RansomwareAkira ransomware decryption method uses GPUs to brute force keysLaura FrenchMarch 17, 2025Source code for the decryption method was published by programmer Yohanes Nugroho.
Vulnerability ManagementApache Tomcat flaw actively exploited; could allow ‘devastating’ RCEShaun NicholsMarch 17, 2025Remote code execution may be achieved on vulnerable servers with a single PUT API request.
Cloud SecurityMicrosoft 365 environments exploited in business email attacksSteve ZurierMarch 17, 2025The BEC attacks rely on phishing lures that let the bad actors operate entirely within the Microsoft 365 ecosystem.
AI/MLMicrosoft Dragon Copilot: Just what the doctor ordered?Stephen WeigandMarch 17, 2025Microsoft’s prescription for doctor burnout and fatigue is an AI assistant.
IdentityGitLab fixes critical SSO bypass vulnerabilities in updateShaun NicholsMarch 14, 2025The signature verification for the SSO system could be bypassed by using a specially crafted XML input.
Application securityMicrosoft restores VS Code theme flagged as malicious: We messed upLaura FrenchMarch 14, 2025The theme had millions of installations before it was removed in late February.
AI/MLOpenAI’s Operator AI agent can be used in phishing attacks, say researchersSteve ZurierMarch 14, 2025Researchers prove how attackers can use the added functionality in AI agents to launch phishing attacks.
RansomwareNew Lockbit-linked ransomware group targets Fortinet vulnerabilitiesLaura FrenchMarch 13, 2025The “SuperBlack” ransomware leverages the LockBit 3.0 builder with a custom encryption tool.
Vulnerability Management‘ClickFix’ campaign targets hospitality firms with phishing attacksShaun NicholsMarch 13, 2025A novel twist on social engineering attacks is causing havoc for hospitality providers
AI/MLResearchers use jailbreak to build functional malware via DeepSeekSteve ZurierMarch 13, 2025Tenable researchers jailbreak DeepSeek to build a keylogger and ransomware.