SecurityWeek Briefing.

"Adobe patches Big Patch of Critical-Security Software Flaw."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 17 May 2025, 1558 UTC.

Content and Source:  "SecurityWeek Briefing" via email subscritpion from https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Ffeeds.feedburner.com%2FSecurityweek

Please check email link or scroll down to read your selections.  Thanks for joining us today.

SecurityWeek

87K followers45 articles per week

#security#tech

95

Most popular

Adobe Patches Big Batch of Critical-Severity Software Flaws

by Ryan Naraine / 3d

Adobe Patch Tuesday headlined by a major Adobe ColdFusion update patching a wide swatch of code execution and privilege escalation attacks. The post appeared first on SecurityWeek .

Ransomware Groups, Chinese APTs Exploit Recent SAP NetWeaver Flaws

12 TTPs

•

by Ionut Arghire / 2d

Two ransomware groups and several Chinese APTs have been exploiting two recent SAP NetWeaver vulnerabilities. The post appeared first on SecurityWeek .

Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’

CVE-2025-4664

•

by Ionut Arghire / 2d

Google has rolled out a Chrome 136 update that resolves a high-severity vulnerability for which a public exploit exists. The post appeared first on SecurityWeek .

Yesterday

Google Warns UK Retailer Hackers Now Targeting US

2 TTPs

•

by Ionut Arghire / 1d

•

Scattered Spider hackers target US retailers

Google says the hacking group behind the recent cyberattacks on UK retailers is now shifting focus to the US. The post appeared first on SecurityWeek .

In Other News: Hackers Not Behind Blackout, CISO Docuseries, Dior Data Breach

by SecurityWeek News / 1d

A summary of noteworthy stories that might have slipped under the radar this week. The post appeared first on SecurityWeek .

From 60 to 4,000: NATO’s Locked Shields Reflects Cyber Defense Growth

NATO Locked Shields 2025 cyber exercise

•

by Eduard Kovacs / 1d

The 15th edition of NATO’s Locked Shields cyber defense exercise brought together 4,000 experts from 41 countries. The post appeared first on SecurityWeek .

Russian APT Exploiting Mail Servers Against Government, Defense Organizations

8 TTPs

•

by Ionut Arghire / 1d

Russia-linked APT28 has been exploiting mail server vulnerabilities against government and defense entities since September 2023. The post appeared first on SecurityWeek .

May 15, 2025

FBI Warns of Deepfake Messages Impersonating Senior Officials

FBI warns of AI voice scams

•

by Ionut Arghire / 1d

The FBI says former federal and state government officials are targeted with texts and AI-generated voice messages impersonating senior US officials. The post appeared first on SecurityWeek .

Hackers Win $260,000 on First Day of Pwn2Own Berlin 2025

Hackers earn 260K at Pwn2Own

•

by Eduard Kovacs / 1d

Pwn2Own participants have earned tens of thousands of dollars for Red Hat, Windows, Oracle VirtualBox, Docker Desktop, and AI exploits. The post appeared first on SecurityWeek .

Andrei Tarasov: Inside the Journey of a Russian Hacker on the FBI’s Most Wanted List

by Kevin Townsend / 1d

Once a key figure in the Angler exploit kit underworld, Tarasov’s life has unraveled into detention, paranoia, and an unwanted return to the Russia he publicly despised. The post appeared first on SecurityWeek .

Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data

4 TTPs

•

by Ryan Naraine / 2d

•

Coinbase data breach costs up to 400M

Coinbase said a group of rogue contractors were bribed to pull customer data from internal systems, leading to a $20 million ransom demand. The post appeared first on SecurityWeek .

Production at Steelmaker Nucor Disrupted by Cyberattack

Nucor halts production due to cyber incident

•

by Eduard Kovacs / 2d

American steel giant Nucor on Wednesday disclosed a cybersecurity incident that bears the hallmarks of a ransomware attack. The post appeared first on SecurityWeek .

Proofpoint to Acquire Hornetsecurity in Reported $1 Billion Deal

Proofpoint acquires Hornetsecurity Group

•

by Eduard Kovacs / 2d

Enterprise cybersecurity giant Proofpoint is buying Germany-based Microsoft 365 security solutions provider Hornetsecurity. The post appeared first on SecurityWeek .

