Sophos Acquires Secureworks
Transforming the future, together
Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024. “The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations,…
Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked as CVE-2025-22217 (CVSS score: 8.6), has been described as an unauthenticated blind SQL injection. “A malicious user with network access may be able to use specially crafted…
Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform’s OData Web API Filter, while the third vulnerability…
In the second of a two-part series on tools and frameworks designed to help with remediation prioritization, we explore some alternatives to CVSS
There are always a ton of articles at the end of every year recapping what went wrong. Over on TechCrunch, Zack Whittaker and Carly Page have their annual list of breaches handled poorly. This year’s list includes 23andMe, Change Healthcare, Synnovis, Snowflake, Columbus Ohio, Salt Typhoon, Moneygram, and HotTopic. DataBreaches generally agrees with their recap,…
The Mirai-based Murdoc botnet has been actively targeting Avtech and Huawei devices for roughly half a year. The post Murdoc Botnet Ensnaring Avtech, Huawei Devices appeared first on SecurityWeek.