Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has been assigned the CVE identifier CVE-2025-27363, and carries a CVSS score of 8.1, indicating high severity. Described as an out-of-bounds write flaw, it could be exploited to achieve remote code execution […]
Category Archives: Uncategorized
Browser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending expiration of a root certificate. “On March 14, 2025, a root certificate used to verify signed content and add-ons for various Mozilla projects, including Firefox, will expire,” Mozilla said. […]
Following increasing attacks on healthcare organizations, the United Arab Emirates has refined its regulatory strategy for improving cybersecurity in healthcare. Go to Source Author: Robert Lemos, Contributing Writer
Mandiant researchers found the routers of several unnamed organizations (likely telcos and ISPs) were hacked by UNC3886, and contained a custom backdoor called “TinyShell.” Go to Source Author: Rob Wright
A threat actor leveraged the vulnerability in an “extremely sophisticated” attack on targeted iOS users, the company says. Go to Source Author: Jai Vijayan, Contributing Writer
The prolonged attack, which lasted 300+ days, is the first known compromise of the US electric grid by the Voltzite subgroup of the Chinese APT; during it, the APT attempted to exfiltrate critical OT infrastructure data. Go to Source Author: Elizabeth Montalbano, Contributing Writer
In the past, the vulnerability was exploited to drop Mirai botnet malware. Today, it’s being used once more for another botnet campaign with its own malware. Go to Source Author: Kristina Beek, Associate Editor, Dark Reading
The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX routers from Juniper Networks as part of a campaign designed to deploy custom backdoors, highlighting their ability to focus on internal networking infrastructure. “The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script […]
To truly become indispensable in the boardroom, CISOs need to meet the dual demands of defending against sophisticated adversaries while leading resilience strategies. Go to Source Author: Randolph Barr
Threat intelligence firm GreyNoise is warning of a “coordinated surge” in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning multiple platforms. “At least 400 IPs have been seen actively exploiting multiple SSRF CVEs simultaneously, with notable overlap between attack attempts,” the company said, adding it observed the activity on March 9, 2025. The countries […]