Aggregator

Senator Maggie Hassan (D-NH) asked Mullin about Noem’s decision to cut CISA’s workforce by one third and remove hundreds of millions of dollars from the agency’s budget after Trump took office.

Previous clandestine community assessments have documented, at least at a high level, attempts by Iran, Russia or China to sway voters with online propaganda or through cyber operations.

An active campaign by the Interlock ransomware group is exploiting a critical zero-day vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) Software. Cisco disclosed the flaw on March 4, 2026; it allows unauthenticated remote attackers to execute arbitrary Java code as root. Amazon threat intelligence researchers discovered Interlock exploiting this vulnerability 36 days before […]

The post Cisco Firewall 0-day Vulnerability Exploited in the Wild to Deploy Interlock Ransomware appeared first on Cyber Security News.

Researchers detail “Claudy Day” flaws in Claude AI that could enable data theft using fake Google Ads, hidden…

A sophisticated full-chain iOS exploit kit dubbed DarkSword, actively deployed by multiple commercial surveillance vendors and state-sponsored threat actors since at least November 2025 to steal sensitive personal data from iPhone users across four countries. DarkSword is a full-chain iOS exploit that chains six distinct vulnerabilities, four of which were leveraged as zero-days, to achieve complete […]

The post New iOS Exploit With Advanced iPhone Hacking Tools Attacking Users to Steal Personal Data appeared first on Cyber Security News.

Why do so many SOCs still struggle to move quickly even with strong detection tools in place? In many cases, the real bottleneck is Tier 1 triage. When alerts take too long to validate, resources are wasted on noise, senior teams get pulled into low-value cases, and real incidents take longer to confirm.  By giving Tier […]

The post The High Cost of Slow Triage: How to Make Tier 1 the Fastest Layer in Your SOC  appeared first on Cyber Security News.

The company, which provides software that allows financial institutions to communicate with customers, previously warned in November that at least 74 banks, credit unions and financial institutions were impacted by a data breach.

These are the top threats you should know about this week.

Свежий отчёт Google Threat Intelligence Group о нелегкой судьбе современного фрода.

A vulnerability classified as critical was found in Mura up to 10.1.13. Impacted is the function getQuery of the file beanFeed.cfc. Such manipulation of the argument sortDirection leads to sql injection. This vulnerability is traded as CVE-2025-67829. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in saadiqbal Post SMTP Plugin up to 3.8.0 on WordPress. This issue affects some unknown processing. This manipulation of the argument event_type causes cross site scripting. This vulnerability appears as CVE-2026-3090. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as problematic has been identified in MuraCMS up to 10.1.10. This vulnerability affects unknown code of the file csettings.cfc. The manipulation results in cross-site request forgery. This vulnerability is reported as CVE-2025-55043. The attack can be launched remotely. No exploit exists.

A vulnerability marked as problematic has been reported in MuraCMS up to 10.1.10. This affects the function getUserManager of the file cUsers.cfc of the component User Management Handler. The manipulation of the argument groupId leads to cross-site request forgery. This vulnerability is documented as CVE-2025-55041. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as problematic has been found in MuraCMS up to 10.1.10. Affected by this issue is some unknown functionality of the component Trash System. Executing a manipulation can lead to cross-site request forgery. This vulnerability is registered as CVE-2025-55046. It is possible to launch the attack remotely. No exploit is available.

A vulnerability identified as problematic has been detected in MuraCMS up to 10.1.10. Affected by this vulnerability is an unknown functionality of the component Trash Restore. Performing a manipulation of the argument parentid results in cross-site request forgery. This vulnerability is cataloged as CVE-2025-55044. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability categorized as problematic has been discovered in MuraCMS up to 10.1.10. Affected is an unknown function of the component Import Form. Such manipulation leads to cross-site request forgery. This vulnerability is listed as CVE-2025-55040. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in MuraCMS up to 10.1.10. It has been rated as problematic. This impacts an unknown function of the component Update Address. This manipulation causes cross-site request forgery. This vulnerability is tracked as CVE-2025-55045. The attack is possible to be carried out remotely. No exploit exists.