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

17 TTPs

•

by Ionut Arghire / 2d

•

Earth Ammit disrupts drone supply chains

The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector. The post appeared first on SecurityWeek .

May 14, 2025

Canadian Electric Utility Lists Customer Information Stolen by Hackers

2 TTPs

•

by Eduard Kovacs / 2d

•

Cyber attack disrupts Nova Scotia Power

Nova Scotia Power says a wide range of personal and financial information was stolen in the recent cyberattack. The post appeared first on SecurityWeek .

Australian Human Rights Commission Discloses Data Breach

Australian Human Rights Commission data breach

•

by Ionut Arghire / 2d

The Australian Human Rights Commission says data submitted through the complaint form on its website was inadvertently exposed. The post appeared first on SecurityWeek .

Google Ships Android ‘Advanced Protection’ Mode to Thwart Surveillance Spyware

Android 16 introduces Advanced Protection features

•

by Ryan Naraine / 2d

Google bundles multiple safeguards under a single Android toggle to protect high-risk users from advanced mobile malware implants. The post appeared first on SecurityWeek .

Is AI Use in the Workplace Out of Control?

by Alastair Paterson / 3d

Trying to block AI tools outright is a losing strategy. SaaS and AI are increasingly inseparable, and AI isn’t limited to tools like ChatGPT or Copilot anymore. The post appeared first on SecurityWeek .

Chipmaker Patch Tuesday: Intel, AMD, Arm Respond to New CPU Attacks

6 TTPs

•

by Eduard Kovacs / 3d

•

CVE-2024-45332

Intel, AMD and Arm each published security advisories on Patch Tuesday, including for newly disclosed CPU attacks. The post appeared first on SecurityWeek .

Kosovar Administrator of Cybercrime Marketplace Extradited to US

Kosovo man extradited for cybercrime

•

by Ionut Arghire / 3d

Kosovo citizen Liridon Masurica has appeared in a US court, facing charges for his role in operating the cybercrime marketplace BlackDB.cc. The post appeared first on SecurityWeek .

EU Cybersecurity Agency ENISA Launches European Vulnerability Database

CVE program funding at risk

•

by Eduard Kovacs / 3d

Experts say the European Vulnerability Database, or EUVD, should be a good resource, but only if ENISA manages to maintain it properly. The post appeared first on SecurityWeek .

Vulnerabilities Patched by Juniper, VMware and Zoom

5 TTPs

•

by Ionut Arghire / 3d

Juniper Networks, VMware, and Zoom have announced patches for dozens of vulnerabilities across their products. The post appeared first on SecurityWeek .

May 13, 2025

Fortinet Patches Zero-Day Exploited Against FortiVoice Appliances

3 TTPs

•

by Ionut Arghire / 3d

•

CVE-2025-32756

Fortinet has patched a dozen vulnerabilities, including a critical flaw exploited in the wild against FortiVoice instances. The post appeared first on SecurityWeek .

Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers

2 TTPs

•

by Ionut Arghire / 3d

Ivanti has released patches for two EPMM vulnerabilities that have been chained in the wild for remote code execution. The post appeared first on SecurityWeek .

ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact

5 TTPs

•

by Eduard Kovacs / 3d

•

PatchTuesday

Industrial giants Siemens, Schneider Electric and Phoenix Contact have released ICS security advisories on the May 2025 Patch Tuesday. The post appeared first on SecurityWeek .

Microsoft to Lay Off About 3% of Its Workforce

Microsoft lays off 3% workforce

•

by Associated Press / 3d

The tech giant didn’t disclose the total amount of lost jobs but it will amount to about 6,000 people. The post appeared first on SecurityWeek .

Zero-Day Attacks Highlight Another Busy Microsoft Patch Tuesday

4 TTPs

•

by Ryan Naraine / 3d

•

PatchTuesday

Patch Tuesday: Microsoft patches at least 70 security bugs and flagged five zero-days in the “exploitation detected” category. The post appeared first on SecurityWeek .

