rights reserved. For personal use only.
Cybersecurity, Exploits, Global Security News, Microsoft, Microsoft Office, remote desktop service, Security, security administration, security patches, Software, windows dns server, windows subsystem for linux
Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days
Microsoft’s March 2025 Patch Tuesday includes six actively exploited zero-day vulnerabilities. Learn about the critical vulnerabilities and why immediate updates are essential.
Global Security News, Google, Mobile, Security
New North Korean Android spyware slips onto Google Play
A new Android spyware named ‘KoSpy’ is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps. […]
Global Security News, Security
Garantex crypto exchange admin arrested while on vacation
Indian authorities arrested Aleksej Besciokov, the co-founder and one of the administrators of the Russian Garantex crypto-exchange while vacationing with his family in Varkala, India. […]
Bitcoin, Crypto, Cybercrime, Exclusive, Garantex, Global IT News, Global Security News, India, money laundering, Russia, Security, tether
Garantex administrator arrested in India under extradition law
Garantex co-founder Aleksej Besciokov was arrested in India’s Kerala on Tuesday under the country’s extradition law. © 2024 TechCrunch. All rights reserved. For personal use only.
Global Security News, Security, Software
Mozilla warns users to update Firefox before certificate expires
Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company’s root certificates. […]
Exploits, Global Security News, Microsoft, Security
Microsoft patches Windows Kernel zero-day exploited since 2023
Slovak cybersecurity company ESET says a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited in attacks since March 2023. […]
Global Security News, Security
Browser-Based Data Leaks: 3 Biggest Data Security Challenges Today
Traditional Data Loss Prevention (DLP) solutions weren’t built for today’s browser-driven workplace. Now sensitive data moves moves through SaaS apps, AI tools, and personal accounts, bypassing legacy security controls. Learn from Keep Aware how real-time browser security can stop data leaks before they happen. […]
Global Security News, Security
Chinese cyberspies backdoor Juniper routers for stealthy access
Chinese hackers are deploying custom backdoors on Juniper Networks Junos OS MX routers that have reached end-of-life (EoL) and no longer receive security updates. […]
AI, Fundraising, Global IT News, Global Security News, pen testing, pentera, Security
Pentera nabs $60M at a $1B+ valuation to build simulated network attacks to train security teams
Strong and smart security operations teams are at the heart of any cybersecurity strategy, and today a startup that builds tooling to help keep them on their toes is announcing some funding on the back of a lot of growth. Pentera — which has built a system that launches simulations of network attacks to stress…
Global Security News, Security
Unternehmen ertrinken in Software-Schwachstellen
srcset=”https://b2b-contenthub.com/wp-content/uploads/2025/03/shutterstock_2555209523.jpg?quality=50&strip=all 12500w, https://b2b-contenthub.com/wp-content/uploads/2025/03/shutterstock_2555209523.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2025/03/shutterstock_2555209523.jpg?resize=768%2C432&quality=50&strip=all 768w, https://b2b-contenthub.com/wp-content/uploads/2025/03/shutterstock_2555209523.jpg?resize=1024%2C576&quality=50&strip=all 1024w, https://b2b-contenthub.com/wp-content/uploads/2025/03/shutterstock_2555209523.jpg?resize=1536%2C864&quality=50&strip=all 1536w, https://b2b-contenthub.com/wp-content/uploads/2025/03/shutterstock_2555209523.jpg?resize=2048%2C1152&quality=50&strip=all 2048w, https://b2b-contenthub.com/wp-content/uploads/2025/03/shutterstock_2555209523.jpg?resize=1240%2C697&quality=50&strip=all 1240w, https://b2b-contenthub.com/wp-content/uploads/2025/03/shutterstock_2555209523.jpg?resize=150%2C84&quality=50&strip=all 150w, https://b2b-contenthub.com/wp-content/uploads/2025/03/shutterstock_2555209523.jpg?resize=854%2C480&quality=50&strip=all 854w, https://b2b-contenthub.com/wp-content/uploads/2025/03/shutterstock_2555209523.jpg?resize=640%2C360&quality=50&strip=all 640w, https://b2b-contenthub.com/wp-content/uploads/2025/03/shutterstock_2555209523.jpg?resize=444%2C250&quality=50&strip=all 444w” width=”1024″ height=”576″ sizes=”(max-width: 1024px) 100vw, 1024px”>Die durchschnittliche Behebungszeit für Sicherheitslücken ist in den vergangenen fünf Jahren deutlich gestiegen. afry_harvy – Shutterstock.com Laut dem aktuellen State of Software Security Report von Veracode ist die…
Android, Exclusive, Global IT News, Global Security News, Google, Google Play, Lookout, malware, Security, Spyware, TC
North Korean government hackers snuck spyware on Android app store
Cybersecurity firm Lookout found several samples of a North Korean spyware it calls KoSpy. © 2024 TechCrunch. All rights reserved. For personal use only.
