Industrial-strength April Patch Tuesday covers 135 CVEs
One actively exploited issue patched; five Critical-severity Office vulns exploitable via Preview Pane
Similar Posts
DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection
Bys sThe Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks. The artifacts in question, named Tanzeem (meaning “organization” in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate…
Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API
Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform’s OData Web API Filter, while the third vulnerability…
Dutch police identify users on Cracked.io
Bys sExcerpts from a press release today by the Dutch Police after several investigations by the Cybercrime Team of the Zeeland-West-Brabant unit revealed that suspects had an account on the Cracked.io platform. Dutch police, in collaboration with other countries involved in Europol, were able to secure and take down servers and identify individual users. Ultimately, 126 individual…
5 Identity Threat Detection & Response Must-Haves for Super SaaS Security
Bys sIdentity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS identity ecosystems. This blind spot is wreaking havoc on heavily SaaS-reliant organizations big and small
Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
Bys sResecurity reports: Today (June 22, 2025) — the threat actors associated with the “Cyber Fattah” movement leaked thousands of records containing information about visitors and athletes from past Saudi Games, one of the major sports events in the Kingdom. The stolen data has been leaked in the form of SQL dumps – the actors gained unauthorized access to phpMyAdmin…
Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
Bys sThe French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. The campaign, detected at the beginning of