Sharing Intelligence Beyond CTI Teams, Across Wider Functions and Departments

by Marc Solomon / 4d

CTI, digital brand protection and other cyber risk initiatives shouldn’t only be utilized by security and cyber teams. The post appeared first on SecurityWeek .

SAP Patches Another Critical NetWeaver Vulnerability

5 TTPs

•

by Ionut Arghire / 4d

SAP has released 16 new security notes on its May 2025 Security Patch Day, including a note dealing with another critical NetWeaver vulnerability. The post appeared first on SecurityWeek .

Radware Says Recently Disclosed WAF Bypasses Were Patched in 2023

by Eduard Kovacs / 4d

The Radware Cloud WAF product vulnerabilities disclosed by CERT/CC were addressed two years ago. The post appeared first on SecurityWeek .

Marks & Spencer Says Data Stolen in Ransomware Attack

3 TTPs

•

by Ionut Arghire / 4d

•

Hackers target M&S hinting politics

Marks & Spencer has confirmed that personal information was stolen in a recent cyberattack claimed by a ransomware group. The post appeared first on SecurityWeek .

Output Messenger Zero-Day Exploited by Turkish Hackers for Iraq Spying

9 TTPs

•

by Ionut Arghire / 4d

•

CVE-2025-27920

A Turkey-affiliated espionage group has exploited a zero-day vulnerability in Output Messenger since April 2024. The post appeared first on SecurityWeek .

Suspected DoppelPaymer Ransomware Group Member Arrested

Moldovan man arrested for ransomware

•

by Ionut Arghire / 4d

A 45-year-old individual was arrested in Moldova for his suspected involvement in DoppelPaymer ransomware attacks. The post appeared first on SecurityWeek .

Orca Snaps Up Opus in Cloud Security Automation Push

by Ryan Naraine / 4d

Orca positioned the deal as an expansion of its capabilities into the realm of AI-based autonomous remediation and prevention. The post appeared first on SecurityWeek .

May 12, 2025

CISA Warns of Flaw in TeleMessage App Used by Ex-National Security Advisor

Collection (Enterprise TA0009)

•

by Eduard Kovacs / 4d

An information exposure flaw in TeleMessage has been added to CISA’s Known Exploited Vulnerabilities catalog. The post appeared first on SecurityWeek .

Apple Patches Major Security Flaws in iOS, macOS Platforms

2 TTPs

•

by Ryan Naraine / 4d

Apple rolls out iOS and macOS platform updates to fix serious security bugs that could be triggered simply by opening an image or video file. The post appeared first on SecurityWeek .

Security Firm Andy Frain Says 100,000 People Impacted by Ransomware Attack

by Eduard Kovacs / 5d

Andy Frain was targeted by the Black Basta ransomware group in 2024 and the hackers have stolen a wide range of information. The post appeared first on SecurityWeek .

Google Agrees to $1.3 Billion Settlement in Texas Privacy Lawsuits

Google settles Texas privacy lawsuits

•

by Ionut Arghire / 5d

Google has agreed to a $1.375 billion settlement with Texas in lawsuits over location and private browsing tracking, and biometric data collection. The post appeared first on SecurityWeek .

437,000 Impacted by Ascension Health Data Breach

2 TTPs

•

by Ionut Arghire / 5d

•

Ascension data breach affects 430000 patients

Ascension Health has notified the HHS that more than 437,000 people were affected by a recently disclosed data breach. The post appeared first on SecurityWeek .

Asus DriverHub Vulnerabilities Expose Users to Remote Code Execution Attacks

2 TTPs

•

by Ionut Arghire / 5d

•

ASUS patches critical DriverHub vulnerabilities

Two vulnerabilities in ASUS’s pre-installed software DriverHub can be exploited for remote code execution. The post appeared first on SecurityWeek .

US Deportation Airline GlobalX Confirms Hack

Collection (Enterprise TA0009)

•

by Eduard Kovacs / 5d

•

GlobalX airline hacked by Anonymous

Global Crossing Airlines is investigating a cybersecurity incident after Anonymous hackers targeted its systems. The post appeared first on SecurityWeek .