Author: Declan Murphy

Microsoft’s June Patch Tuesday replace has landed, bringing safety fixes for 66 vulnerabilities throughout its product line. Among the many patched flaws is one which was already being exploited in real-world assaults, making this month’s updates significantly vital for each enterprises and particular person customers. One Zero-Day Actively Exploited The standout repair addresses CVE-2025-33053, a vulnerability within the WebDAV part of Home windows. This flaw may permit attackers to execute code remotely if exploited appropriately. Because it was already being utilized in assaults earlier than as we speak’s patch launch, it falls into the “zero-day” class. The WebDAV vulnerability impacts…

Adobe on Tuesday pushed safety updates to handle a complete of 254 safety flaws impacting its software program merchandise, a majority of which have an effect on Expertise Supervisor (AEM). Of the 254 flaws, 225 reside in AEM, impacting AEM Cloud Service (CS) in addition to all variations previous to and together with 6.5.22. The problems have been resolved in AEM Cloud Service Launch 2025.5 and model 6.5.23. “Profitable

A essential zero-day vulnerability in Microsoft Home windows, designated CVE-2025-33053, has been actively exploited by the superior persistent risk (APT) group Stealth Falcon. The flaw, enabling distant code execution (RCE) by means of manipulation of a system’s working listing, was addressed by Microsoft in its June 2025 Patch Tuesday updates following CPR’s accountable disclosure. Beneath is a technical breakdown of the assault and its implications. Discovery and Exploitation of CVE-2025-33053 In March 2025, CPR recognized an tried cyberattack concentrating on a Turkish protection firm. – Commercial – The assault leveraged a malicious .url file, doubtless delivered through spear-phishing emails, to…

Accessible to the general public and debuting on the Gartner Safety & Threat Administration Summit, BrowserWhole is a primary of its variety browser safety evaluation device conducting greater than 120 exams to supply posture standing, rising menace insights, URL evaluation, extension dangers, and extra.  Seraphic Safety, a pacesetter in enterprise browser safety, at this time introduced the launch of BrowserWhole, a novel and proprietary public service enabling enterprises to evaluate their browser safety posture in real-time. The launch coincides with the Gartner Safety & Threat Administration Summit 2025, the place Seraphic will probably be showcasing the brand new platform with reside demos…

Philadelphia-based cybersecurity agency HostBreach is providing a free CMMC Cyber Snapshot to companies seeking to keep CMMC compliance. Specifically, this refers to authorities contractors (GovCon) and federal contractors to allow them to organise their cybersecurity posture pending the Cybersecurity Maturity Mannequin Certification (CMMC) 2.0 requirements.  This free supply comes on the proper time, with the Division of Protection (DoD) imposing stricter cybersecurity necessities to guard Managed Unclassified Info (CUI) on contractor programs.  What’s CMMC Compliance? CMMC (Cybersecurity Maturity Mannequin Certification) compliance is a U.S. Division of Protection (DoD) requirement that ensures contractors shield Managed Unclassified Info (CUI) on their programs.  It establishes…

Safety researchers have recognized two npm packages that do way over they declare. Disguised as utilities for system monitoring and information syncing, these packages introduce damaging backdoors that may remotely wipe out all information in a developer’s software, on demand. Socket’s Menace Analysis Workforce uncovered the malicious packages, express-api-sync and system-health-sync-api, each revealed below the npm account “botsailer.” Whereas the names recommend innocent performance, the underlying code tells a a lot darker story. A Harmful Disguise In keeping with the corporate’s technical report shared with Hackread.com, the express-api-sync package deal presents itself as a easy software for syncing databases. However…

The reconnaissance exercise concentrating on American cybersecurity firm SentinelOne was a part of a broader set of partially-related intrusions into a number of targets between July 2024 and March 2025. “The victimology features a South Asian authorities entity, a European media group, and greater than 70 organizations throughout a variety of sectors,” SentinelOne safety researchers Aleksandar

SentinelLABS, a classy reconnaissance operation focusing on SentinelOne, a number one cybersecurity vendor, has been detailed as a part of a broader espionage marketing campaign linked to China-nexus menace actors. Tracked below the exercise clusters PurpleHaze and ShadowPad, these operations spanned from July 2024 to March 2025, affecting over 70 organizations worldwide throughout sectors like authorities, media, manufacturing, finance, and telecommunications. ShadowPad exercise, June 2024 – March 2025 Persistent Threats from China-Nexus Actors Uncovered The report sheds mild on a hardly ever mentioned facet of cyber threats: the deliberate focusing on of cybersecurity distributors, who’re high-value targets because of their…

Dutch and Iranian safety researchers have created an automatic genAI software that may scan large open supply repositories and patch weak code that would compromise functions. Examined by scanning GitHub for a selected path traversal vulnerability in Node.js initiatives that’s been round since 2010, the software recognized 1,756 weak initiatives, some described as “very influential,” and led to 63 initiatives being patched to this point. The software opens the likelihood for genAI platforms like ChatGPT to routinely create and distribute patches in code repositories, dramatically rising the safety of open supply functions. However the analysis, described in a just lately…

Tel Aviv, Israel, June ninth, 2025, CyberNewsWire Obtainable to the general public and debuting on the Gartner Safety & Danger Administration Summit, BrowserWhole is a primary of its form browser safety evaluation software conducting greater than 120 checks to offer posture standing, rising risk insights, URL evaluation, extension dangers, and extra.  Seraphic Safety, a frontrunner in enterprise browser safety, at the moment introduced the launch of BrowserWhole, a novel and proprietary public service enabling enterprises to evaluate their browser safety posture in real-time. The launch coincides with the Gartner Safety & Danger Administration Summit 2025, the place Seraphic shall be showcasing…