Global IT News, Global Security News, Hunters International, India, Ransomware, Security, Tata Technologies
Tata Technologies’ data leaked by ransomware gang
A ransomware gang has leaked internal Tata Technologies data, a month after the company confirmed a ransomware attack. © 2024 TechCrunch. All rights reserved. For personal use only.
CryptoCurrency, Global Security News, Security
North Korean Lazarus hackers infect hundreds via npm packages
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. […]
Apple, Global IT News, Global Security News, iOS, macOS, Security, TC, VisionOS, zero days
Apple fixes new security flaw used in ‘extremely sophisticated attack’
The flaw was in the browser engine WebKit, used by Safari and other apps. © 2024 TechCrunch. All rights reserved. For personal use only.
CISA, Cybersecurity, doge, Exclusive, Global IT News, Global Security News, Layoffs, scoop, Security, us government
DOGE axes CISA ‘red team’ staffers amid ongoing federal cuts
Affected staff say more than 100 employees working to protect U.S. government networks were ‘axed’ with no prior warning © 2024 TechCrunch. All rights reserved. For personal use only.
Apple, Exploits, Global Security News, Security
Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks
Apple has released emergency security updates to patch a zero-day bug the company describes as exploited in “extremely sophisticated” attacks. […]
Exploits, Global Security News, Microsoft, Security
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws
Today is Microsoft’s March 2025 Patch Tuesday, which includes security updates for 57 flaws, including six actively exploited zero-day vulnerabilities. […]
CryptoCurrency, Global Security News, Security
MassJacker malware uses 778,000 wallets to steal cryptocurrency
A newly discovered clipboard hijacking operation dubbed ‘MassJacker’ uses at least 778,531 cryptocurrency wallet addresses to steal digital assets from compromised computers. […]
FTC, Global IT News, Global Security News, Scam, Security
FTC says Americans lost $12.5B to scams last year — social media, AI, and crypto didn’t help
You’re not the only one getting voicemails about your car’s extended warranty. According to the U.S. Federal Trade Commission (FTC), about 2.6 million people submitted reports on falling victim to fraud in 2024, totaling $12.5 billion in losses. That’s a big jump from $2.5 billion lost in 2023, when the FTC received roughly the same…
CISA, Global IT News, Global Security News, In Brief, Sean Plankey, Security, us government
Trump nominates Sean Plankey as new CISA director
Plankey, if approved by the Senate, will serve as CISA’s third director. © 2024 TechCrunch. All rights reserved. For personal use only.
Exploits, Global Security News, Security
Critical PHP RCE vulnerability mass exploited in new attacks
Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. […]
Global Security News, Security
The AI race: Dark AI is in the lead, but good AI is catching up
Cybercriminals are using AI for help in planning and conducting cyberattacks—but cybersecurity vendors are fighting back. Learn from Acronis Threat Research Unit about how AI-powered security solutions are closing the gap in the battle against AI-driven cyber threats. […]
education, Global Security News, Security
PowerSchool previously hacked in August, months before data breach
PowerSchool has published a long-awaited CrowdStrike investigation into its massive December 2024 data breach, which determined that the company was previously hacked over 4 months earlier, in August, and then again in September. […]
Exploits, Global Security News, Security
CISA tags critical Ivanti EPM flaws as actively exploited in attacks
CISA warned U.S. federal agencies to secure their networks against attacks exploiting three critical vulnerabilities affecting Ivanti Endpoint Manager (EPM) appliances. […]
Cloud Security, Global Security News, nordpass, password manager, Security, Technology
How to Use NordPass: A Step-by-Step Guide
Learn how to set up and use NordPass to store and manage your passwords with this step-by-step guide.
Cloud Security, Global Security News, nordpass, password manager, Security, Technology
How to Use NordPass: A Step-by-Step Guide
Learn how to set up and use NordPass to store and manage your passwords with this step-by-step guide.
AI, Cybersecurity, Enterprise, Fundraising, Global IT News, Global Security News, low-code, no-code, Palo Alto Networks, Security, Sola, sola security
Sola emerges from stealth with $30M to build the ‘Stripe for security’
Enterprises these days can choose from hundreds of apps and services available to secure their networks, data and assets — nearly as many more to help them manage all the alerts and extra work that those security apps generate. But what if you could build your own apps, customised to your own workloads, to simplify…
engineering capital, Exclusive, Global IT News, Global Security News, Hawcx, India, Security, Startups
Some say passkeys are clunky — this startup wants to change that
Hawcx, backed by Engineering Capital, aims to solve passkeys’ adoption challenge with its new tech. © 2024 TechCrunch. All rights reserved. For personal use only.