Microsoft primes 71 fixes for May Patch Tuesday
Five issues actively exploited in the wild, but the real excitement may have been handled in advance
Similar Posts
New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch
Bys sGoogle on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild. The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine. “Out…
Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
Bys sJessica Lyons reports: A mystery whistleblower calling himself GangExposed has exposed key figures behind the Conti and Trickbot ransomware crews, publishing a trove of internal files and naming names. The leaks include thousands of chat logs, personal videos, and ransom negotiations tied to some of the most notorious cyber-extortion gangs —believed to have raked in…
US Issues Final Rule for Protecting Personal Data Against Foreign Adversaries
The DoJ has issued a final rule addressing adversaries’ access to and exploitation of Americans’ bulk sensitive personal information. The post US Issues Final Rule for Protecting Personal Data Against Foreign Adversaries appeared first on SecurityWeek.
Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages
Bys sThe April 2025 cyber attacks targeting U.K. retailers Marks & Spencer and Co-op have been classified as a “single combined cyber event.” That’s according to an assessment from the Cyber Monitoring Centre (CMC), a U.K.-based independent, non-profit body set up by the insurance industry to categorize major cyber events. “Given that one threat actor claimed…
Two ransomware groups claimed they attacked Rutherford County Schools. One leaked sensitive records.
Bys sFrom the “Wait-What-Happened-Here Dept:” On October 19, the Black Suit ransomware group announced that they had attacked Rutherford County Schools in Tennessee. Their listing, posted on their dark web site, included what appears to be an indication of what data and how much data they were able to exfiltrate. It did not indicate whether they…
Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities
Bys sCybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded. Secure Annex researcher John Tuckner, who flagged the extension “susvsex,” said it does not attempt to hide its malicious functionality. The extension was…