Collaborate Disseminate
The zero-day attacks leveraging the Ivanti Connect Secure (ICS) vulnerability (CVE-2025-0282) made public on Wednesday were first spotted in mid-December 2024, Mandiant researchers have shared. It’s still impossible to say whether they were mount… Continue reading Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282)
Ivanti has fixed two vulnerabilities affecting Ivanti Connect Secure, Policy Secure and ZTA gateways, one of which (CVE-2025-0282) has been exploited as a zero-day by attackers to compromise Connect Secure VPN appliances. About CVE-2025-0282 and CVE-20… Continue reading Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282)
The White House has announced the launch of the U.S. Cyber Trust Mark, a voluntary cybersecurity labeling program for consumer-grade internet-connected devices. “The White House launched this bipartisan effort to educate American consumers and gi… Continue reading The U.S. Cyber Trust Mark set to launch
The White House has announced the launch of the U.S. Cyber Trust Mark, a voluntary cybersecurity labeling program for consumer-grade internet-connected devices. “The White House launched this bipartisan effort to educate American consumers and gi… Continue reading The U.S. Cyber Trust Mark set to launch
CISA has added Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic Server (CVE-2020-2883) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The Mitel MiCollab vulnerabilities exploited Mitel MiCollab is a popular ent… Continue reading Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers
The United Nation’s International Civil Aviation Organization (ICAO) confirmed on Monday that it’s “actively investigating reports of a potential information security incident allegedly linked to a threat actor known for targeting int… Continue reading UN aviation agency investigating possible data breach
The US Cybersecurity and Infrastructure Security Agency (CISA) has shared on Monday that the Treasury Department was the only US federal agency affected by the recent cybersecurity incident involving compromised BeyondTrust Remote Support SaaS instance… Continue reading CISA says Treasury was the only US agency breached via BeyondTrust
The US Department of Justice has unsealed charges against Rostislav Panev, 51, a dual Russian and Israeli national, suspected of being a developer for the LockBit ransomware group. Panev was arrested in August 2024 and is currently in custody in Israel… Continue reading US charges suspected LockBit ransomware developer
In the wake of the widespread compromise of US telecom giants’ networks by Chinese hackers and the FBI advising Americans to use end-to-end encrypted communications, CISA is advising “highly targeted individuals” – senior govern… Continue reading CISA: Use Signal or other secure communications app
A 30-year old Romanian man was sentenced to 20 years in prison for leveraging the Netwalker ransomware to extort money from victims, the US Department of Justice announced on Thursday. Daniel Christian Hulea, of Jucu de Mijloc, Cluj, Romania, was arres… Continue reading Another NetWalker affiliate sentenced to 20 years in prison