ENISA: Software vulnerability prevention initiatives

Not all authentication is equal to the task in 2025, but there is a best choice within reach

A privilege escalation flaw has been demonstrated in Windows Server 2025 that makes it possible for attackers to compromise any user in Active Directory (AD). “The attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server 2025, works with the default configuration, and is trivial to implement,” Akamai security researcher…

American Addiction Centers says the personal information of more than 422,000 people was stolen in a data breach. The post American Addiction Centers Data Breach Impacts 422,000 People appeared first on SecurityWeek.

Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync…

The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor’s targeting beyond Russia. Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on the “trajectory of the Russian invasion.” “The group’s interest in Ukraine…

Sergiu Gatlan reported yesterday: Fashion giant Victoria’s Secret has taken down its website and some store services because of an ongoing security incident. Victoria’s Secret manages approximately 1,380 retail stores in nearly 70 countries and reported an annual revenue of $6.23 billion for the fiscal year ending February 1, 2025. The company says in a…