A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)

The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in December 2024 did so by leveraging not one, but two zero-days, according to Rapid7 researchers. It was initially reported that the attackers com… Continue reading A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)

Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation

Rapid7 finds a new zero-day vulnerability in PostgreSQL and links it to chain of attacks against a BeyondTrust Remote Support product.
The post Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation appeared first on SecurityWeek.
Continue reading Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation

Microsoft Patch Tuesday, February 2025 Edition

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. Continue reading Microsoft Patch Tuesday, February 2025 Edition

Microsoft Patch Tuesday, February 2025 Edition

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. Continue reading Microsoft Patch Tuesday, February 2025 Edition

Ransomware payments plummet as more victims refuse to pay

Chainalysis’ latest report on how the ransomware landscape changed from 2023 to 2024 shows a promising trend: An increasing number of victims refuses to pay the ransom. The total volume of ransom payments decreased year-over-year by approximately… Continue reading Ransomware payments plummet as more victims refuse to pay

Microsoft: Happy 2025. Here’s 161 Security Updates

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. Continue reading Microsoft: Happy 2025. Here’s 161 Security Updates

Ransomware in 2024: New players, bigger payouts, and smarter tactics

In 2024, ransomware remained the top cybersecurity threat to organizations worldwide. New groups filled the void left by law enforcement crackdowns, targeting businesses with record-breaking ransom demands and sophisticated tactics. In this article, yo… Continue reading Ransomware in 2024: New players, bigger payouts, and smarter tactics

Clop is back to wreak havoc via vulnerable file-transfer software

In what we can assure you is a new cybersecurity incident despite sounding incredibly similar to incidents of past notoriety: threat actors tied to a notorious ransomware and extortion group have exploited file-transfer software to carry out attacks.  Clop has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT […]

The post Clop is back to wreak havoc via vulnerable file-transfer software appeared first on CyberScoop.

Continue reading Clop is back to wreak havoc via vulnerable file-transfer software

Cleo patches zero-day exploited by ransomware gang

Cleo has released a security patch to address the critical vulnerability that started getting exploited while still a zero-day to breach internet-facing Cleo Harmony, VLTrader, and LexiCom instances. Version 5.8.0.24 of the three products, which was pu… Continue reading Cleo patches zero-day exploited by ransomware gang