Collaborate Disseminate
Google has introduced Device Trust from Android Enterprise, a new solution for making sure that private Android devices used for work are secure enough to access corporate resources and data. Device Trust from Android Enterprise (Source: Google) What i… Continue reading Google strengthens secure enterprise access from BYOD Android devices
On May 2025 Patch Tuesday, Microsoft has released security fixes for 70+ vulnerabilities, among them five actively exploited zero-days and two publicly disclosed (but not exploited) vulnerabilities. The zero-days and the publicly disclosed flaws Among … Continue reading Patch Tuesday: Microsoft fixes 5 actively exploited zero-days
Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice phone / conferencing systems, the company’s product security incident response team has revealed on Tuesday. About CVE-202… Continue reading Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756)
Attackers have exploited vulnerabilities in open-source libraries to compromise on-prem Ivanti Endpoint Manager Mobile (EPMM) instances of a “very limited” number of customers, Ivanti has confirmed on Tuesday, and urged customers to install… Continue reading Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428)
US and Dutch law enforcement, with the help of Lumen researchers, have disrupted 5socks and Anyproxy, two proxy-for-rent services that were used by criminals for ad fraud and DDoS and brute-force attacks (among other things). The domain seizure notice … Continue reading Law enforcement takes down proxy botnets used by criminals
A second wave of attacks against the hundreds of SAP NetWeaver platforms compromised via CVE-2025-31324 is underway. “[The] attacks [are] staged by follow-on, opportunistic threat actors who are leveraging previously established webshells (from t… Continue reading Compromised SAP NetWeaver instances are ushering in opportunistic threat actors
A clever malware campaign delivering the novel Noodlophile malware is targeting creators and small businesses looking to enhance their productivity with AI tools. But, in an unusual twist, the threat actors are not disguising the malware as legitimate … Continue reading Fake AI platforms deliver malware diguised as video content
The affiliate panel of the infamous LockBit Ransomware-as-a-Service (RaaS) group has been hacked and defaced, showing a link to a MySQL database dump ostensibly containing leaked data relating to the group’s operations: The defaced dark web affiliate p… Continue reading LockBit hacked: What does the leaked data show?
As new malware delivery campaigns using the ClickFix social engineering tactic are spotted nearly every month, it’s interesting to see how the various attackers are trying to refine the two main elements: the lure and the “instruction”… Continue reading The many variants of the ClickFix social engineering tactic
SonicWall has fixed multiple vulnerabilities affecting its SMA100 Series devices, one of which (CVE-2025-32819) appears to be a patch bypass for an arbitrary file delete vulnerability that was exploited in zero-day attacks in early 2021, and may have a… Continue reading Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819)