Aggregator

8000 специалистов будут проходить ежегодную проверку.

Okta announced new Okta Platform capabilities to help businesses secure AI agents and other non-human identities with the same level of visibility, control, governance, and automation as human ones. The Okta Platform will now bring a unified, end-to-end identity security fabric to organizations for managing and securing all types of identities across their ecosystem, from AI agents to API keys to employees. The number of non-human identities is set to grow exponentially, with Deloitte forecasting … More →

The post Okta extends identity security fabric to non-human identities appeared first on Help Net Security.

Что, если Большой взрыв был не один?

The US Office of the Comptroller of the Currency (OCC) disclosed a major email breach compromising 100 accounts, undetected for over a year. The US Treasury’s Office of the Comptroller of the Currency (OCC) disclosed an undetected major email breach for over a year. The cybersecurity incident involved unauthorized access to emails via a compromised […]

多家大型养老基金超过2万个用户账号遭到入侵，其中仅AustralianSuper基金用户就有超过220万元资金被转出。

Google is rolling out end-to-end encrypted (E2EE) email for Gmail enterprise users using Client-Side Encryption (CSE).

The post Gmail End-to-End Email Encryption Explained: A Guide for Enterprise Users appeared first on Security Boulevard.

Да, это удобно. Пока кто-то не украдёт ваше лицо…

Akamai introduced App & API Protector Hybrid. Users can now expand the critical web application firewall (WAF) capabilities of Akamai’s web application and API protection (WAAP) while consistently securing applications and APIs for multicloud, on-premises, and CDN-agnostic environments. Security leaders are increasingly tasked with protecting dispersed applications while balancing efficiency, visibility, and cost-effectiveness. With this in mind, organizations can use App & API Protector Hybrid to: Standardize WAF protections across multiple environments — ensuring a single source … More →

The post Akamai boosts WAF protections across multiple environments appeared first on Help Net Security.

Microsoft has released a patch for a critical Windows Kerberos vulnerability (CVE-2025-29809) that allows attackers to bypass security features and potentially access sensitive authentication credentials.  The flaw, addressed in the April 2025 Patch Tuesday updates, continues a troubling trend of Kerberos-related vulnerabilities that have plagued Windows systems in recent years. The security flaw, classified as […]

The post Windows Kerberos Vulnerability Let Attackers Bypass Security Feature & Access Credentials appeared first on Cyber Security News.

In a disturbing escalation of cyber threats, a new malware campaign dubbed ‘HollowQuill’ has been identified targeting academic institutions and government agencies worldwide. This sophisticated attack leverages weaponized PDF documents to infiltrate systems, using a combination of social engineering and advanced malware deployment techniques to bypass traditional security measures. The Anatomy of Attack: Social Engineering […]

The post HollowQuill Malware Targets Government Agencies Globally Through Weaponized PDF Documents appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Flowise up to 2.2.3 and classified as critical. This issue affects the function Postgres_VectorStores. The manipulation of the argument tableName leads to sql injection. The identification of this vulnerability is CVE-2025-29189. The attack may be initiated remotely. There is no exploit available.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Microsoft Windows vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.  The flaw in the Windows Common Log File System (CLFS) driver, tracked as CVE-2025-29824, is being actively exploited in targeted ransomware attacks.  Organizations are required to patch this vulnerability by April 29, 2025, […]

The post CISA Warns of Microsoft Windows CLFS Vulnerability Exploited in Wild appeared first on Cyber Security News.

A vulnerability has been found in Apache Pulsar IO Kafka Connector and Pulsar IO Kafka Connect Adaptor up to 3.0.10/3.3.5/4.0.3 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to sensitive information in log files. This vulnerability was named CVE-2025-30677. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

NIST, which for more than a year has been struggling to address a backlog of CVEs in its database following budget cuts, is now putting pre-2018 vulnerabilities on the back burner to give itself more time to address the rapidly growing number of new software security flaws.

The post NIST Deprioritizes Pre-2018 CVEs as Backlog Struggles Continue appeared first on Security Boulevard.

Okta is stepping forward with its boldest platform evolution yet, aiming to unify identity across human and machine actors, and extend zero-trust all the way from cloud to on-premises.

The post Solving the Identity Crisis: Okta Redefines Security in a Machine-Led World  appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, was found in Schneider Electric Trio Q Licensed Data Radio up to 2.7.1. This affects an unknown part. The manipulation leads to insecure storage of sensitive information. This vulnerability is uniquely identified as CVE-2025-2440. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Schneider Electric ConneXium Network Manager. Affected by this issue is some unknown functionality of the component Project File Handler. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2025-2223. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Schneider Electric Trio Q Licensed Data Radio up to 2.7.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to insecure default initialization of resource. This vulnerability is known as CVE-2025-2442. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-53197 Linux Kernel Out-of-Bounds Access Vulnerability
• CVE-2024-53150 Linux Kernel Out-of-Bounds Read Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.